Naavi.org

Reserve Bank of India has revised its Vision document on Payment and Settlement Systems for 2012-2015 and issued a new document titled Vision-2018 which incorporates some important guidelines to be followed by all stake holders.

The Vision-2018 professes to revolve around the 5Cs namely

1. Coverage
2. Convenience
3. Confidence
4. Convergence and
5. Cost

The vision will focus on 4 strategic initiatives namely

1.Responsive Regulation

2.Robust infrastructure

3. Effective Supervision and

4.Customer Centricity

The Vision-2018 document reiterates the commitment of the RBI to encourage greater use of electronic payments by all sections of society so as to achieve a “Less Cash Society”.

Through the document, RBI has stated its commitment that

i. RBI, in consultation with all the Stakeholders will create a regulatory framework to promote the twin objectives of enhanced coverage with interoperability and convenience with security.

ii. Building a robust payment infrastructure will be a key objective.

iii.The document will focus on effectiveness of supervisory mechanisms, and augmenting the data reporting and fraud monitoring systems.

iv. The vision will adopt a “Customer Centric” approach to streamline the customer grievance redressal mechanism, focus on building customer awareness and education and initiate customer protection measures.

The document also says that towards achieving these objectives, new policies will be framed.

The document also provides some detailed exposition of the vision.

One of the new initiatives proposed is that Payment Gateway Service Providers and Payment Aggregators who are presently being monitored indirectly may be revised and the indication is that they may be brought under direct regulations. Further, RBI intends to introduce penalties for non adherence to its guidelines.

To strengthen the confidence in the payment systems and to minimize instances of frauds, RBI is expected to develop a framework for collection of data on frauds in consultation with the industry.

One of the areas where improvements are expected to be introduced is in the area of grievance redressal systems. RBI in collaboration with all the stakeholders is expected to undertake customer awareness through structured Electronic Bannking Awareness and Training programs.

RBI also indicates that it will encourage payment system providers (which includes NEFT and RTGS) to adopt best practices for protecting customer interest by putting in place robust fraud and risk monitoring systems. Additionally, a regulatory framework to limit the customer liability in case of unauthorized transactions would also be put in place.

The detailed vision document is available here.

While the intentions behind the vision document is welcome, RBI has always been weak in implementing its own policies and lets the Banks dictate the policies through the IBA. Let us hope that  there will be a difference this time.

Naavi

The BrExit referendum has exposed the complacency of international financial managers including India where we never had any serious discussion running into the BrExit poll on how it could affect the Indian corporate sector. Some of the Business Channels like CNBC TV discussed the likely impact of BrExit in the same tone as the Federal Rate hikes or RBI policy meetings and did not foresee the possibility of the poll going in favour of the Exit and the serious consequences that could follow.

Even yesterday the channels were taking a position that the result will be in favour of “Remain” and they were easily misled by the opinion polls and betting odds. What we saw today was therefore a disaster which was on the horizon but we could not foresee.

Most of the mutual funds who hold the money of the public must have absorbed the loss arising out of the 1000 point drop in the Sensex today in the early morning bloodbath. This could have a huge adverse impact on ordinary investors who trusted the expertise of the fund managers. It would be interesting if some body researches on the impact of BrExit on the mutual funds and how different fund managers managed the crisis.

In the later part of the day,  markets recovered slightly but there is no guarantee that on Monday the recovery will continue or we will see another drop.

One of the developments that may create a further drop on Monday could be the effect of the BrExit virus spreading to other countries in the EU and Germany, France, Austria, Denmark and other members calling for their own referendum to quit EU. Additionally, the possibility of Scotland trying to go out of Britain is another development that could  cause more concern.

From the look of it, the 4% difference in voting in favour of “leave” when 30% of voters did not vote, can cause a USSR kind of break up of the EU and cause multiple fissures of the Union in the next couple of years.

While we may not like such a fissure that appears illogical from the perspective of “Strength in Unity”, the possibility appears very high.

Just as we failed to analyze the probability of “Leave” voting in BrExit, we cannot afford to overlook the probability of EU breaking up into its several erstwhile independent countries. This is a “Risk” that needs to be identified, analyzed and mitigated.

Just as in Information Security management, where we often fail to identify “Risks”, and fall prey to a “Known Risk”, there is a possibility that we may underestimate or ignore the risk of EU break up and this could create another crisis on another day.

The BrExit was like a “Zero Day” risk which we failed to recognize but we cannot afford to do the same next time when Denmark or another country goes on a referendum.

I therefore urge RBI and SEBI to start planning for “EU Break up” and develop strategies to contain the risks.

Before the BrExit, I would have liked an “Advisory” from RBI that in the event of a BrExit “leave” vote, the British Pound would drop 8-10%, and any open position should be avoided. Similarly,  if SEBI could have announced closure of stock exchange today, probably the risk could have been contained.

However, neither RBI nor  SEBI anticipated the possibility and hence did not take any corrective action. Next time when such events occur, RBI and SEBI should be more pro-active and just as meteorology department broadcasts advisories for fishermen in times of expected weather disturbances, they should provide advisories on known events that could cause extreme volatility of the markets.

I must however appreciate some individual investment advisors who kept reminding that “There is No Trade on such uncertainties” though it might not have been taken note of by many.

Now we are at the fag end of June. The listed companies will be coming up with their quarterly results in the next fortnight and if any company has taken a hit on the foreign exchange front because of an uncovered open exchange position today, their quarterly results will be adversely affected.

Before this comes up as a surprise one by one next month, SEBI should make an assessment of the impact of uncovered Foreign Exchange exposure of all companies (mostly the IT companies with high exposure to the EU currencies) by calling for a report from all the listed companies. This is a strategy like the “Incident Report” that a CERT-In would ask after a zero day malware is detected.

Once any risk is detected, SEBI can ensure that the losses if any are allowed as an extraordinary loss which can be written off over the next three or four quarters instead of the first quarter itself.    This will be like the relief that was given to Banks in the NPA write off and would provide relief to the IT sector in particular.

At the same time, just as  anti Virus companies come up with special virus removal tools, RBI should come up with some special measures to even out the foreign exchange impact of the BrExit in the current quarter balance sheets of listed companies by providing hedging options in the form of specially structured “exchange cover instruments” to spread out the impact.

Hope RBI and SEBI will take the necessary action as otherwise  we must be prepared for another round of down trend in the market from the current levels not only through the next week which happens to the expiry week but also the first fortnight of July.

I presume that these are some lessons from the Information Security practice that Financial regulators can benefit from.

Naavi

In what should be an eye opener for the new generation tech companies, who are unmindful of legal compliance, In Mobi, the mobile advertising company has been fined US $ 950,000 (approx R 6.39 crores) for collecting information about children without their consent and violating the provisions of COPPA (Children’s Online Privacy Protection Act ).

FTC (Federal Trade Commission) initially fined US$ 4 million and later reduced it to $950,000. InMobi claimed that due to a technical error that led to the process not being correctly implemented. As a result information was collected even when the privacy settings of the consumers were configured otherwise.

Naavi has many times warned the Start Ups to undertake an “ITA 2008 compliance” as part of the “Techno Legal Feasibility” before scaling up their activities. Unfortunately these companies have other priorities for their scarce resources in the initial days and later become too engrossed in business development to take care of legal compliance. The result of such ignorance and negligence is what results in liabilities such as these. It is possible that the company would not have covered themselves with appropriate insurance also and hence has to absorb the loss from their revenue itself.

Hope the company is able to absorb the loss and proceed.

Related Article

Naavi

It appears at this point of time that BrExit is really happening.  As the effects of the unexpected result unwinds, the debate now is what will be the effect of the BrExit on India in general and Indian stock markets and Indian Economy in particular.

Before we start discussing the impact, we need to first congratulate the British public for perhaps what can be their first “Independence Day Feeling”. We in India and even US have an experience of an “Independence” but Britain perhaps did not have one and this occasion has given them a new experience. Let them enjoy.

As regards the impact of the result, there is a reasonable expectation that there will be a new election in England and a new Government as well. There will be lot of changes happening in England and the rest of EU. The exchange rates will readjust with US $ becoming stronger as well as Japanese yen. The EU currencies and the British Pound may become weaker. Those companies who have a trade surplus in EU area and have not hedged their exchange risks will be adversely affected. The IT Companies of India which have a huge exposure to the EU market need to check if they have been holding any open positions and re assess the impact.

The next quarter announcements of financial performance of these companies will indicate that they may have to revise their guidance mostly downwards.

The stock markets in the next one month will be down by atleast 5% from current levels.

However, in the long run, the business in EU will remain whether the contracts are decided by a new leader or by the old leader. Hence the overall business opportunities will remain. Probably the IT companies will gain new business since what they did so far for EU will have to be re-done with EU-UK and UK as two different entities. It will be like the Y2K moment where any change will lead to re-work of software and additional business for IT service providers.

It is now open to the Indian IT companies to quickly make a Business impact analysis and put together a response team that can immediately suggest revised versions for all they did in the last few years as software solution to Banks and other financial institutions as well as Government institutions and review what needs to be done now.

Then BrExit may actually benefit India.

I think that the days are interesting and innovators will make a kill. I am sure India has many of these innovators and we can look for an overall benefit to India being carved out. This will ofcourse be a challenge to the Government also and it has to come up with its own strategies to take advantage of the situation and act with a nimble foot.

Let’s watch and enjoy..

Naavi

P.S: If EU economy weakens by breaking into parts, the benefit will be for US and probably for economies emerging into the top of the heap and that includes India.

Naavi has been repeatedly emphasizing the need for banks to provide mandatory Cyber Insurance for the benefit of the customers as a support to the technology related innovations which have changed the threat landscape in the Banking industry.

While new technologies have reduced the costs and improved the profits of Banks, the customers are left to handle the increasing risks in exchange of the “Convenience” which is part of the new life style to which we are getting accustomed to.

The possibility of a major Cyber Heist wiping out the bank accounts of a large number of Bank customers and eventually the Bank itself is looming large on the Indian scene and I repeat that Mr Modi and Arun Jaitely will be considered unimaginative if they donot see the risk and take steps to mitigate the risk.

In this context, it was refreshing to hear that a Los Angeles bank namely Grand Point Bank introduced cyber insurance policies for it customers for covering against wire-transfer fraud schemes.

According to the report, ” the coverage includes losses from wire-transfer scams including business email compromise. In business email compromise schemes, fraudsters pose as executives or vendors from a business, sending requests for money transfers to accounts controlled by criminals.”

FBI data shows that criminals have sought to use such “Business Email Compromise scams” to steal more than $3 billion since June 2013.

The policy, which is underwritten by Hiscox Inc, a unit of Hiscox Ltd, costs $30 to $70 per month for up to $1 million in coverage.

India also have seen many such incidents and instead of exposing the business to such risks, companies would be happy to spend some money and cover the risks.

We look forward to Insurance companies in India pushing such policies and Banks adopting them.

However, unless the Government or the new RBI Governor who may take over RBI Governance in the next couple of months takes this up as a part of its initiative to secure E-Banking in India, it is unlikely to be a reality.

The regulators should however ensure that the cost of such insurance should be shared between the Bank and the Customer with a weightage of at least 70% for the bank and 30 % for the Corporate customer. The risk sharing may be higher for the Banks at 90%:10% for the retail customers.

Naavi

Related Article:

Tata Asset Management CEO’s E mail hacked

Currently, the Government has announced a merger of SBI with some of the associate Banks including SBM.

It is reported that a new fraud has surfaced in which fraudsters are calling associate bank customers and informing them that due to the merger, they need to change their ATM card and collecting the card details to fraudulently withdraw the money.

All Customers are warned not to fall to such fraud attempts.

I also urge Banks and Police to immediately take steps to ensure that the fraudsters donot continue with the fraud.

Naavi