Android Vulnerability Exposed

Posted on July 5, 2013 by Vijayashankar Na

A research firm in UK has found a vulnerability in the Android mobile software which can be used as a “Master Key” where by an intruder can take complete control of the phone. The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages. It is reported that the loophole has been present in every version of the Android operating system released since 2009.

See Details here

It is unfortunate that Google has not been able to fix the bug for such a long time and is playing with the security of the users.

It is these same phones which RBI and the Banks in India are relying on for critical Banking operations.

I hope RBI realizes its folly in promoting Mobile Banking without properly taking control of the security aspects and takes immediate corrective steps.

Naavi

Posted in Cyber Crime, ITA 2008, RBI | Leave a comment

New Bank Licences-Make Cyber Crime Insurance Mandatory

Posted on July 4, 2013 by Vijayashankar Na

The applications received by RBI for new Bank licenses and the possible political push for issue of licenses before the next elections have raised a serious concern in the market that undeserving companies with political connections may some how make it to the next grade. There will be extreme pressure on RBI to grant the license on a provisional basis so that the aspirants can prove their credentials later.  RBI is likely to be assured that they can anyway refuse the license at the next stage. However, even if some of the applicants may later withdraw from the fray, the interim benefit they gain from the stock markets or for inviting investments is good enough to make them use all their clout to get the tag of “Licensed to Open a Bank”. (Report) 

Presence of Gold Financiers, Real Estate Companies, Stock Brokers, Authorized Dealers indicate that if RBI is not careful, there is the real danger of the licensing scheme being misused.  Even some of the public sector applicants may be used as a tool of the ruling political interests to create a “Bank for the Ruling Political Party”. The loyalty of the public sector bosses to the ruling class is too well known to ignore the prospects of the pubic sector license aspirants such as the Tourism Finance corporation who have no strong reason to be in Banking business.

Continue reading

Posted in Bank, Cyber Crime, RBI | Leave a comment

Data Breach Report within 60 minutes

Posted on July 4, 2013 by Vijayashankar Na

Reporting of Data Breach incidents has been one of the most contentious aspects of the HITECH Act provisions. The initial provisions on the data breach notifications were kept in abeyance for nearly 2 years predictably because the industry did not want to expose its failures to the public. Hence the mandatory disclosures to be made on the website of the Company, on the website of the regulator, and the news papers were all resented. However, the US regulators have been firm on the data breach notification norm.

In the recently proposed rule on health insurance exchange released in US it is stated that the data breach should be reported to the HHS within one hour of its identification and this has raised lot of eye brows on the feasibility of such reporting. (Report)

This proposed rule sets forth financial integrity and oversight standards with respect to Affordable Insurance Exchanges; Qualified Health Plan (QHP) issuers in Federally facilitated Exchanges (FFEs); and States with regard to the operation of risk adjustment and reinsurance programs. Comments from the public have been invited until July 19, 2013.

Data Breach Reporting is an essential part of information security management at the industry level but the concerns of the industry need to be understood in the proper perspective. Quick reporting of data breach has its advantages at the industry level since similar breaches in other organizations can some times be prevented by timely action by the regulator. For this purpose the “One Hour Rule” must be considered as good.

However it is necessary to understand that the dissemination of a “Potential/Suspected Breach information” needs to be kept within the regulator until the exact nature and extent of the breach is ascertained. The regulator may initiate corrective action if necessary but without the disclosure of the victim. Once the regulator confirms on his own through preliminary examination of evidence that the “Potential/Suspected Breach” as a “Real Breach”, then the formal disclosure measures may be initiated.

It is therefore necessary for HHS to introduce a simple “Potential/Suspected Data Breach Notification Scheme” to implement the One hour rule. It is possible that there may be many false alarms in the process but the industry should be given the confidence that “False Alarms” will be properly identified and killed without a reputation damage being caused to the organization.

Let’s hope that HHS will take this industry demand into consideration and issue the necessary modified guidelines.

Naavi

Posted in HIPAA, Privacy | Leave a comment

“Deep Pockets” need not be the sole criteria for Bank licenses

Posted on July 3, 2013 by Vijayashankar Na

A day after the announcements of the 2013 Banking license aspirants, debate has started on whether RBI will dilute its norms to favour any of the licencees either before or after the granting of the license. The statement of the Finance Minister about the number of licensees is an indication of the high level of political interest in the licensing game.

Knowing the trends in political developments in the country and the approaching elections, the licensing decision will come under heavy political pressure. Hence responsibility lies on RBI to ensure that the licenses will not be issued in consideration of the political or financial clout of the applicants. RBI should recognize that Banking industry is a sensitive industry which can make or mar the country’s economy and if bad decisions are taken it will be the common people who will suffer.  Already many of the decisions taken by RBI in the technology banking areas are “Anti-Consumer” and some of the Banks are able to challenge the RBI on various regulatory aspects. Though some of the senior executives of RBI are trying to stand firm, the presence of continuing pressure on them to support vested interests is evident. These forces are likely to come to the fore once again when RBI starts  evaluation of the banking applications.

One of the criteria that will influence RBI in its decision is the “Deep Pockets” of the promoters. Many analysts seem to think that “Corporates with deep pockets need to be preferred by RBI”.

Some corporates seem to have already started lobbying as this statement in a prominent website reflects

 “…very serious players with deep-pockets like corporates are the likely beneficiaries while non-banking financial corporations are the likely losers as they will have to comply with stringent norms such as the cash reserve ratio (CRR), statutory liquidity ratio (SLR) requirements on day one and will need to transfer their entire lending book to the bank itself.”

(Refer this article in FirstPost)

In line with this thought, discussions are rallying around the “Deep Pockets” of Corporates as the main criteria for selection.

One of the arguments that analysts have put out to support large Corporates is that they may be in a better position to meet the  CRR/SLR than others. It is as if they are expected to meet the CRR/SLR from their “Deep Pockets” rather than the new demand and time liabilities they raise as part of their Banking business.

There is no doubt that “Adequate Capital” is an important criteria for success and should be considered for granting of license. It is for this reason that RBI is stipulating a minimum capital criteria of Rs 500 crores. Many analysts are speaking with the assumption that the licenses should be granted with the consideration of how much more capital the promoters may bring in case they fail to manage the business properly with this capital limit. It is as if we are presuming that groups will start the business with a serious prospect of failure in the first few years and have to be bailed out of the “Deep Pockets”.

It must be recognized that “Banking” is not “Money Lending”. It is not expected that these Banks will be doing business with their own capital. The role of the Bank is to “Mobilize public savings” and “Channelize them to meet proper requirements of the society”. RBI has therefore rightly indicated “Financial Inclusion” and “Priority Sector Lending” as also the principle considerations for licensing. The stability to a Bank comes from their ability to build a large base of small investors and to successfully recover from the borrowers with or without the power of the notorious and mafia driven recovery mechanisms.

I request the analysts who are advocating that Big Corporates are to be favoured for licensing to think if these companies have the wherewithal to manage numerous branches and undertake the responsibility for “Financial Inclusion” and “Priority Sector Lending”. I am sure that they are looking to “Manage RBI” when a situation arises where they need to meet these requirements.

I seriously suspect if many of the new generation Banks which are already in business have fulfilled these obligations. These Banks simply ignore RBI guidelines and play on RBI’s inability to force compliance. It would be better if RBI clarifies on whether the current new generation Banks are fulfilling their social obligations and if not how RBI will ensure that the new licensees will fall in line.

When some analysts feel that the norms are likely to be diluted in due course (Refer this article in Economic Times) perhaps what they mean is the dilution of these Banking norms more than the equity holding norms.

If RBI is loyal to the Banking industry, it should give good weightage to the ability of the licensees to meet the social obligation of Banking. Looking at some of the names in the license aspirants, it appears that there is a grave danger of many undeserving promoters getting the nod. 

Some of the large Corporates who are in the fray are likely to be those who are looking at this opportunity to manage their own Banks with which they can carry on their havala and money laundering operations under the official banner of a “Bank”. They are likely to channelize the funds to their own sister concerns and speculative real estate opportunities besides political funding. These corporates are adept in showing large investments in one account and withdrawing them through other channels. Hence their financial strengths may be only illusory. Their “Deep Pockets” may be only in Swiss Banks and will be used only for their personal welfare and not that of the welfare of Bank they promote and less so thewelfare of the  public at large whose interest is at stake in the process of these licenses. Such corporates will only chase profits from the business and donot hesitate exploiting the public for their personal gains. These “Money Chasers” will corrupt the industry and convert the Indian Banks into “Money Sharks”.

It is a financial truth that “Equity” is the most expensive form of capital and those who finance the business with their “Deep Pockets” will extract the most returns from the business. Hence the mantra for success in Banking is “low cost deposit  mobilization” and “Efficient Recovery”. Only those companies who have these abilities will succeed and it is this strength that needs to be spotted amongst the applicants by RBI when it takes the final decision.

I therefore urge RBI to ring fence itself from political influences and ensure that licenses are granted only to the deserving candidates who while meeting the capital needs prescribed have a “Social Objective” to serve the community and have the ability to mobilize savings and deploy funds at the grassroots level. If not, the new licensees will become one more problem in the Indian society. (Also refer this article “..is it a threat ? or Opportunity?”)

Naavi

Posted in Bank, RBI | Leave a comment

Banking Licenses and Public Sector aspirants

Posted on July 2, 2013 by Vijayashankar Na

The list of 26 new Banking license aspirants provide an interesting contrast and a challenge to RBI to ensure that the long term Banking policies set by RBI will be adequately served by the right choice of licensees. Initially, it was indicated that RBI may not be keen to issue more than 6 licenses. However, the Finance Minister has clarified during the day that there may not be any artificial limit to the number of licenses to be granted. This has opened up the possibility of a number of aspirants to be able to obtain the provisional license.

Amongst the applicants we can identify three distinct categories of organizations namely the Private Sector Corporate Groups, Private Sector NBFCs and the Public Sector.

The Four Public Sector organizations that have sought licenses are

1. Department of Posts.

2. LIC Housing Finance Ltd

3. Tourism Finance Corporation of India Limited

4. IFCI Limited

After ICICI and IDBI entered Banking, it was natural for IFCI to also consider entering the Banking sphere. Unfortunately, both ICICI and IDBI lost their character as “Providers of Long term financiers” in the country and turned more into short term retail financing. IFCI is also likely to follow the same route.

It is however interesting to note the entry of Department of Posts which is perhaps one organization in India with the largest network of offices and the ability to serve the nooks and corner in the Country. Post offices already maintain savings and term deposits and hence the organization is well equipped to take on the new responsibility. However it is not clear if the make over is beneficial to the economy in general since Post office already exploits its rural presence in providing Banking services and in the semi urban and urban areas it is not possible for the department to compete with other Banks effectively at least in the near future.

LIC Housing and  Finance and Tourism Finance Corporation may opt to convert themselves into Banks. It is unclear how they will fare as retail bankers.

It appears that some of these organizations want to be in the Banking domain more for the sake of prestige rather than any specific expertise beyond their current operation. Despite their one strength namely “Trustworthiness”, there is no specific indication that they will succeed as “Bankers” whose main business is to “Mobilize Deposits from the Public” and “Lend”.

RBI needs to think if the process of licensing will create organizations which will struggle managing the transformation from their current successful operations in a niche area to an unknown area where their expertise will have to be built on large scale poaching of banking personnel from other established Banks.

Naavi

Related Article in Live Mint

Related Article in Moneycontrol

Posted in Bank, RBI | Leave a comment

New Banking License-Let’s Remember Gandhian Principles of Banking

Posted on July 2, 2013 by Vijayashankar Na

Reserve Bank of India has released the list of 26 Banking license applicants who have sought licences under the new licenses to be released.

The list of aspirants is as follows.

1. Aditya Birla Nuvo Ltd., Mumbai.
2. Bajaj Finserv Ltd., Pune.
3. Bandhan Financial Services Pvt. Ltd., Kolkata.
4. Department of Posts, New Delhi.
5. Edelweiss Financial Services Limited, Mumbai.
6. IDFC Limited, Mumbai.
7. IFCI Limited, New Delhi.
8. Indiabulls Housing Finance Limited, New Delhi.
9. India Infoline Ltd., Mumbai.
10. INMACS Management Services Limited, Gurgaon.
11. Janalakshmi Financial Services Pvt. Ltd., Bangalore.
12. J M Financial Limited, Mumbai.
13. LIC Housing Finance Ltd., Mumbai.
14. L & T Finance Holdings Limited, Mumbai.
15. Magma Fincorp Limited, Kolkata.
16. Muthoot Finance Limited, Kochi.
17. Reliance Capital Limited, Mumbai.
18. Religare Enterprises Limited, New Delhi.
19. Shriram Capital Limited, Chennai.
20. Smart Global Ventures Pvt. Ltd., Noida.
21. SREI Infrastructure Finance Limited, Kolkata.
22. Suryamani Financing Company Limited, Kolkata.
23. TATA Sons Limited, Mumbai.
24. Tourism Finance Corporation of India Limited, New Delhi.
25. UAE Exchange & Financial Services Ltd., Kochi.
26. Value Industries Limited, Aurangabad.

RBI appears to be indicating that only 5 or 6 licenses are likely to be granted. The list contains several large corporates as well as Government owned and public sector organizations. It would therefore be a tough time for RBI to prune the list of 26 to around 6.

From the days of Bank nationalization in 1969 and subsequent partial de-regulation, Indian Banking industry has undergone a significant change of character and the new licenses are likely to be another mile stone in the history of Banking in India. The earlier Banks were born in the era where human interface was predominant and “Service” was a virtue. But the present environment is different. We are today living in a digital world where Bankers would not like to see and interact with its customers face to face and rather prefer to deal with them as “Numbers” or “Log in IDs”. Also “Service” is only a “Tool to make profit”. The new licensees will be born in an era where “Profit” is likely to be the only goal. This could seriously destabilize the Banking system as we know in India.

Naavi.org has time and again emphasized that RBI should not allow distortion of “Banking” as a concept of business developed over time with a focus on “Channelizing public savings fro productive use” and use “E-Money Shop” license as a separate category to feed the desires of the modern day “profit at any cost” Bankers. It is such a “Profit First Customer Next” approach which has made current Banking system extremely unsafe for common Bank customers and forced Naavi to take up a crusade for “Safe E Banking”

At a time when the Indian Banking system is reeling under the pressures of an in-secure technology system entry of several new entities will pose further risks to the Indian Banking consumers. Unless RBI ensures that new licenses are issued strictly on “Public Welfare Criteria”, Indian Banking is likely to permanently lose its character as a “Preferred Destination of Small Savings”.

The approach of the new generation banks have been to cater to the “Elite” category of customers and neglect the needs of the common man. Cost of Banking has been n the increase despite large scale automation. There is widespread “Money Laundering” and “Fake Currency Exchange” occurring within the banking system. The “Commercial” nature of the Banks have made them “Greedy” Banks and the customer has been bullied into accepting services at a cost and security level that are unreasonable from the user’s perspective. “Service to community” is no longer an objective of Banking.

In fact going by the arguments I have personally heard in many of the Bank fraud cases, most Banks consider themselves as “Money Shops” and they donot even appreciate the meaning of “Banking” as an institution to channelize public savings to productive areas.

In recent days, RBI is losing control of the industry and has become a pawn in the hands of influential commercial Bankers. The fact that recently most Banks have reverted to levying extra charges for SMS alerts of transactions, use of Cheques, Drawing of Cash from Banks, and also charge usurious penalties for unintended delays in loan or credit card repayments, use draconian methods of recovery of loans, associate themselves with property mafias and underground criminals in black money transactions and property seizures etc makes one wonder if the Indian Banking system has become a huge extortion racket where depositors are driven out of the system to other more risky investment channels.

The list of aspirants contain some names which are bound to evoke a fear that managements which are already thriving in black money wealth are interested in Banking license so as to convert their own black money into Bank deposits rather than mobilize savings from the public.

RBI should therefore consider “Ability to mobilize savings from grass roots” as the basic criteria for selection.

Secondly, large corporates already have many banks wedded to them and hence another criteria for selection should be “Ability and Orientation” to engage in “Retail Productive Banking”. Retail Banking does not only mean financing Luxury Cars and real estate but financing small trade and entrepreneurial activities.

Above all, “Commitment to Serve” as embodied by the Gandhian principles encapsulated in the following statements is to be considered as the key determinant for selecting the successful licensees.

“A customer is the most important visitor on our premises.
He is not dependent on us. We are dependent on him.
He is not an interruption in our work. He is the purpose of it.
He is not an outsider in our business. He is part of it.
We are not doing him a favor by serving him. He is doing us a favor by giving us an opportunity to do

……………………………………………………………………..Mohandas Karamchand Gandhi

I wish RBI adopts the right approach to new Bank licensing and uses this opportunity to correct some of the imbalances that have crept into the Banking system in recent days and ensures that “Safe and economic Banking for the Common man” is the key goal of the new Bankers. There is need to look for managements which are “People Oriented” rather than focusing only on “Profit at any cost”. 

Naavi

Posted in Bank, RBI, Uncategorized | Leave a comment