Mr Sambamurthy, Members of Faculty, CIOs and GMs of banks, ladies and gentlemen. I thank the IDRBT for inviting me to address this erudite audience. The issues that I have chosen to flag; I hope, would generate adequate interest and be the basis for further deliberations leading to some concrete suggestions. We, in the Reserve Bank would eagerly look forward to such outcomes, as these can be useful to set the road map for technology adoption in the Indian financial sector in the years to come.
Introductory thoughts
2. Information and communication technology is playing a vital role across many industries and sectors, resulting in a positive impact on economic development cutting across the geographical barriers. It is important to note that the financial sector and more particularly banking industry was one of the very first to utilize information technology way back in the 1960s, and has thus the record of influencing the development process through the technology. The banking sector is an example in which information technology infrastructures have had implications on the economic development of many nations across jurisdictions. Studies show that information technology coupled with knowledge management hold much potential for propelling the development process (Okpaku, 2003).
3. Since the 1990s, the banking sector in India has seen greater emphasis being placed on technology and innovation. Banks began to use technology initially with a view to take care of their internal requirements pertaining to book keeping, balancing and for transactions processing; the all-pervasive face of Information Technology soon enabled banks to provide better quality of services at greater speed. Internet banking and mobile banking have made it possible for customers to access banking services literally and virtually from anywhere and anytime. The biggest barriers, time and distance, to access banking services were crossed by leveraging technology. The sector has also moved rapidly towards universal banking and electronic transactions, which changed the way banking is done, during the last decade or so.
4. Take the case of payment systems, an area which I am familiar with and where technology has brought in a sea-change. Till 1990s, one could make payments in this country through two predominant means - cash and cheque. Today, a tech-savvy customer is empowered to choose a desired service from slew of products- card payments, NEFT transfer, RTGS transfer, ECS/NECS payments, mobile payments etc. Further, after using any of these payment methods, the first instrument he turns to is his mobile phone for confirmatory messages, a feature unique to India. What would you imagine as the future scenario? Consider this: "the future of payments is the elimination of POS terminals and checkout lines that require an associate in a store to scan and bag purchases item by item. The most frictionless solution is not a smart phone but a collection of sensor networks that automatically identify the buyer, scan the items to be purchased, and process payments without human intervention. No lines, no taps, no swipes, no associates, no cash registers. Just wireless sensors and networks that automatically process transactions, manage inventory, etc….. Our grand kids won’t be carrying a wallet even if it’s digital…. Biometric factoring is not that far away. You’ve heard of fingerprinting and retina scans. The distance between pupils is unique even between twins. You’ll be able to walk into a store that knows how much you have available [if you’ve made that information available], what you usually spend based on which a personalized deal is offered. Your pre-set rules and the store’s pre-set rules will negotiate, and the store will offer you a set of options.” The impact of social commerce is also evident, so much so that one could expect to get discounts and other rewards based on your influence on friends’ purchases"2...
5. To restate the future scenario more directly, in the next few years, there will be substantial challenges for the banking industry. Customers will become increasingly individualistic and, at the same time, more discerning in their relationships with banks. Ubiquitous information and the power of social media inputs will result in customers comparing offerings across the market; evaluating the service levels of different banks and also demanding transactions increasingly on their own terms - a mimic of the corporate sector. This may well signal the sunset phase of the hitherto traditional segmentation approaches and 'go-to market' techniques. There would be dramatic changes in the levels of competition in the retail banking space with the predicted entry of non banks. Banks, may have to look at opportunities particularly with respect to harnessing product, service and process innovation to serve customers better, and to create a niche in an increasingly crowded marketplace.
6. Two main trends that may stand out here, as the most significant forces that will drive industry change are increasing customer centric products and intensifying competition. Further, the other trends that may change the way we do banking in the future would be – managing human capital, regulations and technologies – and these may strongly contribute to and reinforce the effects of intensifying competition and customer empowerment on banks’ strategic choices.3 Are we ready? And could these be the niche areas of focussed research for the IDRBT?
7. Before moving on to the next set of issues, let me set out a few more questions. If IT is to rule our lives, how do we measure whether IT has delivered? IT has certainly enabled banks to increase its business multiple times with less of man power. But is this sufficient? What has been the customer experience? Do banks study the customer satisfaction levels after a new product is offered? Are there tools or techniques available to measure the impact of IT? Can IDRBT and the experts here suggest tangible methods of measuring the success or failure of IT deployment?
Mind the gap – Issues in IT delivery in the banking sector
8. Though IT is increasingly becoming an invaluable and powerful tool in driving development, supporting growth, promoting innovation, and enhancing competitiveness in the banking context in India, there are several potential areas where technology can deliver better.Financial inclusion
9. Technology plays a major role in financial inclusion, a sustainable banking theme very relevant to a country like India that has a large unbanked population. For example, handheld devices, used by bank agents to draw people living in remote areas into the banking fold, run on technology. Internet and mobile technologies are trying to reach out to the populace starved of banking services as well. Financial institutions are also joining forces with network operators in providing access to mobile based payment services even to those who do not have bank accounts. These product and channel innovations require robust and scalable ICT platforms.
10. If we want to move the mobile financial services sector beyond payments space and create products that reach every level of society, we have to be creative. The industry requires product innovation that focuses on customer desires, usage patterns, and needs, and then translate these findings into viable products. For example, in Uganda, Grameen Foundation’s AppLab is partnering with MTN and CGAP to do this by launching a product incubator: AppLab Money. This product AppLab Money reportedly uses several complementary research methods to understand the financial lives of the poor.
In this context, are our efforts good enough? Where can we do more? Isn’t it time for introspection?
Innovation
11. Today, banking is becoming increasingly complex and banks which fail to use technology to take their services to the common man and tap the potential of the rural sector will stand to lose. Ultimately, technology would be the key enabler and differentiator in accomplishing this objective. When we look at technology, the scope for innovation is immense – in the field of financial inclusion itself, right from biometric based systems to mobile based to simple Interactive Voice Response based applications. But it cannot be a one-size-fits-all approach. This however, does not reduce the importance of standardisation and interoperability which would result in higher efficiency and more choices. Further, many initiatives using technology would be impossible to pursue without the active participation and support of several stakeholders. Thus the need of the hour is collaborative innovation.
Do banks recognise the power of innovation to create higher customer satisfaction, loyalty and bank productivity through their products/processes/channels?
Data integrity
12. The policy and decision-making processes are becoming more information intensive, therefore, it is imperative to ensure quality of data and its timely submission by banks not only to the regulator but to the banks’ managements as well. This area requires more attention, given that data quality may have an impact on the reputation of banks besides posing other risks. You would appreciate that accurate data is a sine-qua non for improving the quality of MIS and an effective Decision Support System (DSS). By adopting an automated process for submission of returns, the banks would be able to submit accurate and timely data without any manual intervention to the regulator. Inter alia, this process would also assist the banks in terms of improved timelines, enhanced data quality, improved efficiency of processes. Towards this, the Reserve Bank has initiated the Automated Data Flow Project. The deadline for banks to automate all their returns is March 2013.
Are the banks braced up to meet the deadline?
Cost of transactions
13. Technology has been helping in delivering affordable financial services with greater efficiency without compromising on levels of safety, security and reliability. Perhaps the most significant contribution of technology has been in attempting to bring down the cost of financial services by using economies of scale. Technology has also been used in removing geographical barriers and reaching out to the unbanked - the poor are unreached but not unreachable. The use of electronic payment modes to disburse the governments social benefit transfers illustrates this point. Technology should be used in such a manner that you have a diversified product range to bridge the supply gap at the same time keeping in view the customers convenience in mind.
Has IT delivered in India in terms of reducing the costs? If not why? Is the Government/ Regulatory intervention the best way forward? What are the advantages or dangers to such an approach?
Channel security
14. To compete successfully in today’s tough market place, financial institutions need to retain the trust of their customers –a trust which relies not only on their capacity to deliver good value services, but also on their ability to protect people, assets, premises and the highly sensitive data they hold. There is always an element of hidden fear as far as IT based operations are concerned, the fear of the unknown. Banks need to ensure that the best of controls and security measures are in place. Customer education is the key to customer trust.
Are there steps taken towards customer education as far as IT based service delivery channels are concerned? Are these adequate?
How to bridge the Gap?
15. Having identified some of the gaps, let me now try and offer suggestions to bridge these gaps.
IT and Business alignment
16. Alignment can be described as the timely and appropriate application of IT in harmony with business objectives, strategies and requirements. Alignment occurs when the respective strategies are interwoven in such a way that the right things are done to deliver greater value to the organisation. After all, a successful alignment is a two way relationship, a give and take between IT and business. Though IT has the capability to reduce costs, standardise processes, the benefits of successful IT-business alignment are beyond these i.e. increased efficiency of implementation & integration, reduced cycle time, increased enterprise agility and the ultimate benefit of improving the bottom line. Until recently IT played a docile role in business planning. It is now time for banks to move over from being merely an implementation tool to shaping business strategy. The principal difficulty is that there are few instances of business oriented IT strategies as most are focussed on technology products of one shape or another. This makes it all the more challenging to align the IT and business strategies.
Managing Outsourcing
17. IT outsourcing is a growing phenomenon in developing economies. The challenges of outsourcing range from selection of ideal outsourcing partner to dynamic issues of knowledge transfer, security risks, legal concerns, vendor dependency, etc. This concern has heightened in recent years and these issues may be dealt with in synchronization with general governance principles. As we look to external IT service providers for assisting us to innovate and optimize, we must assess how mature our outsourcing capability is to utilize the right engagement models and align ourselves with the appropriate providers.
18. Before initiating the process of outsourcing any service/application, it is necessary to examine whether the outsourced function meets the business needs and strategic objectives. Identification of the nature of the activities undertaken by the vendor and the inherent risks of the activity are also important. It is recommended that due diligence in selecting, contracting, supervising and monitoring of the vendor is adopted. Diligence in vendor selection also requires a reasonable inquiry into the ability and suitability of the vendor to meet the requirements for the proposed service. Well defined and enforceable Service Level Agreements (SLAs) with the vendor will establish the performance standard and service quality expected under the agreement. As part of meeting principles of governance, it may be ensured that there is a documented, accepted procedure which governs service expectations and obligations including change management.
Combating Cyber Crime
19. In a networked world, there are no real safe harbours—like a ship which can be attacked by pirates anywhere, a service delivery offering on the network is generally available to everyone else on the network; in some cases this may well be the gateway for entry to the bank’s main systems as well. Cyber security is a collective concern that is comprehensive in scope—the Internet has no national boundaries. Whereas security is typically regulated at the government level, cyber security is national, international, public and private in character- all in the same context. Today, there are Government initiatives aimed at enhancing cyber security which is complemented by cyber risk management and security provided by private entities that manage and operate most ICT infrastructure. Such security cannot be adequately assured by market forces or regulation; rather, it requires a novel mix of solutions involving a range of stakeholders working both in their own domains and in concert. No single strategy, set of governance arrangements, or operational practices will be right for every country. Cyber security issues now top the list of risks to watch. While such importance is ascribed for cyber security in general, banks, as prime targets of financial fraud and crime, need to be extra vigilant as far as cyber security is concerned and this needs to be ingrained in each and every offering made available using IT. The role of organisations such as IDRBT assume significance in this regard.20. To share some important findings:
- India is seeing an increase in the number of cyber attacks, from 2,565 in 2008 to 8,266 in 2009 and 10,315 in 2010 (source: CERT-In). India is one of the top three countries in the world in terms of malicious activities4. India has been responsible for sending out 16 percent of all spam according to the results of IBM's “X-Force 2012 Mid-Year Trend and Risk Report'', ahead of the 15% level of the USA. Some of the cyber security threats (malware and virus) reported byCERT-In are DNS Changer malware, Zeus BOT, stuxnet and spyeye.
- According to a report by Japanese security company Trend Micro, hackers are now increasingly targeting Indian financial institutions with the latest variants of malware like SpyEye and Zeus to siphon larger amounts of money from bank accounts. It has reported a whopping 187 per cent rise in phishing attacks being reported on various Indian brands in May this year over the previous month and points out that significantly, all phishing are targeted on the banking sector5.
21. In this context, the questions that arise are:
- How secure are we?
- How literate and aware are our employees about the IT governance and cyber security?
- Is there an organisation culture for detecting and reporting of violations?
- Is there a zero tolerance policy about breeches of policies?
- Do business partners share and observe your governance and security policy?
All these assume significance in view of the fact that the internal threats from employees and third party service providers are as critical as external threats.
Governance in IT
22. Is IT governance all about IT? A consistent IT Governance policy provides institutions with tools which ensure that IT investment drives business to meet its goals. IT Governance depends strongly on corporate governance and the overall corporate strategy, which means that IT strategy and IT processes should be in consonance with business goals. In other words, it means that IT Governance provides tools to manage IT structures and processes in order to appropriately support business strategy.
23. Implementing IT Governance in banks can be very challenging. For addressing the structural inadequacies in the areas of IT governance -information, data, information security- there is an imperative need to have synergy among these areas. Adoption of a structured IT Governance framework would enable banks to manage their businesses in a manner that would bring about benefits to their customers as also facilitate the growth of banks in this fiercely competitive world. Banks’ investments in IT are most fruitful when they match technology strategy with business strategy, implement systems in a disciplined way, and balance value creation with increased IT capabilities.
Human capital - development of knowledge and talent marketplace
24. Though the face of banking industry has undergone a sea change in the years that have gone by, you would agree with one characteristic of the industry that has remained unchanged is people. The banks succeed or fail depending on the quality of their workforce talent at every level—the front lines, middle management and executive leadership. Banks should look at workforce talent as the primary engine for sustained, competitive advantage and for creating a workforce in which people at every level are capable of contributing with high levels of performance leveraging on technology. It's about creating a IT culture of excellence. It is the HR teams that will give banks the competitive advantage in the years to come.
Analytics - to drive up customer confidence
25. The power of predictive analytics is undisputable. It has made deep inroads into several industries and is now doing the same in banking. So, what's new? Haven't banks - the producers and consumers of more data than most other industries, been mining it since ages? Yes, but data mining and analytics aren't the same thing. To cut a long story short, the latest analytics solutions have the ability to process petabytes of data into predictive insights, in near real time. This means that in theory, banks can derive key insights into the outcome of an action, even as they execute it. In practical terms, this could mean the difference between stopping fraud in mid-transaction or raising the alarm after the deed is done. Now banks should be looking at leveraging predictive analytics to acquire and retain customers, manage campaigns and improve cross sales. They also have the opportunity to refine customer understanding to a different level, with the help of analytics, which would improve customer centricity.
Concluding thoughts
26. At this stage, I would like to acknowledge the contributions made by you all. As CIOs and IT managers, you have all excelled in bringing about the much needed change in the banking sector. A decade back we could see on the sign boards “fully computerised branch” which now could perhaps be changed to ‘fully automated transaction processing branch'. We cannot, however, rest with this. We need to strive towards higher levels, each one of you becoming a super CIO6- A CIO who can function as that lever and who can make a difference to the bank’s productivity. Since I am addressing a group of CIOs, I would like to leave you with some thoughts as to how you can transform into super CIOs by using technology differently:
Use Big data
27. Banks would need to think about Big data. Collecting and analysing transactional data will give banks more insight into their customer's preferences. It can be used to create new products and services and allow banks to remedy emerging problems in an efficient manner. However there is one word of caution, you may need skilled personnel to work on the tools to analyse the data.
Lead
28. What CIOs need is independent thought, open-mindedness, flexibility and the ability to learn continuously. Technology expects you to be a student for all your life. You also need to have that ''fire in your belly'' to lead a team. Leadership is an art. Master IT. This may also mean that you may have to press pause button while engaging the top management once in a while for effectively bridging gaps between the IT and business teams.
Collaborate
29. To increase efficiency and ensure regulatory compliance, banks need better methods of gathering and reporting data from all their verticals. Most banks struggle with multiple back-office systems and silo based information. To address these issues in earnest, there will be a need for new and improved business process management tools in the times ahead and hence a great deal of collaboration among all.
Stay secure
30. New technologies being adopted everyday are opening doors for new threats. To combat these, we need new weapons. In the first place we need to identify information that needs to be secure and protected at all times. Further we need to put in effective security for accessing, sharing and controlling important documents across the extended and mobile enterprise on any device. You would appreciate that controlling sensitive or confidential documents is more difficult than controlling records in databases. Most organisations including banks focus the majority of their security resources on the network rather than their applications. Banks would need to prioritise their application security to avoid being 'sitting ducks' for impending attacks. There's a silver lining here. According to a report7, security in the banking vertical worldwide has shown its dedication to security. During 2011-12, banking websites have had the highest remediation rate at 74%.
Go Cloud but with caution
31. The rapid emergence of cloud computing is transforming the way financial institutions think about how they consume their IT resources. The Cloud is here to stay. We all know it but are worried whether or not to acknowledge it. This is because we are worried about the security and data integrity in the Cloud. Cloud computing, which in the most basic of terms, offers unlimited computing resource as a service on a pay-per-use basis, is proven to directly translate to less upfront capital expense and reduced IT overheads, offering a cost-effective, simple alternative to accessing enterprise-level IT without the associated costs. But world over, financial sector is treading with caution in adopting this technology. Indian financial sector needs to be conscious of this reality, at least until such time, the industry evolves Indian standards for cloud computing.
Source
32. Outsourcing is still in. It may have taken on new names like the cloud but traditional outsourcing is not really extinct. CIOs need to work towards improving their relationship with their vendor so that banks may finally look, in the long run, towards increasing their productivity. In order to cut outsourcing costs, banks may look towards setting clear expectations from the vendor, take control of the project, and choose the vendor wisely. At times, banks may look towards being reasonable in their negotiations, at times 'put the contract away', partner with them to bring about change and be nice; of course not at the cost of expecting sub-optimal performance!!
Manage Mobile
33. The mobile revolution has created a sort of new world order. It has the potential to change the way banks do business. It is up to the banks to take cue. While banks are embracing the mobile channel -- and continuing to support the old standby of online banking -- they are not integrating the technologies used to build e-banking solutions. Also as more people conduct their banking on mobile devices, these devices also will become the growing focus of hackers and fraudsters, who are always on the hunt for ripe targets. Banks can work on two areas within the mobile channel8: fraud prevention and marketing to customers. In fact, world over mobile banking already is playing a role in reducing fraud in a variety of ways -- ranging from simple transaction and security alerts to mobile authentication for bank transfers.
34. As I conclude, let me flag final set of broad issues:
- Can CIOs of banks come together and identify three major challenges which require immediate remediation? IDRBT could take these forward as their core activity.
- A major aspect to be taken care of in IT implementation pertains to technological obsolescence. CIOs need to be ready with alternatives before this sets in as far as their systems are concerned. Could we see CIOs collaborating so that you drive the change rather than getting driven?
- All of you are fully aware of the KYC requirements. Can we look at technology based KYC which is easy to implement yet ensures secure and sure information which cannot be repudiated?
- Has time come for CIOs to worry about over dependence on some IT systems (Oracle for database, Windows for Operating system and so on)?
- Finally what would be the best fit options for inter-operability across IT systems and more importantly inter-operability across banks?
35. Whether it’s helping to better understand customer profitability, deliver products in innovative ways or manage the spiralling data requirements as a result of new regulation, technology is emerging as both a key enabler and differentiator. As the role of technology evolves more into mainstream banking, banks will need to think about technology expenditure in a different way. Instead of being a cost to manage down, it should be seen more as an investment to support growth and new business development, only to stay ahead of the curve in the competitive world. Ultimately, the proof of technology adoption is in the improvement of services to customers – across all economic, social and geographical sectors. And the CIO's have a large role to play in fulfilling this objective.
36. I would like to conclude with the observation of Gurucharan Das who said ''What leadership needs more than thought is action and what's more important than intelligence is will power''. CIOs, who are leaders in their own right, should work towards translating their thoughts into action with the will power to make IT happen.
37. I wish you all successful deliberations in this Conference. Since the New Year is less than a fortnight away, I would also like to wish you all a happy and prosperous New Year.
|
No comments:
Post a Comment