Bank Security: A Pandora's Box?

by Hanil Manghani & Sunil Kumar    Jun 23, 2006

While bank customers heave a collective sigh of relief - thanks to the advent of convenience banking, banks find themselves grappling with associated issues like internet-enabled crimes, identity theft and frauds, demands placed by compliance, AML implementation and many more.

Realizing the need for platforms to exchange views and expertise on such crucial aspects of banking, the Indian Banks’ Association (IBA), together with financial software provider, InfrasoftTech organized the 2nd annual conference on Enterprise and Information Security, Financial Crime and Money Laundering.

The event saw Compliance Managers, Lawyers, Security Experts, Risk Managers, Heads of IT and software vendors in attendance.

With IMF pegging the annual global volume of money laundering between $600 million and $1.8 trillion, and more than 40% of India’s GDP estimated as black money, the Prevention of Money Laundering Act (PMLA) seems to have its work cut out.

AML measures required of banks by the RBI are:

* Customer Identification Procedure - ‘Know Your Customer’ Norms
* Recognition, handling and disclosure of suspicious transactions
* Appointment of Money Laundering Reporting Officer (MLRO)
* Staff Training
* Maintenance of records
* Audit of transactions

P K. Vohra, Senior GM of ICICI Bank Ltd emphasized the need for a comprehensive security policy that ought to be modified annually. One should not sign off on exceptions or accept any transgressions. He also informed that while ICICI encountered phishing attempts from across the globe, including Estonia, Latvia and China, most had some Indian connection.

Arun Goyal, Director, FIU India emphasized the importance of report filing, including Suspicious Transaction Reporting (STR) and Cash Transaction Reporting (CTR) and related issues like the necessity of sending electronic reports in prescribed format.

Jyotsna Ayyagari, Consultant, 3i Infotech emphasized that the need of the hour was not to have an appetite for risk acceptance. Risk was not just another issue for the compliance guys but could impact us at an individual and institutional, national and global level. According to her, re-usable prepaid cards, third party payments, money transfer services and electronic transfers were some of the many challenges banks would face going forward.

Sunny John, Country Manager - Indian subcontinent, Quantum Corporation elaborated on the diversified product portfolio of Quantum and its USP for Indian customers. Problems include manageability, dust in data centers, media management and the exponential growth of data in enterprises.

K. Subramanian, Deputy Director General, Ministry of Communications & IT (Govt of India) touched on problems in the current IT Act and bringing uniformity in India in all enterprises. According to him, a uniform regulatory mechanism is needed in India

Nikhil Mhapankar, Business Manager - Software & Security, NCR Corp. India, spoke on various card frauds in the country. Elaborating on increasing sophistication in card frauds, he emphasized the importance of a security policy for enterprises. Detailing cases in India including, Sri Lankans hacking ATMs in Chennai and newer techniques of extracting PINs, he emphasized on a holistic security mechanism in place.

Tejas Lagad, Product Manager, Novell elaborated on the importance of a single sign-on mechanism for enterprises. According to Lagad, password security was a critical issue and enterprise single sign-on across a mixed environment was going to be a key trend in the future.

Considering a regulatory and audit mechanism, Lagad emphasized on the importance of CXOs to implement a security policy. Giving a detailed historical perspective, V. K. Ramani, President (IT) UTI Bank, elaborated on the need for security considering the exponential growth of data on the Internet and single workstations in the past few years. According to him, a systemic audit in his own bank had revealed the need and essence of security.

Bimal Bhavnani, Associate Director - risk management, KPMG, elaborated on the importance of a risk and regulatory mechanism to be in place in the enterprise and CTOs making security the cornerstone considering rapid changes in the offing.

Ending the day’s proceedings with a discussion on the future of banking security, Ayyagari encouraged the panelists to debate the future of banking. K. Subramanian said that amendments in the IT Act were being actively considered, given rapid technological advances, combined with lacking comprehensive security mechanisms surrounding systemic issues and the country’s geographical diversity.