Raghuram Rajan exits.. Media starts its games once again.

The media including the otherwise respected Economic Times and CNBC TV  all predicted dooms day for Indian economy if Rajan is not given a second term. It was funny to observe that even Mr Narayana Murthy of Infosys made a suggestion that Rajan deserves not one renewal but two at one go.

Now that Mr Rajan has decided to call it quits, all these people should accept that  their attempt to manipulate the process of appointment of an RBI Governor which is the prerogative of the current Government has not been successful and keep quiet.

All said and done, Mr Rajan was a personal choice of the previous Finance Minister Mr Chidambaram who is a tainted with issues such as  the Ishrat Jehan files involving National Security issues  and that should be sufficient to cause distrust of Mr Rajan by neutral observers.

Mr Rajan did not do enough to present himself as a person who is not pro-Congress during his tenure. The support he received from Congress in the last month and receiving till today is sufficient to vindicate the belief that Congress had a vested interest in his continuation and it was therefore a political decision to continue him or not.

The media which thinks it can influence every Government decision has now started its game once again by projecting Ms Arundhati Bhattacharya, the current SBI Chair person to the post of the RBI Governor. Media would love to have the “First Female Governor of RBI” as if it is a special qualification for a person to be female. This criteria is insulting even to Ms Arundhati and should never be advanced.

I however, consider the attempt of the media to project Ms Arundhati as faulty for a different reason.

We must understand that she is now the head of the biggest Commercial Bank in India and if there is any problem with the Banking industry including NPAs and Frauds, the biggest share of the same is with SBI.

The role of RBI Governor is one of the “Regulator” of Banks and therefore it is completely illogical that the current Chair person of one of the commercial Banks is made the regulator.

It is highly objectionable in principle and should be avoided at all costs.

Even if she is otherwise eligible for the responsibility, it can be considered only after a cooling off period of upto 3 years after she demits the current office.  Otherwise there would be a serious conflict of interest in her role.

Further, in Personnel Management, we all know the problem of “Role Fixation” that arises in a person when he is elevated to a higher position in the hierarchy. An SBI Chairperson will remain an SBI Chairperson mentally,  for some time even if she is made the RBI Governor and immediate switch over is not advisable from managerial principles.

Further, it should be understood that the RBI Governor’s position is that of a “Regulator”. One of the problems with Raghuram Rajan was that he had a “Role Fix” as an “Economist” and was weak in discharging his other functions as a “Regulator”. It is for this reason that on issues of security, fraud management etc, his contribution appeared wanting.

Any person who has watched the E Banking and Credit Card scenario in India will recognize that SBI was one of the problem Banks. It was operating its credit card operations through an outsource partners and fraud attempts and phishing was most rampant in SBI cards. There have been many E-Banking frauds indicating a weak information security position in SBI though its past image has endured in giving a picture of a sound Bank.

The recent incident where SBI was caught transferring Rs 720 crores in Cash (as claimed by them in certain press reports) in Tamil Nadu during elections cast a doubt on the integrity of SBI just as the old Nagarwala Case had proved how SBI was acting as a private Banker of Indira Gandhi. Ms Arundhati owes an explanation to the country on this incident which she is yet to come up with.

I wish Mr Subramanya Swamy raises this question in the Parliament.

There is no doubt that ex-Bankers like us hold SBI with lot of respect for their systems and procedures as well as their manpower training systems. However, in the generation of E-Banking, the same efficiency does not seem to have been carried through. Now that SBI will be saddled with the “Subsidiary Merger Issues”, there will be chaos in the Bank in the next three years and it would be best if Ms Arundhati is left to handle the challenges of merger rather than be moved out.

If Ms Arundhati is made the RBI Governor, I see the possibility that many of the frauds in SBI will be suppressed and there will be a greater mess to deal with on a later date. Even issues such as the Vijay Mallya issue will become complicated if the SBI Chair person becomes the referee.

I therefore request media to stop speculations and supporting any one person for the job of the RBI Governor. Let this be handled professionally. More the media tries to support a person, it will be seen as a PR exercise and there will be many who will oppose. This is not good even for the incumbent candidate.

If Ms Arundhati is intelligent, she should immediately issue a statement that she would not like to be considered for the post at this point of time. This will prevent further embarrassment to her.

My personal view is that  the RBI Governor’s position is best managed by one of the current Deputy Governors, the best of whom can be elevated. We donot need a Noble Laureate and an economist  but a hard nosed regulator to manage RBI. Then the Governor will focus on Bank regulation rather than poking his nose into the Financial Minister’s work.

Certainly it is wrong to think of  current Chair persons of SBI or ICICI Bank or Axis Bank for the post even if they have been efficient in their past assignments and they all would create history of being the First Female RBI Governor of India, if it is a desirable thing. If such a decision is taken, remember “Peter’s Principle” and pray for the welfare of the  Indian Banking Customer.


Also Read Old articles on NBFC policy issues (These are 1998 articles and to be seen in that context)


Share Button
Print Friendly

Lessons from China to Indian Bankers and RBI

China Banking Regulations Commission (CBRC) has notified guidelines to the Banking industry to use “Secure and Controllable Technology” to strengthen the Internet based Banking system. This guideline has the potential to bring significant changes to the IT industry in China and also the vendors from outside China.

According to the guideline it would be mandatory for Banks in China to use “Secure and Controllable IT Products at a minimum rate of 15% increase each year and to reach 75%  by 2019. The criteria for determining the status of a product as  “Secure and Controllable” have been detailed in the guideline and includes the following.

1. IT Vendors are required to establish own R&D service cetners in China

2. Source code should be filed with CBRC

3. Risk of Product supply chain should be controllable. (i.o.w. there could be a need for more local production in the entire supply chain)

4.The IP rights in respect of certain products could be subordinated to the local requirements. (i.o.w. provisions similar to compulsory licensing may be used)

As a result of these regulations, it would be necessary for the following:

1.Supplier/Service Contracts will have to incorporate necessary compliance clauses.

2. Banks will have to deploy 5% of their R&D budget on deployment of Secure and Controllable IT products

3. Banks need to subject themselves to an annual audit by CBRC  to determine compliance.

As a result of these changes, Indian IT companies having operations in China with exposure to Banking industry need to be prepared for a compliance related modification of their business contracts.  If they fail to adapt, the supply contracts may be terminated.

I think RBI needs to pick up a few lessons from these guidelines since they have mindlessly allowed domination of Chinese products in the Indian Banking industry exposing the country to a great disadvantage in the event of a Cyber War. Banks should also understand that there is national interest beyond the need to increase their bottom line.

 We remember that during the UPA regime, a Security Certification Center was established under the guidance of IISC Bangalore to test IT products from China in particular which were suspected to have OEM-back doors, but was actually sponsored by Huawaei !

I hope the National Cyber Security team in India takes note of these developments and initiate appropriate actions.


China Banking IT Regulation Tightened Up

China Issues new CBRC guidelines

CBRC issues clarifications

CBRC makes life difficult for MNC vendors


Share Button
Print Friendly

Will Axis Bank Explain?

Naavi.org recently was informed of a bizarre instance involving Axis bank and ATM transactions. This incident is a matter of serious concern to all Axis Bank customers and hence we would like to bring this to the notice of all including Reserve Bank of India.

I am reproducing verbatim a comment posted by one Mr Sharad Updhyay about his experience in an ATM in Gurgaon for one of our earlier articles titled “Axis Bank ATM license should be cancelled by RBI

“Recently I tried withdrawing Rs. 2000 using my IDBI Debit card from an AXIS BANK ATM based at Sahara Mall, Gurgaon. The ATM asked me if I want a receipt for the transaction. I opted yes, the transaction was automatically aborted. Wondering what happened to the ATM, I tried again and again (with option “Yes” for transaction receipt) – a total of 5 times, but encountered the same problem everytime.

Meanwhile I noticed that another person who opted “No” for printed receipt was able to withdraw money from the same machine. I followed him – went ahead for withdrawal without transaction receipt, and this time machine dispensed the desired amount i.e. Rs. 2000.

Next day I noticed that my IDBI account was debited twice: first for a sum of Rs. 10000, and once again for Rs. 2000 (which I actually withdrew there). I was wondering what made the ATM cause a debit of Rs. 10000 in a single go – while I never entered this amount at ATM console.

I raised an official complaint with my bank (IDBI), and they escalated the case on my behalf with Axis Bank, however, Axis Bank rejected my claim – stating that their ATM balancing reports, switch files, and other transaction logs show that Rs. 10000 transaction was carried out successfully, and they do not owe me anything.

At this stage my bank i.e. IDBI has been helpless, and I’m just wondering whom to report this fraudster in order to get my money back. It appears that something fishy is going on there in Axis Bank ATMs with help of CMS (the agency which replenishes cash in ATMs) and the Axis Bank staff itself. How is it possible that there was no surplus sum recovered from ATM for my failed transactions, and how is it possible that an ATM automatically converts 5 subsequent transactions of Rs. 2000 each in to a single transaction of Rs. 10000?

Please let me know what can be done in this case, and how can I get my money back. Also, isn’t there any authority to punish the bank owning such malicious ATMs and ripping off the customers like this?”

First comment I would like to make on this incident is that there is apparent fraudulent mis-management by Axis Bank. It is clear that the ATM has been deliberately tweaked to ensure that fraudulent transactions donot come to the notice of the customer when he is withdrawing the amount.

The responsibility for this fraud lies squarely on the management of Axis Bank all the way up to the Chair person.

The reported incident is a report of possible hacking of a critical computer resource belonging to the Banking system. It represents a cognizable offence under ITA 2008. Mumbai police who closely monitor even facebook “likes”  and go the extent of arresting persons, must be considered as being aware of the occurrence of this crime. They should therefore take suomotu action and register a Cyber  Crime under Section 66 of ITA 2008 making unknown Axis Bank employees as suspects. It should also investigate “Negligence” from Axis bank ATM division and the Chair person for not taking adequate information security measures to protect the ATM transactions.

The Reserve Bank of India at the same time initiate its own investigation and take penal action against the officials of the Bank.

Now coming back to the customer and what he can do.

1. Normally  money fraudulently debited to the account should have been reversed immediately on filing of a complaint with the Bank.

2. IDBI Bank cannot absolve itself of its responsibility since they have used Axis Bank as it’s agent and hence they are responsible for their client’s loss.

3. Customer need not go to the Banking Ombudsman since that is a sham run by RBI and most Ombudsman are biased in favour of the banks and simply reject the claim with a further proviso that you cannot appeal to RBI.

RBI is aware that the scheme is a sham and yet has not shown any interest in correcting the same. This is not a reflection on the Banking Ombudsman in Mumbai but a general reflection on the scheme and how it is run.

 If possible I advise the customer to personally meet Mr Raghuraman Rajan, the Governor of RBI and check why he is not considering himself responsible for running a secure banking system.

 4.The customer is fortunate to be in Mumbai where the IT Secretary is one Mr Rajesh Aggarwal. He is also the “Adjudicator” under ITA 2008. For any financial loss arising due to contravention of any of the provisions of ITA 2008, in Mumbai, he is the sole authority having judicial powers to conduct an enquiry and award a compensation.

I advise the customer to make an adjudication complaint to him immediately. If he remains in office for some more time, he will definitely give him justice.

However, since Maharashtra is likely to have a change of Government soon and it is customary to shuffle secretaries if a new Government comes, it is possible that this great officer who is upholding justice under ITA 2008 like no other IT Secretary in India may be shifted out.  Hence the customer should at least get his complaint registered before any such change occurs.

5. It would also be better if a complaint is filed with the commissioner of Police, Mumbai against the officials of IDBI Bank and Axis Bank  for running a fraudulent ATM system and causing loss to you. The customer should not fall into the trap of filing the complaint against the unknown fraudster who might have drawn the money. That person will never be traced since IDBI bank is unlikely to have maintained the CCTV footage or other evidence that may be required for this purpose. Police and Banks will try to hold that only that unknown person is responsible and no body in the Bank is responsible. This is a way of driving the complaint to a dead end. For the customer it is always a transaction with the Bank and hence should hold the Bank alone responsible.

The Police complaint should also mention that RBI has been negligent in enforcing ATM security and is also responsible for pushing customers to such frauds.

If necessary, the customer may take the assistance of a Consumer activist to pursue the complaint.

It may appear that  the money lost may not be substantial and hence may not be worthy of the trouble of complaining. It is this attitude of most of us that emboldens criminals to resort to this type of small ticket frauds which we refer to as “Salami” attacks. It is our duty to bring this to public knowledge and wake up regulators like RBI to remind them of their responsibilities.

In the meantime, I demand that Axis Bank makes an official statement about this incident.


Share Button
Print Friendly

Technology used to strangle Bank Customers

Reserve Bank of India is slowly losing focus on customer service aspects of Banking service. Acceding to a request from the Indian Bank’s association, RBI has imposed an ATM transaction limits of 3 withdrawals per month after which the customer would be charged Rs 20 per transaction. (Refer report)

Many of the Banks have already imposed a limit for direct withdrawals at the Bank counters and are charging fees for withdrawing cash at the counters. With the current notification customers are made to pay whether they withdraw cash at the counters or at the ATM. It appears that RBI wants customers to move back into the cash economy and withdraw all their monthly requirements in one go.

When technology was introduced in Banking, customers were promised of better services at lower costs. However over the years Banking transaction costs have only been on the increase and at a pace higher than the inflation. I would be happy if IBA releases data of “Weighted Average Banking Transactions Cost” in India and check how it has been increasing year after year say from 1980 when technology at higher levels was brought in to the system.

While the Government will start subsidizing the costs to select sections of privileged sectors for political reasons, other ordinary “Neglected Class of Bank Customers” will end up paying more than proportionate costs for the Banking services they may avail or even not avail.

Will the RBI Governor Mr Raghuraman Rajan respond?


Share Button
Print Friendly

RBI limits Customer’s Loss on Phishing

In an excellent but long awaited move, RBI has directed Banks that the liability of customers on “Phishing” loss should be limited to Rs 10000/-

See Report

The new Banking Service code of ( Banking Codes and Standard Board of India -BCSBI)  says that for any unauthorised internet banking transactions, the customer’s liability is limited to Rs 10000, irrespective of the funds moved out of the account. An unauthorised transaction is one that doesn’t have the express and implied approval of the account holder.

According to the code, “If a third party manages to get hold of the user ID or password in an unauthorised manner and any debit takes place and which he notifies the bank, the maximum loss will be Rs 10,000.”  Also, the code says that customers will not be liable for any losss due to unauthorised fund transfers taking before they receive the password for internet banking transactions.

Further, the onus will be on the banks to establish that customers have compromised the secrecy of their password.

In some instances, the liability could be lower than Rs 10,000. The new code says that in the event of any unauthorised transactions, this would be the lower of the following options: the actual loss at the time of notifying the bank; the limit set for such transactions; the balance available for withdrawal; a maximum of Rs 10,000.

For instance, if a customer has a balance of Rs 5,000 but the fraudster transfers Rs 25,000 by taking a temporary overdraft, the loss would be limited to the minimum balance of Rs 5,000 in the account.

It may be recalled that many such cases of frauds have been reported earlier at Naavi.org. The undersigned has been relentlessly following legal action against many Banks in this regard. Damodaran Committee report had also spoken about such cases.

The current guidelines come as a great relief to the Bank’s customers.

Naavi.org congratulates RBI for taking these steps.


Share Button
Print Friendly

No bank has proper Information Security Guidelines

An RTI query filed by Nagpur based NGO Cyber Awareness Organization (CAO) recently revealed that none of the banks in the country had drafted information security guidelines which are mandatory as per RBI’s guideline on electronic banking. 

Speaking to the press during his visit to Nagpur recently, Naavi said “When RBI started allowing internet banking way back in 2001, it clearly laid the responsibility of data security and educating customers about the dos and don’ts on the banks. It was also advised that all banks offering the service take cyber crime insurance. None of that has happened even today”

Details here

Share Button
Print Friendly