SlideShare una empresa de Scribd logo
1 de 8
Descargar para leer sin conexión
AN OVERVIEW OF THE TECHNOLOGY SECTOR IN BANKING IN INDIA



                                                     BY



                                        Sameer Ratolikar
                             Chief Information and Security Officer
                                          Bank of India



                                                      &



                                     Dharmaraj Ramakrishnan
                                     Head of Core Banking Unit
                                         ING Vysya Bank




                                    These interviews were conducted by

                                Melanie Timbrell & Tom McDonald of
              FST Media, Australia as part of their Who’s Who in Asia’s Financial Services.




                                            15 - 16 November, 2011, Four Seasons Hotel, Mumbai, India




To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
Sameer Ratolikar
                                    Chief Information and Security Officer
                                                 Bank of India




Timbrell: What are your key information security priorities for the next 12 to 18 months?

Ratolikar: My key security priorities for the next 12-18 months are:

1) Ensuring proper technology risk management is established to satisfy regulators and business
partners

2) Data loss prevention strategies across the enterprise

3) Secure Access control and management, especially for third party service providers

4) IT Governance, Risk Management and Compliance (GRC) to automate the security governance and
compliance process

5) Identity management across all critical applications

6) To see a Business Continuity Management (BCM) system framed and implemented across the Bank



Timbrell: What do you see as the top IT security risks facing banks in India right now?

Ratolikar: Top security risks faced by banks in India include unawareness among customers and users
about emerging cyber threats, basic hygiene of information security and sensitive data leakage
knowingly or unknowingly. In addition to this, identity theft-related attacks are also on the rise.



Timbrell: What is Bank of India’s position on cloud computing; and how are you managing associated
security risks?

Ratolikar: We are enthusiastic about cloud computing with regard to seeing how IT services are
delivered in a cloud. We feel that as the concept is new and yet to mature, we will use it for some
To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
services like email and web while making observations, test the performance and then we may go for a
private / hybrid cloud.

The talent pool of service providers, data privacy, Business Continuity Planning (BCP), jurisdiction of
data storage and legal issues are all risks to be managed if one decides to opt for cloud.



Timbrell: What technology innovations and trends do you feel are shaping the future of banking in
India?

Ratolikar: Technology innovations in the banking industry started in India almost eight years back in the
form of core banking. I feel the following services will shape the future of banking in India:

• Internet banking (in use since 2000 but growing rapidly with innovation)

• Mobile banking

• KIOSK banking

• Integration of the ATM networks of all banks

• Financial inclusion using smart cards for rural masses (door step banking)

• Single view of the customer using business intelligence



Timbrell: Global consultancy firm Boston Consulting Group (BCG) recently predicted mobile banking
and payments transactions in India would reach US$350 billion by 2015. From a security perspective,
how are you preparing for this surge in uptake of banking using handheld devices?

Ratolikar: Today we have more mobile handsets than bank accounts in India. So the penetration of
mobile phones is definitely being leveraged to provide banking services. But like any innovation brings
with it some risks, mobile / handheld systems are no exception.

We have to address the risks arising from such “consumerised devices,” using a standard framework of
People, Processes and Technology. We are educating users continuously via our Intranet Portal,
conducting ‘Security Weeks’, engaging on policy compliance etc.

A centralised access management system is being deployed to see that all connections to our
applications via these handheld devices are identified, authenticated and then authorised. Digital Rights
Management and data leakage prevention solutions are also being evaluated to prevent data leakage
via these devices and other end points.




To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
Timbrell: Phishing and vishing attacks are on the increase across the region. How is Bank of India
dealing with this increased threat?

Ratolikar: Although there is no one-size-fits-all solution to tackle phishing and vishing, one of the most
effective ways is deploying a ‘Two Factor Authentication’ solution. We deployed the 2FA solution two
years ago and are happy to witness near-zero incidents. In addition to this technological solution,
creating awareness among users about these attacks is extremely important. We are promoting
awareness via radio channels, newspapers, periodical SMSes etc.



Timbrell: Does Bank of India currently deploy Information Loss Protection (ILP) capability and how do
you protect from leakage of sensitive data?

Ratolikar: Information Loss Prevention capabilities and strategies start with education and framing the
right policies focusing on the impact of data loss, regulatory concerns, legal acts etc. We have done all
these things. Now our focus is on a technological solution in the form of rights management and Data
Loss Prevention (DLP). We have started deploying Information Rights Management in the Bank. Once
this project is over, we will look for the right solution to achieve comprehensive DLP.



Timbrell: How far ahead do you plan your IT security strategy; and why?

Ratolikar: It would be difficult to name the exact time frame for planning IT strategy. Our IT strategy is
influenced by the outcome of regular risk assessment exercises on our information assets. We conduct
the exercises and based on those results define and amend the strategy.

Our IT security strategy is always aligned with People, Processes & Technology and mapped to
Confidentiality, Integrity and Availability of Data. Similarly, whenever any new projects are rolled out to
customers, they have to go through our risk assessment exercise.



Timbrell: What skill set do you seek out in prospective team members?

Ratolikar: I seek team mates with the right attitude to learning, good analytical skills, clarity of thought
and an appetite and interest in security.



Timbrell: When your time as a technology leader draws to a close, what would you wish to be
remembered for?

Ratolikar: A CIO with leadership and motivational qualities and a great risk manager who transformed IT
from a cost centre to a profit centre.


To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
Dharmaraj Ramakrishnan
                                         Head of Core Banking Unit
                                             ING Vysya Bank



McDonald: What are your top IT priorities for the next 12 to 18 months?

Ramakrishnan: The top priorities for us over the next 12 to 18 months – from a technology point of view
– are increasing the use of server virtualisation, data architecture, data analysis, financial inclusion and
core banking upgrades.



McDonald: ING Vysya has recently stated it now has the fastest electronics payments processor in the
country. How critical is continued investment in National Electronic Fund Transfer (NEFT) and Real-
Time Gross Settlement (RTGS) technologies to drive future growth?

Ramakrishnan: India is experiencing a large shift in how payments are sent, as electronic payment
networks gain a strong foothold in the country. The benefits of wire-transfer are speed, safety and
superior customer service.

If you look at paper payment instruments – cheques, demand drafts and cash – these have existed in
India since the 19th century. As recently as 2003, 86 per cent of all non-cash payments in India were still
made through the use of paper instruments, with electronic payments only just beginning to take off.
Since then, electronic payments have grown by at least 60 per cent year-on-year, and by mid-2009
electronic payments represented 33 per cent in volume and 62 per cent in value of all payments made in
India. There has been a five per cent decline in cheque clearing during 2008-2009 financial year
compared to the 2007-2008 financial year. Looking at these statistics, there’s enough opportunity for
banks to move from paper to electronic. I am sure that NEFT and RTGS will gain momentum and that’s
the way forward for a faster turn-around.




To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
The Reserve Bank of India (Central Bank)’s efforts to make the RTGS and NEFT processes as common as
cheques are today, are paying off. Increasingly, banks are offering their customers innovative payment
services that are faster, cheaper and safer for all concerned. To realise the cost and efficiency benefits
from shifting to electronic payments, it is imperative to develop a comprehensive Paper-to-Electronic
(P2E) change management solution.

At ING Vysya, we have done system re-architecture and automation as part of our Payments Programme.
This includes automated payee name validation for all inward processes. Payment processors are the
most sensitive areas of operations and we designed fail-safe systems that worked flawlessly from day
one. The fuzzy logic built in for payee name validation has to be suitable for Indian names and
conditions. Since payee name validation was at the heart of Straight-Through-Processing (STP) we had to
get this absolutely right and we have done.



McDonald: What key challenges are currently facing ING Vysya’s Core Banking Unit and what
strategies are in place to address these?

Ramakrishnan: We are reasonably satisfied with our core banking system. We are nevertheless going in
for an upgraded version to reap the benefits of true Service Oriented Architecture (SOA)
implementation, easier maintainability and faster time to market. We are also working on real time
replication of data for our analytical needs, and towards true 24/7 availability.



McDonald: Given the pace of growth in India’s banking industry, what adaptive and flexible systems
are you putting in place to manage the market’s expanding customer base?

Ramakrishnan: Our focus is continuously on providing a world class solution to our customers. If you
look at our RTGS & NEFT processing, we are the fastest electronic payment processor in the country. In
fact, we have developed the RTGS and NEFT processing functionality within the core banking system.

We have also introduced online trading by integrating with a third party solution a real-time mode that
makes Application Programming Interface (API) calls between core banking and the trading engine using
Enterprise Service Bus (ESB) as a middleware. We went live with this project in a record time of 30 days.
This clearly shows that our time-to-market is pretty good from a technology point of view.

Our philosophy is every customer of ours should have an enjoyable experience – making the bank “Easy
to Deal With,” as ING’s motto goes.




To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
McDonald: To what extent is ING Vysya considering moving software, storage and infrastructure to
the cloud in order to keep up with India’s economic expansion?

Ramakrishnan: No to public cloud. While scepticism prevails around the adoption of public cloud, due
primarily to data security concerns, private cloud adoption seems to be making traction. If we watch
carefully, virtualisation and Software-as-a-Service (SaaS) are the underlying elements of cloud
computing. There has been prominent adoption of former, but not the latter in the banking segment.

In India, co-operative banks, as well as a few scheduled banks, have been using hosted services for a
long time now, which is very similar to private could. In private cloud, virtualisation is the key element
and banks have been adopting this for quite some time. At ING Vysya we have virtualised our
production systems and we are heading towards a private cloud. Virtualisation has yielded significant
benefits in our IT organisation, in particular, it has allowed us to provide scalable infrastructure.



McDonald: What do you foresee as the next ‘big thing’ in banking innovation?

Ramakrishnan: Traditional banking models cover just under half of India’s population. The next material
innovation in the Indian context (and indeed in the context of all developing economy countries) would
be to build banking models and delivery mechanisms that extend banking services to the unbanked. We
believe that the key driver will be India’s ambitious Aadhaar project by the Unique Identification
Authority of India (UIDAI), which seeks to provide biometric-based enrolment and authentication
services to all Indian residents. Which, at 1.3 billion people, would be the most audacious and path
breaking innovation in centralised identity enrolment and authentication attempted, ever.



McDonald: Core banking modernisation is often associated with the highly expensive task of
overhauling legacy systems. In your experience, what is the most promising and cost effective
technology aiding IT core modernisation?

Ramakrishnan: Progressive modernisation is the right way to go. Key steps we follow are: identifying the
legacy systems which are to be replaced; doing a cost benefit analysis and justifying the capital
investment; and finally ensuring deployment of new systems are aligned with business priorities – this
will help in achieving a faster ROI.




To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
McDonald: India’s population is rapidly embracing mobile and online banking technology. How is ING
Vysya adapting to this emerging trend; and is the Bank moving toward an increasingly branchless
banking model?

Ramakrishnan: We are one of the early movers in mobile banking implementation. We implemented
our mobile banking solution in 2008 and have now reached a stage of platform renewal. We have a
three pronged approach to mobile banking: SMS based banking at the base; third-party applications and
mobile malls for the mass market; and an exclusive platform for high end mobile and tablet platforms,
which is under development.

We have had a comprehensive internet banking channel (“Mibank”) for a long time, and have very
recently added an exclusive business banking and corporate banking channel called ING Converge,
which has gained excellent traction in the marketplace.



McDonald: Every IT leader, particularly at your level, has a legacy they wish to be remembered for.
What is yours?

Ramakrishnan: I would like to be remembered as a person who drives transformation.




To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.

Más contenido relacionado

Destacado (17)

Constitution of bangladesh
Constitution of bangladeshConstitution of bangladesh
Constitution of bangladesh
 
20120319 aws meister-reloaded-s3
20120319 aws meister-reloaded-s320120319 aws meister-reloaded-s3
20120319 aws meister-reloaded-s3
 
Dependency management with Composer
Dependency management with ComposerDependency management with Composer
Dependency management with Composer
 
這一打‧好貴
這一打‧好貴這一打‧好貴
這一打‧好貴
 
Baby Love -Wildlife
Baby Love -WildlifeBaby Love -Wildlife
Baby Love -Wildlife
 
Giới thiệu chung về Du học Úc
Giới thiệu chung về Du học ÚcGiới thiệu chung về Du học Úc
Giới thiệu chung về Du học Úc
 
Facebook og søk for BRAK
Facebook og søk for BRAKFacebook og søk for BRAK
Facebook og søk for BRAK
 
Gem 1
Gem 1Gem 1
Gem 1
 
Virální marketing
Virální marketingVirální marketing
Virální marketing
 
Lean Day: West recap (censored)
Lean Day: West recap (censored)Lean Day: West recap (censored)
Lean Day: West recap (censored)
 
Aula 2 Concordância
Aula 2 ConcordânciaAula 2 Concordância
Aula 2 Concordância
 
Márkaépítés a fogyasztói kontroll korában 2.0
Márkaépítés a fogyasztói kontroll korában 2.0Márkaépítés a fogyasztói kontroll korában 2.0
Márkaépítés a fogyasztói kontroll korában 2.0
 
שירותי מוסך רייך
שירותי מוסך רייךשירותי מוסך רייך
שירותי מוסך רייך
 
Guiding principles for
Guiding principles forGuiding principles for
Guiding principles for
 
Php basics
Php basicsPhp basics
Php basics
 
تقرير السجون En
تقرير السجون Enتقرير السجون En
تقرير السجون En
 
Clase+de+tarnsporte
Clase+de+tarnsporteClase+de+tarnsporte
Clase+de+tarnsporte
 

Más de IQPC Middle East

Oman Customer Service Week
Oman Customer Service WeekOman Customer Service Week
Oman Customer Service WeekIQPC Middle East
 
Process Excellence Week MENA in Energy and Utilities
Process Excellence Week MENA in Energy and UtilitiesProcess Excellence Week MENA in Energy and Utilities
Process Excellence Week MENA in Energy and UtilitiesIQPC Middle East
 
6th gcc nationalisation summit
6th gcc nationalisation summit6th gcc nationalisation summit
6th gcc nationalisation summitIQPC Middle East
 
Middle East Electronic Health Records
Middle East Electronic Health RecordsMiddle East Electronic Health Records
Middle East Electronic Health RecordsIQPC Middle East
 
2nd annual cost effective sustainable design saudi arabia
2nd annual cost effective sustainable design saudi arabia2nd annual cost effective sustainable design saudi arabia
2nd annual cost effective sustainable design saudi arabiaIQPC Middle East
 
6th Annual GCC Nationalisation Summit
6th Annual GCC Nationalisation Summit6th Annual GCC Nationalisation Summit
6th Annual GCC Nationalisation SummitIQPC Middle East
 
Pharma Sales Force MENA 2010
Pharma Sales Force MENA 2010Pharma Sales Force MENA 2010
Pharma Sales Force MENA 2010IQPC Middle East
 
Financial services for women middle east summit
Financial services for women middle east summitFinancial services for women middle east summit
Financial services for women middle east summitIQPC Middle East
 
MENA Shared Services & Outsourcing Summit
MENA Shared Services & Outsourcing SummitMENA Shared Services & Outsourcing Summit
MENA Shared Services & Outsourcing SummitIQPC Middle East
 
Interior Design and Construction Saudi Arabia
Interior Design and Construction Saudi ArabiaInterior Design and Construction Saudi Arabia
Interior Design and Construction Saudi ArabiaIQPC Middle East
 
Urban Transportation Summit Kuwait
Urban Transportation Summit Kuwait Urban Transportation Summit Kuwait
Urban Transportation Summit Kuwait IQPC Middle East
 

Más de IQPC Middle East (15)

Oman Customer Service Week
Oman Customer Service WeekOman Customer Service Week
Oman Customer Service Week
 
Process Excellence Week MENA in Energy and Utilities
Process Excellence Week MENA in Energy and UtilitiesProcess Excellence Week MENA in Energy and Utilities
Process Excellence Week MENA in Energy and Utilities
 
Mno eurasia brochure
Mno eurasia brochureMno eurasia brochure
Mno eurasia brochure
 
6th gcc nationalisation summit
6th gcc nationalisation summit6th gcc nationalisation summit
6th gcc nationalisation summit
 
Middle East Electronic Health Records
Middle East Electronic Health RecordsMiddle East Electronic Health Records
Middle East Electronic Health Records
 
2nd annual cost effective sustainable design saudi arabia
2nd annual cost effective sustainable design saudi arabia2nd annual cost effective sustainable design saudi arabia
2nd annual cost effective sustainable design saudi arabia
 
6th Annual GCC Nationalisation Summit
6th Annual GCC Nationalisation Summit6th Annual GCC Nationalisation Summit
6th Annual GCC Nationalisation Summit
 
Pharma Sales Force MENA 2010
Pharma Sales Force MENA 2010Pharma Sales Force MENA 2010
Pharma Sales Force MENA 2010
 
Cold Chain MENA 2010
Cold Chain MENA 2010Cold Chain MENA 2010
Cold Chain MENA 2010
 
Financial services for women middle east summit
Financial services for women middle east summitFinancial services for women middle east summit
Financial services for women middle east summit
 
HR Technology MENA 2011
HR Technology MENA 2011HR Technology MENA 2011
HR Technology MENA 2011
 
MENA Shared Services & Outsourcing Summit
MENA Shared Services & Outsourcing SummitMENA Shared Services & Outsourcing Summit
MENA Shared Services & Outsourcing Summit
 
Interior Design and Construction Saudi Arabia
Interior Design and Construction Saudi ArabiaInterior Design and Construction Saudi Arabia
Interior Design and Construction Saudi Arabia
 
Hr in Healthcare Forum
Hr in Healthcare ForumHr in Healthcare Forum
Hr in Healthcare Forum
 
Urban Transportation Summit Kuwait
Urban Transportation Summit Kuwait Urban Transportation Summit Kuwait
Urban Transportation Summit Kuwait
 

Último

Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 

Último (20)

Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 

India’s banking tech experts give insight on 2012 strategies

  • 1. AN OVERVIEW OF THE TECHNOLOGY SECTOR IN BANKING IN INDIA BY Sameer Ratolikar Chief Information and Security Officer Bank of India & Dharmaraj Ramakrishnan Head of Core Banking Unit ING Vysya Bank These interviews were conducted by Melanie Timbrell & Tom McDonald of FST Media, Australia as part of their Who’s Who in Asia’s Financial Services. 15 - 16 November, 2011, Four Seasons Hotel, Mumbai, India To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in November 2011 in Mumbai.
  • 2. Sameer Ratolikar Chief Information and Security Officer Bank of India Timbrell: What are your key information security priorities for the next 12 to 18 months? Ratolikar: My key security priorities for the next 12-18 months are: 1) Ensuring proper technology risk management is established to satisfy regulators and business partners 2) Data loss prevention strategies across the enterprise 3) Secure Access control and management, especially for third party service providers 4) IT Governance, Risk Management and Compliance (GRC) to automate the security governance and compliance process 5) Identity management across all critical applications 6) To see a Business Continuity Management (BCM) system framed and implemented across the Bank Timbrell: What do you see as the top IT security risks facing banks in India right now? Ratolikar: Top security risks faced by banks in India include unawareness among customers and users about emerging cyber threats, basic hygiene of information security and sensitive data leakage knowingly or unknowingly. In addition to this, identity theft-related attacks are also on the rise. Timbrell: What is Bank of India’s position on cloud computing; and how are you managing associated security risks? Ratolikar: We are enthusiastic about cloud computing with regard to seeing how IT services are delivered in a cloud. We feel that as the concept is new and yet to mature, we will use it for some To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in November 2011 in Mumbai.
  • 3. services like email and web while making observations, test the performance and then we may go for a private / hybrid cloud. The talent pool of service providers, data privacy, Business Continuity Planning (BCP), jurisdiction of data storage and legal issues are all risks to be managed if one decides to opt for cloud. Timbrell: What technology innovations and trends do you feel are shaping the future of banking in India? Ratolikar: Technology innovations in the banking industry started in India almost eight years back in the form of core banking. I feel the following services will shape the future of banking in India: • Internet banking (in use since 2000 but growing rapidly with innovation) • Mobile banking • KIOSK banking • Integration of the ATM networks of all banks • Financial inclusion using smart cards for rural masses (door step banking) • Single view of the customer using business intelligence Timbrell: Global consultancy firm Boston Consulting Group (BCG) recently predicted mobile banking and payments transactions in India would reach US$350 billion by 2015. From a security perspective, how are you preparing for this surge in uptake of banking using handheld devices? Ratolikar: Today we have more mobile handsets than bank accounts in India. So the penetration of mobile phones is definitely being leveraged to provide banking services. But like any innovation brings with it some risks, mobile / handheld systems are no exception. We have to address the risks arising from such “consumerised devices,” using a standard framework of People, Processes and Technology. We are educating users continuously via our Intranet Portal, conducting ‘Security Weeks’, engaging on policy compliance etc. A centralised access management system is being deployed to see that all connections to our applications via these handheld devices are identified, authenticated and then authorised. Digital Rights Management and data leakage prevention solutions are also being evaluated to prevent data leakage via these devices and other end points. To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in November 2011 in Mumbai.
  • 4. Timbrell: Phishing and vishing attacks are on the increase across the region. How is Bank of India dealing with this increased threat? Ratolikar: Although there is no one-size-fits-all solution to tackle phishing and vishing, one of the most effective ways is deploying a ‘Two Factor Authentication’ solution. We deployed the 2FA solution two years ago and are happy to witness near-zero incidents. In addition to this technological solution, creating awareness among users about these attacks is extremely important. We are promoting awareness via radio channels, newspapers, periodical SMSes etc. Timbrell: Does Bank of India currently deploy Information Loss Protection (ILP) capability and how do you protect from leakage of sensitive data? Ratolikar: Information Loss Prevention capabilities and strategies start with education and framing the right policies focusing on the impact of data loss, regulatory concerns, legal acts etc. We have done all these things. Now our focus is on a technological solution in the form of rights management and Data Loss Prevention (DLP). We have started deploying Information Rights Management in the Bank. Once this project is over, we will look for the right solution to achieve comprehensive DLP. Timbrell: How far ahead do you plan your IT security strategy; and why? Ratolikar: It would be difficult to name the exact time frame for planning IT strategy. Our IT strategy is influenced by the outcome of regular risk assessment exercises on our information assets. We conduct the exercises and based on those results define and amend the strategy. Our IT security strategy is always aligned with People, Processes & Technology and mapped to Confidentiality, Integrity and Availability of Data. Similarly, whenever any new projects are rolled out to customers, they have to go through our risk assessment exercise. Timbrell: What skill set do you seek out in prospective team members? Ratolikar: I seek team mates with the right attitude to learning, good analytical skills, clarity of thought and an appetite and interest in security. Timbrell: When your time as a technology leader draws to a close, what would you wish to be remembered for? Ratolikar: A CIO with leadership and motivational qualities and a great risk manager who transformed IT from a cost centre to a profit centre. To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in November 2011 in Mumbai.
  • 5. Dharmaraj Ramakrishnan Head of Core Banking Unit ING Vysya Bank McDonald: What are your top IT priorities for the next 12 to 18 months? Ramakrishnan: The top priorities for us over the next 12 to 18 months – from a technology point of view – are increasing the use of server virtualisation, data architecture, data analysis, financial inclusion and core banking upgrades. McDonald: ING Vysya has recently stated it now has the fastest electronics payments processor in the country. How critical is continued investment in National Electronic Fund Transfer (NEFT) and Real- Time Gross Settlement (RTGS) technologies to drive future growth? Ramakrishnan: India is experiencing a large shift in how payments are sent, as electronic payment networks gain a strong foothold in the country. The benefits of wire-transfer are speed, safety and superior customer service. If you look at paper payment instruments – cheques, demand drafts and cash – these have existed in India since the 19th century. As recently as 2003, 86 per cent of all non-cash payments in India were still made through the use of paper instruments, with electronic payments only just beginning to take off. Since then, electronic payments have grown by at least 60 per cent year-on-year, and by mid-2009 electronic payments represented 33 per cent in volume and 62 per cent in value of all payments made in India. There has been a five per cent decline in cheque clearing during 2008-2009 financial year compared to the 2007-2008 financial year. Looking at these statistics, there’s enough opportunity for banks to move from paper to electronic. I am sure that NEFT and RTGS will gain momentum and that’s the way forward for a faster turn-around. To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in November 2011 in Mumbai.
  • 6. The Reserve Bank of India (Central Bank)’s efforts to make the RTGS and NEFT processes as common as cheques are today, are paying off. Increasingly, banks are offering their customers innovative payment services that are faster, cheaper and safer for all concerned. To realise the cost and efficiency benefits from shifting to electronic payments, it is imperative to develop a comprehensive Paper-to-Electronic (P2E) change management solution. At ING Vysya, we have done system re-architecture and automation as part of our Payments Programme. This includes automated payee name validation for all inward processes. Payment processors are the most sensitive areas of operations and we designed fail-safe systems that worked flawlessly from day one. The fuzzy logic built in for payee name validation has to be suitable for Indian names and conditions. Since payee name validation was at the heart of Straight-Through-Processing (STP) we had to get this absolutely right and we have done. McDonald: What key challenges are currently facing ING Vysya’s Core Banking Unit and what strategies are in place to address these? Ramakrishnan: We are reasonably satisfied with our core banking system. We are nevertheless going in for an upgraded version to reap the benefits of true Service Oriented Architecture (SOA) implementation, easier maintainability and faster time to market. We are also working on real time replication of data for our analytical needs, and towards true 24/7 availability. McDonald: Given the pace of growth in India’s banking industry, what adaptive and flexible systems are you putting in place to manage the market’s expanding customer base? Ramakrishnan: Our focus is continuously on providing a world class solution to our customers. If you look at our RTGS & NEFT processing, we are the fastest electronic payment processor in the country. In fact, we have developed the RTGS and NEFT processing functionality within the core banking system. We have also introduced online trading by integrating with a third party solution a real-time mode that makes Application Programming Interface (API) calls between core banking and the trading engine using Enterprise Service Bus (ESB) as a middleware. We went live with this project in a record time of 30 days. This clearly shows that our time-to-market is pretty good from a technology point of view. Our philosophy is every customer of ours should have an enjoyable experience – making the bank “Easy to Deal With,” as ING’s motto goes. To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in November 2011 in Mumbai.
  • 7. McDonald: To what extent is ING Vysya considering moving software, storage and infrastructure to the cloud in order to keep up with India’s economic expansion? Ramakrishnan: No to public cloud. While scepticism prevails around the adoption of public cloud, due primarily to data security concerns, private cloud adoption seems to be making traction. If we watch carefully, virtualisation and Software-as-a-Service (SaaS) are the underlying elements of cloud computing. There has been prominent adoption of former, but not the latter in the banking segment. In India, co-operative banks, as well as a few scheduled banks, have been using hosted services for a long time now, which is very similar to private could. In private cloud, virtualisation is the key element and banks have been adopting this for quite some time. At ING Vysya we have virtualised our production systems and we are heading towards a private cloud. Virtualisation has yielded significant benefits in our IT organisation, in particular, it has allowed us to provide scalable infrastructure. McDonald: What do you foresee as the next ‘big thing’ in banking innovation? Ramakrishnan: Traditional banking models cover just under half of India’s population. The next material innovation in the Indian context (and indeed in the context of all developing economy countries) would be to build banking models and delivery mechanisms that extend banking services to the unbanked. We believe that the key driver will be India’s ambitious Aadhaar project by the Unique Identification Authority of India (UIDAI), which seeks to provide biometric-based enrolment and authentication services to all Indian residents. Which, at 1.3 billion people, would be the most audacious and path breaking innovation in centralised identity enrolment and authentication attempted, ever. McDonald: Core banking modernisation is often associated with the highly expensive task of overhauling legacy systems. In your experience, what is the most promising and cost effective technology aiding IT core modernisation? Ramakrishnan: Progressive modernisation is the right way to go. Key steps we follow are: identifying the legacy systems which are to be replaced; doing a cost benefit analysis and justifying the capital investment; and finally ensuring deployment of new systems are aligned with business priorities – this will help in achieving a faster ROI. To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in November 2011 in Mumbai.
  • 8. McDonald: India’s population is rapidly embracing mobile and online banking technology. How is ING Vysya adapting to this emerging trend; and is the Bank moving toward an increasingly branchless banking model? Ramakrishnan: We are one of the early movers in mobile banking implementation. We implemented our mobile banking solution in 2008 and have now reached a stage of platform renewal. We have a three pronged approach to mobile banking: SMS based banking at the base; third-party applications and mobile malls for the mass market; and an exclusive platform for high end mobile and tablet platforms, which is under development. We have had a comprehensive internet banking channel (“Mibank”) for a long time, and have very recently added an exclusive business banking and corporate banking channel called ING Converge, which has gained excellent traction in the marketplace. McDonald: Every IT leader, particularly at your level, has a legacy they wish to be remembered for. What is yours? Ramakrishnan: I would like to be remembered as a person who drives transformation. To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in November 2011 in Mumbai.