Overview

The last few years have witnessed an explosion of Information Technology (IT) based initiatives which have brought about a sea change in the banking sector of the country. The Reserve Bank has been at the forefront of IT initiatives with broad directions outlined by its IT Vision Documents. The latest in this series is the Information Technology Vision Document, 2011-2017 which aims at providing a road map towards a transformation which is knowledge based and which has Information as its focal point.

The Vision Document discusses the stance of the Reserve Bank in positioning itself as a knowledge organisation and the steps to be taken for harnessing human resource potential. In this journey, other facilitators would be the migration to enterprise architecture for IT systems and appropriate business processing re-engineering. Factors resulting in the accomplishment of the objective of a knowledge based organisation include the need for data to conform to internationally accepted standards and usage of business intelligence from data warehouse. This will form the basis for development of optimal Management Information Systems (MIS) with effective Decision Support Systems (DSS).

The Vision Document sets the priorities for commercial banks for moving forward from the core banking solutions to enhanced use of IT in areas like MIS, regulatory reporting, overall risk management, financial inclusion and customer relationship management. It also dwells on the possible operational risks arising out of adopting technology in the banking sector which could affect financial stability and emphasizes the need for internal controls, risk mitigation systems and business continuity plans.

Further, the Vision Document gives a bird’s eye view of the factors resulting in improved IT Governance, with specific strategies centred on effective project management, evolution of well defined information policies as well as information security frameworks, juxtaposed with better vendor management and outsourcing practices. Impetus would be provided to reviewing of IT processes aimed at holistic processing leading to better alignment between business objectives and IT.

 IT Vision of Reserve Bank India - 2011-17

“Enabling IT as a Strategic Resource for
Enhancing Enterprise Knowledge
Improving Customer Service
Strengthening Governance
Increasing Overall Efficiency and
Ensuring Environment Friendly Systems”

1. Enhancing Enterprise Knowledge

Knowledge emanates from information, which itself is based on data. The meaningful transformation of data to knowledge through information can be possible only when data is methodically collected, stored, processed, shared, disseminated and used.  Enterprise knowledge can be enhanced by using relevant data and information effectively and applying knowledge either in the same context or in a new context (where new knowledge is created). It is for this reason that the need for enhancement of enterprise knowledge is gaining importance. Executing a knowledge-based strategy is not just about managing knowledge but about imparting knowledge to those who aspire for it.

The Reserve Bank has been an organization which has always been in the fore front as far as organizational learning and knowledge based decision making is concerned. It recognizes that while individuals possess part of what is known about a given domain, a body of knowledge is possessed by the organization. This knowledge is based on a multitude of information, which emanates from a variety of sources. IT plays an important role in enhancing enterprise knowledge through improved channels and contents - two important ingredients of knowledge organization, another being culture.
 
1.1 Channels, Contents and Culture

As a knowledge organization, the Reserve Bank has embarked on its pivotal role of disseminating the knowledge possessed by it in a meaningful manner through various channels. The first channel is the public website. The second channel is the Reserve Bank's data warehouse which stores the data relating to various sectors of the economy, equipped with powerful search tools and business analytics facilitating ease of use. This also provides the non-confidential data for the benefit of the general public, which includes researchers, analysts, banks and others in the form of Data Base on Indian Economy (DBIE). The third channel is the Enterprise Knowledge Portal (EKP) for knowledge diffusion within the Reserve Bank. The portal houses the internal circulars, references, and useful developments pertaining to various functional areas. The Reserve Bank believes in bringing class rooms closer to employees through virtual learning sessions in various fields. Accordingly, it will make continuous efforts continue to increase the scope of the existing channels and introduce new channels for collective learning and effective collaboration. IT would provide the means to the Reserve Bank tostrengthen its initiative of being a store house of primary (producer of information) and secondary (other sources) information.

In order to ensure that information is available to authorized persons/entities in a manner useful to them, it would be ideal if the culture of information sharing in the Reserve Bank shifts from a “need to know” to a “responsibility to provide”. This will mandate establishment of a trust environment with access and security built into the data and the environment.

1.2 Data Quality and Data Standards

The Reserve Bank assigns great importance to both quality and timeliness of data and its processing into useful information for MIS and decision making purposes. For achieving this objective, it is pertinent that uniform data reporting standards are put in place. Use of uniform reporting standards for data collection process will effectively reduce the reporting burden, ease validation, and improve overall efficiency. To ensure smooth flow of quality data in a timely manner to the users, it is essential that:

• Uniform data reporting standards are developed
• Data flow is automated from the source systems of banks to their MIS server
• Data is submitted to the Reserve Bank in an automated manner without any manual intervention.

1.3 Effective MIS for Decision Support System (DSS)

Information as a major ingredient of effective MIS for DSS may be viewed as a commodity and as such, can have economic value, the level of which depends on its accuracy, its potential and intended use. Information, therefore, has to be treated as a very important resource which should be managed well. Acquiring information is a constant process and needs continuous updation.

World over Central banks have been assigning great importance to ‘information competency’. Towards this, the Reserve Bank of India has set up the Data Warehouse which has the potential to meet the MIS and DSS requirements – both within the Bank and outside. To further enhance the usefulness of the Data Warehouse for internal decision and policy making and external dissemination, the Reserve Bank adopts the following steps:

1. The process of collection of data from the source systems to be totally automated with the help of appropriate Extract, Transform and Load (ETL) tools. Over a period of time, it should be possible to move towards near real time aggregate information.
2. By using Business Intelligence (BI) tools, the internal users at various levels to be provided interfaces for extracting key information and doing further analysis on the information.
3. For tracking trends and identifying outliers, appropriate dashboards to be built and made available on desktops.

2. IT as a Strategic Resource

Technology is moving at a very fast pace and adoption cycles are short. Therefore, it is becoming difficult to keep pace with the rate of advancement. Quick adoption of developments in the field of IT is a challenge and a key component is the role which human capital will play in this regard. The steps to be taken in this direction are given below:

2.1 Creation of Dedicated Pool of Human Resources

There is an urgent need to train people across several levels to bridge the gap between the technological skill-sets required and skilled manpower available. There is also a need to ensure continuity for human capital by creating a dedicated pool of trained IT professionals with suitable aptitude. Towards this, a roster of dedicated resources in the following areas may be prepared:

• Infrastructure management
 
• IT project management
 
• Process engineering
 
• Data / information management
 
• Data warehousing and data mining
 
• Business continuity
 
• Information security management
 
• Business Intelligence and analytics
 

The following steps are required for creation and maintenance of such a dedicated pool of resources:

• Identifying potential employees with relevant IT competencies
• Providing appropriate training on a continuous basis
• Monitoring performance and re-orienting to specific tasks
• Preparing career paths and succession plans
• Sharing the common pool across the Reserve Bank

In addition to putting such a system for its internal use, the Reserve Bank can encourage a service or umbrella organisation such as IBA, for preparing and maintaining a roster of IT talent for the banking sector as a whole.

2.2 Evolution of Centre of Excellence (CoE)

To overcome the issues related to rapid technology obsolescence as also scarcity of technical skill sets, it is desirable to develop a Centre of Excellence (CoE) which would become a strategic resource for the banking sector. In this regard, IDRBT is assuming a greater role in evolving as a Centre of Excellence and to function as a laboratory for all research and development activity in the banking sector and for achieving, inter-alia, the following objectives:

• Impact analysis of IT deployment vis-à-vis operations and processes
• Benchmarking IT solutions
• Disaster management and contingency planning design
• Specific business problems where IT deployment is considered
• Be a research hub and learning centre for all banking-centric solutions
• Be a nodal centre for design and development of standards for IT applications, services, governance and products relevant to banking industry
• Support innovation in developing IT ecosystems

Implementation of IT based systems has quite often followed an islandic approach, whereby individual systems have been implemented to take care of a particular requirement or a felt need. The trend to migrate towards holistic systems is of recent origin. Such a move has distinct advantages from efficiency and management perspectives as well. It is, thus, of paramount importance to migrate towards the implementation of holistic systems by ensuring that the synergistic effects of integration are tapped for use in the IT environment as delineated below.

3.1 Enterprise Architecture

The buzz word in the current IT environment is enterprise architecture which refers to achieving flexibility in designing systems and integrating legacy systems. It refers to an enterprise-wide, integrated set of components that incorporate strategic business thinking, and the technical infrastructure that promotes information sharing across the organization. In order to derive more benefits from the existing systems, Reserve Bank is moving towards deploying enterprise architecture to drive business adaptability, improve focus on organisational goals, reduce complexity of existing IT systems, improve agility of new IT systems and ensure a closer alignment between IT deliverables and business requirements. Adoption of new systems is done keeping in view the enterprise wide paradigm to ensure consistent enterprise wide architecture.

It is necessary to keep track of technology changes and to develop response processes. The process for infrastructure management should also support innovation and include maintenance of IT ecosystems. Adoption of new cutting edge technologies should remain a primary focus while acting as an enabler to business objectives. New technologies and concepts may be explored to ascertain if they add substantial business benefits.

3.2 Business Process Re-engineering (BPR)

BPR is integral to leverage manpower and technology for increasing efficiency. By adopting a systematic approach to designing, prioritising, managing, controlling and monitoring business processes, competitive performance standards and operational excellence can be achieved. BPR should go hand-in-hand with adoption of technological solutions. It should herald the implementation of radical changes in business process to achieve breakthrough results. Technology is to be used for improving the existing processes and procedures, speeding up the service delivery and improving the control mechanism. New business processes are to be built using Information Technology.

In the Reserve Bank, it is necessary to entrust a multi-disciplinary group with the responsibility of process re-engineering. The group would be responsible for optimising processes and allocating resources before taking up any new development. It would also ensure that the goal of any process reengineering effort is not driven by competitive internal pressures but by the improvement of quality and service levels. It can bring the necessary connect required between technology, information and business processes.  

4. IT in Financial Sector

The Reserve Bank has successfully navigated the financial sector to safe shores based on information availability and judgement. Technology infrastructure played a key role in enabling timely availability and access to vital information in the fast evolving macro space. The Reserve Bank has also guided the banking system (mostly PSU banks) in adoption of technology. In the first phase, banks computerised their labour intensive back office operations to reduce costs and improve housekeeping. In the second phase, banks focussed on enhancing customer convenience to gain competitive advantage. In the third phase, which is presently in progress, banks have implemented Core Banking Solutions (CBS) combining both front office and back office. This phase marked a paradigm shift in more senses than one and branch customers are now bank customers as they can access their accounts from any branch for defined purposes. CBS offered new opportunities for information management, for better customer service and improved risk management.

Extensive use of technology has brought about upgrades in general banking environment for all stakeholders. The Reserve Bank has played a role of a catalyst in this path and has been providing guidelines with due focus on security, safety, assurance and business continuity. In this background, the role of IT in banking sector needs to be revisited with focus on the following:

• Introducing technologies that balance 3 Cs – Cost, Control and Customer Service
• Implementing data warehouse and business intelligence that meets all internal MIS requirements as well as the information needs of the regulator
• Adoption of technology-based strategies for financial inclusion
• Usage of analytics for improvement of Customer Relationship Management (CRM), risk management and fraud detection / prevention

IT based solutions entail operational risks, for which banks have to put in place appropriate control mechanisms and mitigation techniques. As solutions become more technology dependent, business continuity plans and DR drills assume greater importance. With financial stability as an important target, the Reserve Bank assigns importance to mitigate IT related risks in the banking sector.

5. IT Governance

IT Governance refers to the framework for decision rights and accountability to encourage desirable behaviour in the use of IT. Adoption of well structured IT Governance models would assist in enabling better alignment between IT and business, create efficiencies, enhance conformity to internationally accepted best practices and improve overall IT performance as also enable better control and security. IT Governance objectives may be translated effectively and efficiently into improved performance. IT Governance structure/framework are to be put in place as they play an important role in monitoring IT and banking business.  

5.1 Business Continuity Management (BCM)

A department/division may be entrusted with the responsibility of BCM which would includes conducting a Business Impact Analysis (BIA: process of analysing the effect of interruptions to business operations or processes on all business functions), and preparing Business Continuity Plan(BCP: process of developing prior arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions can continue within planned levels of disruption). The department / division itself may have the necessary domain knowledge of various functional areas or may interact with the people in the concerned areas in the preparation of BCP.

The BCP document for all processes may be prepared and it should be readily available to all concerned. The document requires careful planning and verification of contingency plans as these can be effective only if backup systems are thorough, up-to-date, well-communicated and well-rehearsed. BCP encompasses inter-alia business, technological, human and regulatory aspects. The focus may be on prioritizing systems and processes in terms of their importance for keeping business operating smoothly and safely. 

To factor in changes in the processes / systems and also analyse the effectiveness of the system, a periodic audit of BCM may be done by internal / external agencies.

5.2 Information Policy

An effective Information Policy classifies the available information based on sensitivity. It also outlines the owners of the information and the potential end use to which such information is subjected. It is therefore, essential that a clear, specific and comprehensive Information Policy is framed and adhered to. Access to timely, relevant information is critical for developmental effectiveness.

The fundamental importance of transparency in any bank’s mission, as well as its commitment to foster ownership, build dialogue, and strengthen public oversight of development initiatives are a major rationale for formulating an Information Policy.
 
The guiding principles of access to information may set the path to formulate an Information Policy. Framing and implementation of Information Policy based on the standards for data collection, compilation, storage, retrieval and dissemination of information needs to be taken up. The Information Policy so framed may be reviewed and updated periodically.

5.3 Information Security Policy

Information Security Policy is a documented business rule for protecting information and the systems which store and process this information. Within an organisation, the written policy document provides a high-level description of the various controls the organization will use to protect information. The strength of any system is no greater than its weakest link. Information should be based on the principles of integrity, reliability, and validity. Protecting confidential information is a business and legal requirement.

The existing IS policy would have to be reviewed and updated at periodical intervals. The IS Policy may detail principles for protecting information from unauthorised access, use, disclosure, disruption, modification or destruction. The information security policy should, inter alia, relate to policies such as firewall, email, network security, and password. The policy should also address issues relating to prevention of cyber attacks by deploying appropriate technologies such as two-factor authentication.

While following the above, legal aspects relating to the provisions of the Acts such as Payments and Settlement Act, 2007 and IT Act, 2000 may be strictly adhered to.

5.4 Audit of IT Processes and Infrastructure

In view of the critical importance of information security, there is a need to exercise constant vigilance for the safety of the IT systems. Well-defined, structured and documented security policies, standards and guidelines are significant for smooth and efficient operations. At the same time, there is also a need to audit IT systems and processes to ensure confidentiality, integrity, authenticity and timely availability of information. To ensure the above, various types of audits viz., organizational IT audit (management control over IT), technical IT audit (infrastructure, data centres, data communication), application IT audit (business/financial/operational), development/implementation IT audit (specification/requirements, design, development, and post-implementation phases), and compliance IT audit may be conducted at periodic intervals keeping in view the requirements of the organisation. Audits may be conducted by both internal/external agencies adhering to national/ international standards.

5.5 Project Management

Managing IT resources, either for achieving the desired objectives or creating new resources for business or functional objectives, has become complex. Therefore, there is an overarching need for professionally managed projects. This may include Identification of business requirements, procedures and IT resources in terms of people, infrastructure, and technology. Projects are conceptualized, developed and implemented following internal prescriptions. In order to streamline the process of project management, standardized project management policies and methodologies need to be adopted.

5.6 Outsourcing/Vendor Management

IT outsourcing is a growing phenomenon in developing economies. The outsourcing of application development and related activities is increasing steadily. The challenges of outsourcing range from selection of ideal outsourcing partner to dynamic issues of knowledge transfer, security risks, legal concerns, vendor dependency, etc. This concern has heightened in recent years and these issues may be dealt with in synchronization with general governance principles.

Before initiating the process of outsourcing any service/application, it is necessary to examine whether the outsourced function meets the business needs and strategic objectives. Identification of the nature of the activities undertaken by the vendor and the inherent risks of the activity are also important. It is recommended that due diligence in selection, contracting, supervision and monitoring of the vendor is adopted. Diligence in vendor selection requires a reasonable inquiry into the ability and suitability of the vendor to meet the requirements for the proposed service.  Well defined and enforceable Service Level Agreements (SLAs) with the vendor will establish the performance standard and service quality expected under the agreement. As part of meeting principles of governance, it may be ensured that there is a documented, accepted procedure which governs service expectations and obligations.

6. Augment Green Credentials