The aim of this work is to appreciate the role and importance of the information technology in the growth and development of various business ventures, particularly those related to banking and insurance. The challenges which were posed by the traditional law breakers and offenders have taken precarious dimensions due to the growth of information technology, which if not tackled properly may result even in the closure of a profit making venture. Thus, the threats of hacking, data theft, computer viruses, etc should not be taken lightly by the banking and insurance sectors.  

Introduction

The information technology is a double edge sword, which can be used for destructive as well as constructive work. Thus, the fate of many ventures depends upon the benign or vice intentions, as the case may be, of the person dealing with and using the technology. For instance, a malicious intention forwarded in the form of hacking, data theft, virus attack, etc can bring only destructive results unless and until these methods have been used for checking the authenticity, safety and security of the technological device which has been primarily relied upon and trusted for providing the security to a particular organisation. For instance, the creator of the “Sasser worm” has been hired as a “security software programmer” by a German firm, so that he can make firewalls, which will stop suspected files from entering computer systems[1]. Thus, whether productive or destructive, the banking and the insurance sectors have to consider and adopt the mandates of information technology. This precautionary mandate is made absolute by various legal requirements, which requires the mandatory adoption of security measures by various organisations before they can exploit the benefits of information technology. For instance, if a banking company wishes to use the facilities of “internet banking” then it has to comply with various administrative and legal requirements as prescribed by the Reserve Bank of India (R.B.I). Thus, for an efficient and profitable business, the banking and insurance sectors are required to adopt and comply with the technological and legal requirements.

Importance of information technology

 The importance of information technology cannot be ignored by banking and insurance sectors, except at the cost of elimination from the competition. This is so because the use of information technology produces certain advantages, which are not available when the traditional and conventional methods of doing business are used. The use of information technology generates the following advantages to the banking and insurance sectors[2]:

(1) easy handling of day to day affairs of an organisation,

(2) speedy disposal of routine and daily works,

(3) assurance of authenticity, integrity and confidentiality in the functioning of the organisation,

(4) cost economy,

(5) integration and interaction with the global institutions and organisations,

(6) better communication and presentation facilities,

(7) assurance of safety and sound security of the sensitive and valuable information, like trade secrets,

(8) instant transfer of data and information where the situation demands so,

(9) it provides access to public documents which are digitalized by various department s of the Government,

(10) for making online payments of various bills and dues,

(11) to file statutory documents online[3], etc.

            These benefits of information technology can be claimed by all business ventures, including banking and insurance sectors, but some advantages are peculiar to banking and insurance sectors only hence their discussion in detail is necessary. The discussion can be grouped under the following headings:

(a) Advantages to Banking business, and

(b) Advantages to Insurance business.

(A) Advantages to Banking business:

 The benefits and advantages of information technology for the smooth and efficient functioning of the banking business cannot be disregarded and sidelined. This is more so when a bank proposes to deal in “Internet banking[4]”, which is an important offshoot of information technology. Its proper and methodical use can bring the following advantages[5]:

(1) Sound Payment System: The first advantage originating from the use of technological advances relates to the Payment systems, which form the lifeline of any banking system. The payments in India are largely cash based although there are non-cash based payments as well. The usage of electronic means of funds movement and settlement is still in its stages of formative years. The various forms of electronic based payment, such as credit cards, Automated Teller Machines (ATMs), Stored Value cards, Shared Payment Network Service (SPNS) etc, are emerging at an incredible speed. Many banks have made initiatives aimed at electronic modes of funds movement. While this is a positive development, it needs to be ensured that such funds transfers are made in a high level of security so that no unauthorised usage occurs in the newer modes being implemented by banks. It is this area, which has been the focus of attention by the Reserve Bank – and the efforts have now resulted in the form of the Structured Financial Messaging Solution (SFMS). The SFMS incorporates adequate security measures, including that of Public Key Infrastructure (PKI), with encryption software equivalent to some of the best security measure in the world. The use of the SFMS over the INFINET would automatically provide safe, secure and efficient funds transfers with the added benefit of the settlement of inter-bank funds transfers taking place in the books of account of banks, maintained with the Reserve Bank, thereby providing for finality of the settlement. Further, the message formats used in SFMS are very similar to those used by SWIFT, resulting in ease of usage by the banking community in the country. This secure messaging backbone can be used for a number of intra-bank applications also.

  (2) Sound Financial System: The information technology revolution has significantly benefited the financial system. In particular, there are four key areas in which the financial system has experienced the benefits of the technology revolution: product development, market infrastructure, risk control and market reach. In the process, technology has changed the contours of three major functions of financial intermediaries: access to liquidity, transformation of assets and monitoring of risks. The Indian financial system is adapting itself to these developments and is acquiring a customer-centric focus. The proliferation of Automated Teller Machines (ATMs), networking of these ATMs and Shared Payment Network based ATMs have been features which have been welcomed by the banking public. Other innovations already within the domain of banks and financial systems in India include Internet Banking, Electronic Funds Transfer and 'Anywhere/ Anytime Banking', all of which have a high level of technology embedded in the systems offering these services. In recent years, the Reserve Bank has assigned priority to upgrading the technological infrastructure of the Indian financial system. Efforts have been made to modernise clearing and payment through Magnetic Ink Character Recognition (MICR) based cheque clearing, Electronic Clearing Services and Electronic Funds Transfer (ECS and EFT) and the Centralised Funds Management System (CFMS).

 (3) Effective Regulation and Supervision:  The information technology has a great potential of effective regulation and supervision of various financial institutions and banks. With fast growth in technology and the increasing complexities of technology motivated developments in the financial markets, the regulated are more pro-active than the regulators on modernization of products and services, especially in countries like ours where there are multiple regulators and central banks face a growing task in drawing abreast and equipping themselves with an range of tools to deal with the regulatory implications of a technology induced fast changing financial world. These developments necessitate a qualitative change and fine tuning in the relationship between the regulator and the regulated. The technology has brought alterations to decades old attitude and practices, in a more effective, economical and competitive manner. 

(4) Effective Currency Management: The impact of technology on the issuances of Bank Notes and Currency Management by Central bank is apparent. The technology offers us immense opportunities to significantly improve our performance of this core function. Given the high value and volume of currency in circulation, the vast geographic spread of currency operations, the largest distribution channel for the supply of currency, prevalent marked preference for cash and currency handling practices, currency management in India is a challenging and strenuous task. In 1999, the Reserve Bank of India announced a “Clean Note Policy” to bring about improvements of the quality of notes in circulation and technology has played an indispensable role in enabling the Bank to provide better quality notes to the general public. The information technology makes the task of currency management easy, effective, economical and speedier.

 (5) Monetary and Financial Stability: One of the critical activities undertaken by Central bank to ensure monetary and financial stability is to provide the banking sector with finality of settlement. The payment and settlement systems are the conduits through which monetary policy measures are transmitted to the financial and then the real economy. The information technology revolution has given rise to an extraordinary increase in financial activity across the globe. The progress of technology and the development of worldwide networks have significantly reduced the cost of global funds transfer. The technology has, in fact, placed at the disposal of Central bank a desirable selection of instruments to manage and eliminate risks in payment and settlement systems. Electronic trading platforms have reduced the gap between trade finalisation and trade reporting and settlement and in the process have significantly reduced risks arising from the trading and settlement process. The Real Time Gross Settlement Systems (RTGS Systems) have been the preferred mode of settlement for large value funds transfers by central banks globally to minimise settlement and systemic risk. The RTGS systems would not have been possible without the network and information system capabilities to transmit payment messages to the settlement agency and process funds transfer instructions in real time. Delivery versus payment systems to reduce credit risks is securities settlement systems also owe their origin to the technological capability to harmonise positions in settlement banks and depositories in real time. The triumph of Information Technology has perhaps been the introduction of Continuous Linked Settlement, which ensures payment versus payment settlement of very large value foreign exchange transactions thus completely eliminating the risks in cross border transactions[6].

 (6) Judicial recognition: The advent of information technology has changed the mode of working of almost all the spheres of the life. The justice delivery system has also been benefited by this technological revolution. It must be noted that one of the cardinal rule of interpretation is that the Parliament intends the Courts to apply an ongoing Act a construction that continuously updates its wordings to allow for changes since the Act was initially framed. An enactment of the former days is thus to be read today, in the light of the dynamic processing received over the years. This valuable and golden rule of interpretation has been properly appreciated and adequately applied by the Indian judiciary in the context of e-banking perspective. In M/S SIL Import, USA v M/S Exim Aides Silk Exporters[7] the words “notice in writing”, in Section 138 of the Negotiable Instruments Act, were construed to include a notice by fax. The Supreme Court observed: “A notice envisaged u/s 138 can be sent by fax. Nowhere is it said that such notice must be sent by registered post or that it should be dispatched through a messenger. Chapter XVII of the Act, containing sections 138 to 142 was inserted in the Act as per Banking Public Financial Institution and Negotiable Instruments Laws (Amendment) Act, 1988.Technologiacl advancements like Fax, Internet, E-mail, etc were on swift progress even before the Bill for the Amendment Act was discussed by the Parliament. When the legislature contemplated that notice in writing should be given to the drawer of the cheque, the legislature must be presumed to have been aware of the modern devices and equipments already in vogue and also in store for future. If the court were to interpret the words “giving notice in writing” in the section as restricted to the customary mode of sending notice through postal service or even by personal delivery, the interpretative process will fail to cope up with the change of time. So if the notice envisaged in clause (b) of the proviso to section 138 was transmitted by Fax, it would be compliance with the legal requirement”[8].  

(B) Advantages to Insurance business: 

The benefits of information technology, which should be availed of by the insurance sector, are numerous[9]. In fact, the “misuse” of information technology by others may provide a broad insurance base to an insurance company. For instance, it is generally believed that “Cyber terrorism[10]” is going to create the second largest problem after the real war and the third World War would be fought in cyberspace only. The misuse of computers can produce catastrophic results for any big organisation and has the tendency of bringing a flourishing business to a sudden halt. This is happening all over the world in the form of “virus attacks”, “hacking of computers”, “data thefts”, etc against which insurance has been taken by various organisations. Further, with the advent of information technology, violation of various “Intellectual Property Rights” (I.P.Rs) like trade marks, copyright, patents, etc has become much easier and needs the insurance protection. Thus, new areas and prospects of insurance are emerging, which need a sound computerized base by an insurance company. The insurance companies must keep pace with the changing times and should not hesitate in encashing these new opportunities of insurance business.

 Challenges before Banking and Insurance Sectors

 The benefits of information technology can be reaped by Banking and Insurance sectors only if certain challenges posed by the technology and the Municipal and International legal systems are adequately tackles and duly complied with.

(A) Challenges before the Banking Sector:

 The information technology in itself is not a panacea and it has to be effectively utilized. The concept of Internet banking cannot work unless and until we have a centralised body or institution, which can formulate guidelines, regulate, and monitor effectively the functioning of Internet banking. The most important requirement for the successful working of Internet banking is the adoption of the best security methods. This presupposes the existence of a uniform and the best available technological devices and methods to protect electronic banking transactions. In order for computerisation to take care of the emerging needs, the recommendations of the Committee on Technology Up gradation in the Banking Sector (1999) may be considered. These are:

(1) Need for standardisation of hardware, operating systems, system software, and application software to facilitate interconnectivity of systems across branches

(2) Need for high levels of security

(3) Communication and networking – use of networks which would facilitate centralised databases and distributed processing

(4) Need for a technology plan with periodical up gradation

(5) Need for business process re-engineering

(6) Need to address the issue of human relations in a computerised environment

(7) Need for sharing of technology experiences

(8) Need of Payment systems which use information technology tools.

The Reserve Bank of India constituted a “Working Group on Internet Banking” which focused on three major areas of I-banking, i.e., (i) technology and security issues, (ii) legal issues and (iii) regulatory and supervisory issues. These areas are selected in such a manner that the problems faced by banks and their customers can be minimized to the maximum possible extent. The Group recommended certain guidelines for the smooth and proper working of Internet banking. These centralised guidelines would bring uniformity in the selection and adoption of security measures, with special emphasis on a uniform procedure. The security of Internet banking transactions would not be jeoparadised if these security mechanisms are adopted. This is because the success of Internet banking ultimately depends upon a uniform, secure and safe technological base, with the most advanced features. The RBI has accepted the recommendations of the Group, to be implemented in a phased manner. The RBI has issued[11] certain guidelines through a Circular for implementation by banks in this regard.

Internet banking and the Information Technology Act, 2000

The Internet banking cannot operate properly unless it is in conformity with the Information Technology Act. 2000 (hereinafter referred to as Act). A holistic approach should be adopted, the purpose of which should be to bring uniformity and harmony between the provisions of the Act on the one hand and the guidelines issued by the RBI on the other. It must be appreciated that in case of conflict between the provisions of the Act and the guidelines, the former would prevail. The following provisions of the Act have a direct bearing on the functioning of Internet banking in India:

(1) The authentication of electronic records for the purposes of Internet banking should be in accordance with the provisions of the Act[12],

(2) The electronic records duly maintained for the purposes of Internet banking would be recognized as legally valid and admissible[13],

(3) The digital signature affixed in a proper manner would satisfy the requirement of signing of a document for the purposes of Internet banking[14],

(4) Any kind of paper work, which is required to be filed in the government offices or its agencies, would be deemed to be duly filed if it is filed in the prescribed electronic form[15]. Thus the paper formalities can be effectively substituted with electronic filings for Internet banking purposes,

(5) The banking business requires certain documents or records to be retained for a fixed period. In Internet banking such documents or records can be retained in an electronic form[16],

(6) The rules, regulations, order, bye-law, notification or any other matter pertaining to Internet banking can be published in the Official Gazette or Electronic Gazette, as the case may be[17],

(7) The Internet banking presupposes the existence of attribution and certainty. If any electronic record is sent by the originator himself, by his agent, or by an information system programmed by or on behalf of the originator to operate automatically, then the electronic shall be attributed to the originator[18],

(8) The requirement of acknowledgement of documents sent for the purposes of Internet banking is adequately safeguarded by the Act[19],

(9) The Internet banking may require to determine the time and place of dispatch and receipt of electronic records. This problem can be easily solved by applying the provisions of the Act[20],

(10) The Internet banking would require the secured electronic records for its proper working. Where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification[21],

(11) A digital signature meeting the specified requirements would be deemed to be a secured digital signature for carrying out Internet banking transactions[22],

(12) The Central Government has the power to prescribe the security procedures to give effect to the provisions of the Act, having regard to the commercial circumstances prevailing at the time when the procedure was used[23]. Thus, the Central Government can specify safety measures and security procedures for Internet banking under the provisions of the Act.

(13) The Controller of Certifying Authorities (CCA) can issues licences to the Certification Authority under the IT Act, 2000[24]. The Certifying Authority is assisted by the Registration Authority, which is created at the level of the organisations subscribing to the services of the Certifying Authority .The Reserve Bank would function as a Registration Authority (RA) for the proper functioning of Internet banking.

Thus, the information Technology Act, 2000 has laid down the basic legal framework conducive to the Internet banking in India. In case of any doubt or legal problem, the provisions of the Act can be safely relied upon. It must be noted that the object of the Act is to facilitate e-commerce and e-governance[25], which are essential for the functioning of Internet banking in India. There may be challenges of Internet banking which cannot be tackled appropriately with the existing legal framework. To meet such challenge appropriate amendments can be made either to the Act itself or a separate new law dealing specifically with the Internet banking can be enacted.

Privacy issues

The maintaining of the privacy of the customers of the bank must be the top priority of banks engaged in internet banking because breach of privacy may have serious legal repercussions. The following privacy safeguard initiatives may be taken into consideration by the concerned person/authority while collecting information for the purposes of facilitating internet banking:

• There must be a well- defined purpose for collecting and maintaining the information concerning users of internet banking.
• Collection of data should be confined to the specified purpose.
• Information should be kept for the amount of time needed for the specified purpose.
• In the absence of consent of the user the collected data should only be utilized for the intended purpose.
• The access to private information should be confined to authorised persons only.
• Reasonable precautions should be taken to protect the information from loss, misuse, disclosure and unauthorised access.
• Procedures must be developed and implemented to enforce compliance and sanctions must be imposed on employees and agents for non-compliance.
• Enforcement mechanisms must be provided to ensure compliance with the principles when they are adopted in privacy policies or guidelines.

If these privacy safeguards are adopted, then the banks can minimize the chances of being caught in the web of disputes and litigations[26].

(B) Challenges before the Insurance Sector:

 The challenges posed by the information technology before the banking sector is equally and with necessary modifications apply to insurance sector as well. Thus, all the technological and legal requirements, as mentioned above, can automatically be adopted by the insurance sector with suitable modifications peculiar to the insurance business, so that the prospective “Cyber Insurance Business[27]” can be adopted in its true and most profitable perspective.

Conclusion

The business expansion scope for banking and insurance sectors is tremendous if the information technology is harassed properly, keeping in mind various technological and legal requirements. This presupposes the seeking of appropriate professional and expert advise so that a technological base conducive for profit making can be established in due course of time. A business venture, which has established a timely technological base, has the advantage of capturing the customer base, which is untouched and is waiting to be explored. Further, no arrangement is absolutely trouble free; hence early establishment of a technological base will give time to fill in the vacuum and the lacuna, which may remain despite best efforts. Every new effort and venture requires time, efforts, energy and resources to make it workable and profitable. To acquire expertise in “internet banking” and “cyber insurance business”, the top management has to adopt timely innovative legal and technological methods. Thus, it can be concluded that the sooner it is adopted, the better it will for the business ventures in general and their customers in particular.    

[27] The expression “Cyber Insurance Business” is not mentioned in any enactment or other literature and the same is use by me (the author) to simply formulate a convenient mode of expressing this phenomenon, which has yet to find a place in the Indian insurance business.

For Structured Online Courses in Cyber laws, Visit Cyber Law College.com