India’s banking tech experts give insight on 2012 strategies
1. AN OVERVIEW OF THE TECHNOLOGY SECTOR IN BANKING IN INDIA
BY
Sameer Ratolikar
Chief Information and Security Officer
Bank of India
&
Dharmaraj Ramakrishnan
Head of Core Banking Unit
ING Vysya Bank
These interviews were conducted by
Melanie Timbrell & Tom McDonald of
FST Media, Australia as part of their Who’s Who in Asia’s Financial Services.
15 - 16 November, 2011, Four Seasons Hotel, Mumbai, India
To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
2. Sameer Ratolikar
Chief Information and Security Officer
Bank of India
Timbrell: What are your key information security priorities for the next 12 to 18 months?
Ratolikar: My key security priorities for the next 12-18 months are:
1) Ensuring proper technology risk management is established to satisfy regulators and business
partners
2) Data loss prevention strategies across the enterprise
3) Secure Access control and management, especially for third party service providers
4) IT Governance, Risk Management and Compliance (GRC) to automate the security governance and
compliance process
5) Identity management across all critical applications
6) To see a Business Continuity Management (BCM) system framed and implemented across the Bank
Timbrell: What do you see as the top IT security risks facing banks in India right now?
Ratolikar: Top security risks faced by banks in India include unawareness among customers and users
about emerging cyber threats, basic hygiene of information security and sensitive data leakage
knowingly or unknowingly. In addition to this, identity theft-related attacks are also on the rise.
Timbrell: What is Bank of India’s position on cloud computing; and how are you managing associated
security risks?
Ratolikar: We are enthusiastic about cloud computing with regard to seeing how IT services are
delivered in a cloud. We feel that as the concept is new and yet to mature, we will use it for some
To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
3. services like email and web while making observations, test the performance and then we may go for a
private / hybrid cloud.
The talent pool of service providers, data privacy, Business Continuity Planning (BCP), jurisdiction of
data storage and legal issues are all risks to be managed if one decides to opt for cloud.
Timbrell: What technology innovations and trends do you feel are shaping the future of banking in
India?
Ratolikar: Technology innovations in the banking industry started in India almost eight years back in the
form of core banking. I feel the following services will shape the future of banking in India:
• Internet banking (in use since 2000 but growing rapidly with innovation)
• Mobile banking
• KIOSK banking
• Integration of the ATM networks of all banks
• Financial inclusion using smart cards for rural masses (door step banking)
• Single view of the customer using business intelligence
Timbrell: Global consultancy firm Boston Consulting Group (BCG) recently predicted mobile banking
and payments transactions in India would reach US$350 billion by 2015. From a security perspective,
how are you preparing for this surge in uptake of banking using handheld devices?
Ratolikar: Today we have more mobile handsets than bank accounts in India. So the penetration of
mobile phones is definitely being leveraged to provide banking services. But like any innovation brings
with it some risks, mobile / handheld systems are no exception.
We have to address the risks arising from such “consumerised devices,” using a standard framework of
People, Processes and Technology. We are educating users continuously via our Intranet Portal,
conducting ‘Security Weeks’, engaging on policy compliance etc.
A centralised access management system is being deployed to see that all connections to our
applications via these handheld devices are identified, authenticated and then authorised. Digital Rights
Management and data leakage prevention solutions are also being evaluated to prevent data leakage
via these devices and other end points.
To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
4. Timbrell: Phishing and vishing attacks are on the increase across the region. How is Bank of India
dealing with this increased threat?
Ratolikar: Although there is no one-size-fits-all solution to tackle phishing and vishing, one of the most
effective ways is deploying a ‘Two Factor Authentication’ solution. We deployed the 2FA solution two
years ago and are happy to witness near-zero incidents. In addition to this technological solution,
creating awareness among users about these attacks is extremely important. We are promoting
awareness via radio channels, newspapers, periodical SMSes etc.
Timbrell: Does Bank of India currently deploy Information Loss Protection (ILP) capability and how do
you protect from leakage of sensitive data?
Ratolikar: Information Loss Prevention capabilities and strategies start with education and framing the
right policies focusing on the impact of data loss, regulatory concerns, legal acts etc. We have done all
these things. Now our focus is on a technological solution in the form of rights management and Data
Loss Prevention (DLP). We have started deploying Information Rights Management in the Bank. Once
this project is over, we will look for the right solution to achieve comprehensive DLP.
Timbrell: How far ahead do you plan your IT security strategy; and why?
Ratolikar: It would be difficult to name the exact time frame for planning IT strategy. Our IT strategy is
influenced by the outcome of regular risk assessment exercises on our information assets. We conduct
the exercises and based on those results define and amend the strategy.
Our IT security strategy is always aligned with People, Processes & Technology and mapped to
Confidentiality, Integrity and Availability of Data. Similarly, whenever any new projects are rolled out to
customers, they have to go through our risk assessment exercise.
Timbrell: What skill set do you seek out in prospective team members?
Ratolikar: I seek team mates with the right attitude to learning, good analytical skills, clarity of thought
and an appetite and interest in security.
Timbrell: When your time as a technology leader draws to a close, what would you wish to be
remembered for?
Ratolikar: A CIO with leadership and motivational qualities and a great risk manager who transformed IT
from a cost centre to a profit centre.
To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
5. Dharmaraj Ramakrishnan
Head of Core Banking Unit
ING Vysya Bank
McDonald: What are your top IT priorities for the next 12 to 18 months?
Ramakrishnan: The top priorities for us over the next 12 to 18 months – from a technology point of view
– are increasing the use of server virtualisation, data architecture, data analysis, financial inclusion and
core banking upgrades.
McDonald: ING Vysya has recently stated it now has the fastest electronics payments processor in the
country. How critical is continued investment in National Electronic Fund Transfer (NEFT) and Real-
Time Gross Settlement (RTGS) technologies to drive future growth?
Ramakrishnan: India is experiencing a large shift in how payments are sent, as electronic payment
networks gain a strong foothold in the country. The benefits of wire-transfer are speed, safety and
superior customer service.
If you look at paper payment instruments – cheques, demand drafts and cash – these have existed in
India since the 19th century. As recently as 2003, 86 per cent of all non-cash payments in India were still
made through the use of paper instruments, with electronic payments only just beginning to take off.
Since then, electronic payments have grown by at least 60 per cent year-on-year, and by mid-2009
electronic payments represented 33 per cent in volume and 62 per cent in value of all payments made in
India. There has been a five per cent decline in cheque clearing during 2008-2009 financial year
compared to the 2007-2008 financial year. Looking at these statistics, there’s enough opportunity for
banks to move from paper to electronic. I am sure that NEFT and RTGS will gain momentum and that’s
the way forward for a faster turn-around.
To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
6. The Reserve Bank of India (Central Bank)’s efforts to make the RTGS and NEFT processes as common as
cheques are today, are paying off. Increasingly, banks are offering their customers innovative payment
services that are faster, cheaper and safer for all concerned. To realise the cost and efficiency benefits
from shifting to electronic payments, it is imperative to develop a comprehensive Paper-to-Electronic
(P2E) change management solution.
At ING Vysya, we have done system re-architecture and automation as part of our Payments Programme.
This includes automated payee name validation for all inward processes. Payment processors are the
most sensitive areas of operations and we designed fail-safe systems that worked flawlessly from day
one. The fuzzy logic built in for payee name validation has to be suitable for Indian names and
conditions. Since payee name validation was at the heart of Straight-Through-Processing (STP) we had to
get this absolutely right and we have done.
McDonald: What key challenges are currently facing ING Vysya’s Core Banking Unit and what
strategies are in place to address these?
Ramakrishnan: We are reasonably satisfied with our core banking system. We are nevertheless going in
for an upgraded version to reap the benefits of true Service Oriented Architecture (SOA)
implementation, easier maintainability and faster time to market. We are also working on real time
replication of data for our analytical needs, and towards true 24/7 availability.
McDonald: Given the pace of growth in India’s banking industry, what adaptive and flexible systems
are you putting in place to manage the market’s expanding customer base?
Ramakrishnan: Our focus is continuously on providing a world class solution to our customers. If you
look at our RTGS & NEFT processing, we are the fastest electronic payment processor in the country. In
fact, we have developed the RTGS and NEFT processing functionality within the core banking system.
We have also introduced online trading by integrating with a third party solution a real-time mode that
makes Application Programming Interface (API) calls between core banking and the trading engine using
Enterprise Service Bus (ESB) as a middleware. We went live with this project in a record time of 30 days.
This clearly shows that our time-to-market is pretty good from a technology point of view.
Our philosophy is every customer of ours should have an enjoyable experience – making the bank “Easy
to Deal With,” as ING’s motto goes.
To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
7. McDonald: To what extent is ING Vysya considering moving software, storage and infrastructure to
the cloud in order to keep up with India’s economic expansion?
Ramakrishnan: No to public cloud. While scepticism prevails around the adoption of public cloud, due
primarily to data security concerns, private cloud adoption seems to be making traction. If we watch
carefully, virtualisation and Software-as-a-Service (SaaS) are the underlying elements of cloud
computing. There has been prominent adoption of former, but not the latter in the banking segment.
In India, co-operative banks, as well as a few scheduled banks, have been using hosted services for a
long time now, which is very similar to private could. In private cloud, virtualisation is the key element
and banks have been adopting this for quite some time. At ING Vysya we have virtualised our
production systems and we are heading towards a private cloud. Virtualisation has yielded significant
benefits in our IT organisation, in particular, it has allowed us to provide scalable infrastructure.
McDonald: What do you foresee as the next ‘big thing’ in banking innovation?
Ramakrishnan: Traditional banking models cover just under half of India’s population. The next material
innovation in the Indian context (and indeed in the context of all developing economy countries) would
be to build banking models and delivery mechanisms that extend banking services to the unbanked. We
believe that the key driver will be India’s ambitious Aadhaar project by the Unique Identification
Authority of India (UIDAI), which seeks to provide biometric-based enrolment and authentication
services to all Indian residents. Which, at 1.3 billion people, would be the most audacious and path
breaking innovation in centralised identity enrolment and authentication attempted, ever.
McDonald: Core banking modernisation is often associated with the highly expensive task of
overhauling legacy systems. In your experience, what is the most promising and cost effective
technology aiding IT core modernisation?
Ramakrishnan: Progressive modernisation is the right way to go. Key steps we follow are: identifying the
legacy systems which are to be replaced; doing a cost benefit analysis and justifying the capital
investment; and finally ensuring deployment of new systems are aligned with business priorities – this
will help in achieving a faster ROI.
To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.
8. McDonald: India’s population is rapidly embracing mobile and online banking technology. How is ING
Vysya adapting to this emerging trend; and is the Bank moving toward an increasingly branchless
banking model?
Ramakrishnan: We are one of the early movers in mobile banking implementation. We implemented
our mobile banking solution in 2008 and have now reached a stage of platform renewal. We have a
three pronged approach to mobile banking: SMS based banking at the base; third-party applications and
mobile malls for the mass market; and an exclusive platform for high end mobile and tablet platforms,
which is under development.
We have had a comprehensive internet banking channel (“Mibank”) for a long time, and have very
recently added an exclusive business banking and corporate banking channel called ING Converge,
which has gained excellent traction in the marketplace.
McDonald: Every IT leader, particularly at your level, has a legacy they wish to be remembered for.
What is yours?
Ramakrishnan: I would like to be remembered as a person who drives transformation.
To speak with and learn from Sameer and Dharmaraj in person, click here to attend Banking Tech Summit India in
November 2011 in Mumbai.