Banks need to work on se­cur­ing their sys­tems and cus­tomer data

Banks need to do a lot of work to se­cure their sys­tems and cus­tomer data.

Business Today - - MANAGEMENT - By B.S. Srini­vasalu Reddy Il­lus­tra­tion by Raj Verma

IT HAS DAWNED ON BANKS that they need to tap the in­no­va­tive ca­pa­bil­i­ties of fi­nan­cial tech­nol­ogy (fin­tech) start-ups to stay com­pet­i­tive. They are open­ing up their sys­tems, or core bank­ing plat­forms, for plug-ins with fin­tech play­ers. The banks claim it's help­ing them ex­pand the fi­nan­cial ser­vices net­work and in­cu­bat­ing new set of ca­pa­bil­i­ties for lenders. Still, the mar­riage of con­ve­nience comes with its set of chal­lenges. In­creas­ingly, data se­cu­rity con­cerns and pri­vacy is­sues are com­ing to the fore. A lax reg­u­la­tory en­vi­ron­ment for third party sys­tem de­vel­op­ers, par­tic­u­larly fin­techs, is ac­cen­tu­at­ing the con­cerns. The Re­serve Bank of In­dia, the bank­ing reg­u­la­tor, is also wor­ried.

“This is again a po­ten­tial area where we have an op­por­tu­nity to en­gage with fin­techs that fo­cus on ma­chine learn­ing, pat­tern match­ing, fraud de­tec­tion and cre­at­ing a more in­tel­li­gent frame­work to de­tect anom­alies and prevent any po­ten­tial mis­use,” says Ritesh Pai, Chief Dig­i­tal Of­fi­cer at YES Bank. YES Fin­tech, YES

Bank’s busi­ness ac­cel­er­a­tor pro­gramme for fin­tech start-ups, is also ex­per­i­ment­ing with bio­met­ric solutions to prevent frauds while cre­at­ing a seam­less KYC and cus­tomer on-board­ing, and adopting dig­i­tal sig­na­ture and AI tech­nol­ogy for iden­ti­fi­ca­tion, back­ground checks and forgery de­tec­tion.

When a bank in­cu­bates a fin­tech com­pany or a new ini­tia­tive, fitting the start-up cul­ture into its pro­cesses is a bit of a chal­lenge. “Em­bed­ding a dif­fer­ent cul­ture com­pany into the ex­ist­ing com­pany is a big task and then there is the tech­nol­ogy as­pect. So, you are mar­ry­ing a new tech­nol­ogy with a set­tled lo­gis­tics sys­tem,” says Kar­tik Shinde of EY. Be­sides, a bank is a reg­u­lated en­tity and is held re­spon­si­ble for any com­pli­ance re­lated is­sues in the new in­te­grated sys­tem. Vivek Bel­gavi, Part­ner & Leader - Fin­tech at PwC In­dia, puts se­cu­rity and pri­vacy con­cerns from a bank’s per­spec­tive into four cat­e­gories - Data pri­vacy and own­er­ship; busi­ness con­ti­nu­ity, par­tic­u­larly when the startup winds down; cy­ber se­cu­rity re­lated con­trols; and reg­u­la­tory com­pli­ance as in some sit­u­a­tions the li­a­bil­ity lies with the bank.


With sev­eral banks in­cu­bat­ing fin­tech start-ups in re­cent times, In­dia has emerged as a leader in fin­tech rev­o­lu­tion. “If you see the sce­nario out­side

In­dia, no coun­try has gone to this level of fi­nan­cial in­clu­sion or fin­tech rev­o­lu­tion and sys­tem in­te­gra­tion,” says

Kar­tik Shinde, Part­ner, Cy­ber Se­cu­rity,

EY. To­day, a cus­tomer is able to open a bank ac­count in a mat­ter of a few min­utes - only a fin­ger­print iden­ti­fi­ca­tion is needed and the KYC is done, with­out need­ing a slew of doc­u­ments.

The RBI had stated in April 2018 that the new KYC guide­lines mak­ing Aad­haar manda­tory are sub­ject to the final de­ci­sion of the Supreme Court on the is­sue. “Aad­haar- based KYC is def­i­nitely a boon to on­board cus­tomers seam­lessly, and I be­lieve it will go a long way in im­prov­ing cus­tomer ex­pe­ri­ence as far as fi­nan­cial ser­vices are con­cerned,” says Pai. But with the gi­gan­tic amount of pri­vate and con­fi­den­tial data amassed in one data­base, it can be un­der­stood why pri­vacy con­cerns con­tinue to dog Aad­haar and the Unique Iden­ti­fi­ca­tion Author­ity of In­dia (UIDAI), the body that es­tab­lished it.


While ex­perts are unan­i­mous that there is need for ex­pand­ing the scope of ex­ist­ing reg­u­la­tions for en­sur­ing data pro­tec­tion and guard­ing pri­vacy of in- di­vid­u­als, par­tic­u­larly the IT Act of 2000, Shinde vouches for Euro­pean Union’s (EU) Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR) kind of a frame­work. “In In­dia, data pri­vacy has never been an is­sue and we are okay with giv­ing out our phone num­ber, even to a stranger,” says Shinde. To­day, many or­gan­i­sa­tions, in­clud­ing banks, seek a lot of per­sonal in­for­ma­tion from cus­tomers that is not re­quired, largely be­cause there is no law that pro­hibits it. In the EU, the GDPR will en­sure data pro­tec­tion and pri­vacy for all in­di­vid­u­als and vi­o­la­tion of its pro­vi­sions comes with se­vere penal­ties of up to 4 per cent of world­wide turnover or €20 mil­lion, which­ever is higher.

Cer­tainly, In­dia is not the leader in terms of fin­tech reg­u­la­tion – it is still in its in­fancy in In­dia – de­spite ini­ti­at­ing the process a cou­ple of years’ back. Mone­tary Author­ity of Sin­ga­pore (MAS) and the Fi­nan­cial Con­duct Author­ity, UK are ahead in this space. The RBI set up the Re­serve Bank In­for­ma­tion Tech­nol­ogy Pvt Ltd (ReBIT) last year to take care of its IT re­quire­ments, in­clud­ing the cy­ber se­cu­rity needs of the bank and its reg­u­lated en­ti­ties.

Mean­while, in terms of con­ve­nience, Aad­haar beats tra­di­tional pa­per-based and man­ual KYC model for banks. How­ever, se­cu­rity and pri­vacy con­cerns can­not be brushed aside.

Over a pe­riod of time, all se­cu­rity and pri­vacy is­sues could get re­solved and a robust fi­nan­cial ecosys­tem will come into be­ing but it is still work in progress in In­dia.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.