Safe E Banking- Some initiatives that calls for attention

Naavi has been following the developments in the Indian Banking scenario for the last 4 decades and has closely been associated with the industry as an employee of the Banking industry as well as a consultant and critique. In the background of this experience and in the environment of growing Cyber Crime threats around us, Naavi expresses his concern that Indian Banking industry is heading for a crisis created by  hasty introduction of technology without appropriate security initiatives being put in place.

Though the GGWG (G.Gopalakrishna Working Group ) recommendations provided a comprehensive guideline to the Banks, there is still a glaring shortfall in its implementation. At the same time there is an immense pressure on the regulator to further ease the controls on Mobile Banking and expanding the services of the Banks into non-Banking areas.

In the light of these developments, Naavi places before the public and the industry some requirements which appear to be needing immediate attention.

Recently, the Governor of RBI commented that no institution other than the “Bank” should be allowed to accept deposits from the public. This was in the context of the fraud in Chit Companies in West Bengal which resulted in a loss to several investors. We may recall here that it was a move against CRB Capital in the alte 90s that  prompted RBI to take steps to introduce mandatory Credit Rating for NBFCs accepting deposits. (Refer article “Don’t Massacre the NBFCs” and other articles around that time in Naavi.org). It is nearly 15 years since this decision which killed the NBFC industry as it was known at that time and was flourishing. If we look back on this decision, it is difficult to say that the move actually helped general investors. The failure of CRB Capital was a reflection of the failure of the regulatory agency itself but the corrective action taken by RBI at that time instead of helping the investor community at large actually killed a beautiful investment option available to middle class investors in India. The investors driven out of NBFCs at that time lost more money when other honest companies closed down under the artificial pressure created by the measures taken by RBI. They also tried to find alternative places for investments and since Bank interest rates were too low, they went to mutual funds and lost more money. It is a valid debate even today if these losses are to be attributed to wrong policies on the part of RBI.

A similar situation is developing now in the Banking industry today regarding some policies associated with the promotion of Technology use in Banks. I need to record my apprehension that some of the policy initiatives require immediate retraction as they are likely to affect the future of Banking in India. If the depositors who are depositing their money with banks for an interest rate of 7.5% p.a. as against 15% p.a.they were used to during the NBFC days, are to be disillusioned again, it is not clear where they can run to?

This time it will not end up with the depositors losing their money but they will take down the Indian Bank industry with them.

There are two important threats that are looming large now in the regulatory policies. The first is the information security risks from the Mobile Banking initiatives. The second is the diversification of Banks into ancillary services such as “Insurance Marketing”.

The Banking industry is yet to present a secure banking platform for Internet Banking and we are struggling to make them adopt security measures that were first suggested way bank in 2001 by RBI. Banks instead of improving the security of their systems are trying to persuade the RBI to dilute the security requirements. This is evident in the actions initiated by Payments and Settlement department and the promotion of Mobile Banking. it appears that the resources of IDRBT is being spent more in facilitating use of mobile banking applications rather than finding vulnerabilities in the systems and finding solutions. in my opinion, “Mobile Banking” is the poison which will completely destroy the confidence and trust which customers today have on an institution called “Bank”. It is therefore necessary for RBI to call for an all India virtual seminar on Mobile vulnerabilities and invite Cyber Security Experts to participate and express their views. From the RBI side the representatives of the payments and settlement department and IDRBT should participate with an open mind and assess the risk profiles which the cyber security experts may express.

The second aspect which is changing the profile of Banking in India is the loading of ancillary responsibilities such as “Insurance Marketing” to Bankers. RBI has indicated that it is under pressure to allow multi brand marketing where one bank could market several insurance company products where as RBI is insisting that they can market only a single brand. Whether it is multi brand or a single brand, Insurance product is a financial product and is in conflict with Bank’s own business and hence there is no logic in allowing Banks to cannibalize on its own business. By allowing Banks to become insurance marketing agencies, Banks will gradually cease to be “Banks” and become “Finance Houses”.

This will mean that one the one hand RBI does not want non Banks to accept deposits, Banks themselves will become “Non Banks” in course of time. The fact that other policies of RBI such as “Disincentivisation of cheques” also are aimed at changing the traditional Banking activities, the cumulative effect will accelerate the change in the profile of Banking business in due course.

Additionally the Payments and Settlement department is thinking of new system of consumer to consumer payments through the mobile network which is again a business which is not “Banking”.

I therefore suggest that RBI should formulate a new category of Financial institution such as “E-NBFC” and provide a separate license to deal with C2C mobile payments in addition to the relatively insecure mobile banking business. The mobile banking business itself should not be a direct link to the regular bank account and should be handled in a subsidiary account similar to the way margin money account on share trading accounts are handled.

Naavi

Related Article 1:

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Bank, RBI, Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.