The Reserve Bank has endeavoured to ensure that India has ‘state-of-the-art’ payment and settlement systems that are not just safe and secure, but are also efficient, fast and affordable, while recognising the need for continued emphasis on innovation, cyber security, financial inclusion, customer protection and competition. Going forward, Vision 2021 envisages to achieve a ‘highly digital’ and ‘cash-lite’ society through the goalposts of competition, cost, convenience and confidence, thus empowering every citizen with an access to a bouquet of e-payment options. IX.1 The Reserve Bank’s efforts have been to develop efficient and secure payment and settlement systems with a focus on their greater penetration through availability of user-friendly platforms at affordable cost. The Payment System Vision 2021 document also sets out the future path in this direction. Against this backdrop, following section covers developments in the areas of payment and settlement systems during the year and also takes stock of the implementation status of the agenda for 2018-19. Section 3 provides various measures undertaken by the Department of Information Technology (DIT) during the year along with the assessment of its performance against agenda set for 2018-19. These departments have also set out their agenda for 2019-20 in the respective sections. 2. DEPARTMENT OF PAYMENT AND SETTLEMENT SYSTEMS (DPSS) IX.2 The Department of Payment and Settlement Systems (DPSS) continued to work towards the planned development of the payment systems as guided by the ‘Payment and Settlement Systems in India: Vision 2018’. This endeavour was driven by the goals of: (a) reducing paper-based clearing instruments; (b) steady growth in individual segments of the retail electronic payment systems such as the National Electronic Funds Transfer (NEFT), Immediate Payment Service (IMPS) and card transactions; (c) increasing the registered customer base for mobile banking; (d) launch of new products like Unified Payments Interface (UPI) and Bharat QR (BQR); (e) growth in acceptance infrastructure; and (f) accelerated use of Aadhaar in payment systems. IX.3 On May 15, 2019, the Department released the Payment System Vision 2021 that envisages a two-pronged approach: (a) exceptional customer experience; and (b) enabling an eco-system which will result in this customer experience. The Vision aims at empowering payment system operators and service providers, and putting in place forward-looking regulation, supported by risk-focussed supervision. It encompasses the four elements—competition, cost, convenience, and confidence. Specific thrust areas like creating a regulatory sandbox and authorising new players have been incorporated for competition in the payment systems landscape. This is expected to achieve economy in cost for the customers. Freer access with availability of multiple payment system options anytime-anywhere is intended to ensure convenience; and a ‘no-compromise’ approach towards safety of payment systems would address security vulnerabilities and retain customer confidence. Payment Systems IX.4 The payment and settlement systems recorded a robust growth during 2018-19, with volume and value growing at 54.3 per cent and 14.2 per cent, respectively, on top of an increase of 44.6 per cent and 11.9 per cent, respectively, in 2017-18. The share of electronic transactions in the total volume of retail payments increased to 95.4 per cent in 2018-19, up from 92.6 per cent in the previous year (Table IX.1). | Table IX.1: Payment System Indicators – Annual Turnover | | Item | Volume (million) | Value (₹ billion) | | 2016-17 | 2017-18 | 2018-19 | 2016-17 | 2017-18 | 2018-19 | | 1 | 2 | 3 | 4 | 5 | 6 | 7 | | Systemically Important Financial Market Infrastructures (SIFMIs) | | | | | | | | 1. RTGS | 107.8 | 124.4 | 136.6 | 981,904 | 1,167,125 | 1,356,882 | | Total Financial Markets Clearing (2 to 4) | 3.7 | 3.5 | 3.6 | 1,056,173 | 1,074,802 | 1,165,510 | | 2. CBLO | 0.2 | 0.2 | 0.1 | 229,528 | 283,308 | 181,405 | | 3. Government Securities Clearing | 1.5 | 1.1 | 1.1 | 404,389 | 370,364 | 509,316 | | 4. Forex Clearing | 1.9 | 2.2 | 2.4 | 422,256 | 421,131 | 474,790 | | Total SIFMIs (1 to 4) | 111.5 | 127.9 | 140.2 | 2,038,077 | 2,241,927 | 2,522,392 | | Retail Payments | | | | | | | | Total Paper Clearing (5+6) | 1,206.7 | 1,170.6 | 1,123.8 | 80,958 | 81,893 | 82,461 | | 5. CTS | 1,111.9 | 1,138.00 | 1,111.7 | 74,035 | 79,451 | 81,536 | | 6. Non-MICR Clearing | 94.8 | 32.6 | 12.1 | 6,923 | 2,442 | 925 | | Total Retail Electronic Clearing (7 to 12) | 4,222.9 | 6,382.3 | 12,466.7 | 132,324 | 193,113 | 267,515 | | 7. ECS DR | 8.8 | 1.5 | 0.9 | 39 | 10 | 12.6 | | 8. ECS CR | 10.1 | 6.1 | 5.4 | 144 | 115 | 132.35 | | 9. NEFT | 1,622.1 | 1,946.4 | 2,318.9 | 120,040 | 172,229 | 227,936 | | 10. IMPS | 506.7 | 1,009.8 | 1,752.9 | 4,116 | 8,925 | 15,903 | | 11 UPI | 17.9 | 915.2 | 5,353.4 | 69 | 1,098 | 8,770 | | 12. NACH | 2,057.3 | 2,503.3 | 3,035.2 | 7,916 | 10,736 | 14,762 | | Total Card Payments (13 to 15) | 5,450.1 | 8,207.6 | 10,781.2 | 7,421 | 10,607 | 14,097 | | 13. Credit Cards | 1,087.1 | 1,405.2 | 1,762.6 | 3,284 | 4,590 | 6,033 | | 14. Debit Cards | 2,399.3 | 3,343.4 | 4,414.3 | 3,299 | 4,601 | 5,935 | | 15. PPIs | 1,963.7 | 3,459.0 | 4,604.3 | 838 | 1,416 | 2,129 | | Total Retail Payments (5 to 15) | 10,879.7 | 15,760.5 | 24,371.6 | 220,703 | 285,613 | 364,073 | | Grand Total (1 to 15) | 10,991.2 | 15,888.4 | 24,511.9 | 2,258,780 | 2,527,540 | 2,886,465 | Notes: 1. RTGS system includes customer and inter-bank transactions only.
2. Settlement of CBLO, government securities clearing and forex transactions is through the Clearing Corporation of India Ltd. (CCIL). Government Securities include outright trades and both legs of repo transactions and Tri-party repo transactions.
3. CCIL discontinued operations of CBLO from November 5, 2018. Tri-party Repo under Securities segment was operationalised by CCIL on November 5, 2018.
4. The figures for cards are for transactions at point of sale (POS) terminals only which include online transactions.
5. Figures in the columns might not add up to the total due to rounding off of numbers.
Source: RBI. | Electronic Payments IX.5 Amongst the electronic modes of payments, the Real Time Gross Settlement (RTGS) system handled 137 million transactions valued at ₹1,357 trillion in 2018-19, up from 124 million transactions valued at ₹1,167 trillion in the previous year. At the end of March 2019, the RTGS facility was available through 142,975 branches of 216 banks. NEFT system handled 2.3 billion transactions valued at around ₹228 trillion in 2018-19, up from 1.9 billion transactions valued at ₹172 trillion in the previous year, registering a growth of 19.1 per cent in terms of volume and 32.3 per cent in terms of value. At the end of March 2019, the NEFT facility was available through 144,927 branches of 209 banks, in addition to a large number of business correspondent (BC) outlets. IX.6 During 2018-19, the number of card payment transactions carried out through credit cards and debit cards was 1.8 billion and 4.4 billion respectively. Prepaid Payment Instruments (PPIs) recorded a volume of about 4.6 billion transactions valued at ₹2,129 billion. IX.7 The acceptance infrastructure also witnessed substantial growth, the number of point of sale (POS) terminals increased by 21 per cent to 3.72 million at end-March 2019 from 3.08 million at end-March 2018. However, during the same period, the number of ATMs witnessed a decline from 222,247 to 221,703. Authorisation of Payment Systems IX.8 Digital payments were facilitated by 82 authorised payment system operators (decreased from 84 in June 2018) comprising PPI issuers, cross-border money transfer service providers, white label ATM (WLA) operators, Trade Receivables Discounting System (TReDS) operators, ATM networks, instant money transfer service providers, card payment networks and Bharat Bill Payment Operating Units (BBPOUs), besides the Clearing Corporation of India Ltd. (CCIL) and the National Payments Corporation of India (NPCI). The number of non-bank entities authorised for operating PPIs decreased to 47 from 49 in the previous year due to voluntary surrender of authorisation by them. Up to end- June 2019, 61 banks were granted approval to issue PPIs, while 490 banks were permitted to provide mobile banking services. Agenda for 2018-19: Implementation Status IX.9 In the ‘Payment and Settlement Systems in India: Vision 2018’, the Department had identified four strategic pillars for achieving its vision. Responsive Regulation Regulation of Payment Gateway Service Providers and Payment Aggregators IX.10 In November 2009, the Reserve Bank had issued directions regarding maintenance of nodal accounts of intermediaries like payment gateway providers and payment aggregators. In the ‘Payment and Settlement Systems:Vision 2018’, the Reserve Bank had indicated that, given the increasing role and importance of such entities, these guidelines would be revised. Accordingly, the Reserve Bank has been examining the need and feasibility of regulating Payment Gateway Service Providers and Payment Aggregators. In the Statement on Developmental and Regulatory Policies of February 7, 2019, it was indicated that a discussion paper on comprehensive guidelines covering payments related activities of these entities will be placed in the public domain for seeking comments and feedback from the stakeholders. Policy Framework for Central Counterparties (CCPs) IX.11 In order to ensure that the Central Counterparties (CCPs) function in an efficient and effective manner, the Reserve Bank issued ‘Directions for Central Counterparties’ laying out: (i) directions on governance of domestic CCPs; (ii) directions on net worth requirements and ownership of CCPs; and (iii) directions for recognition of foreign CCPs. The directions are applicable to domestic CCPs authorised to operate in India under the Payment and Settlement Systems Act, 2007, CCPs seeking authorisation from the Reserve Bank and foreign CCPs seeking recognition from the Reserve Bank. Review of White Label ATMs (WLA) Guidelines IX.12 In order to address the challenges faced by the White Label ATM (WLA) operators and to work towards smoother WLA operations, a comprehensive review of the WLA guidelines was undertaken, and accordingly, a circular on ‘White Label ATMs (WLAs) in India - Review of Guidelines’ was issued on March 7, 2019. It permits all White Label ATM Operators (WLAOs) to buy wholesale cash directly from the Reserve Bank (Issue Offices) and Currency Chests, to source cash from any scheduled bank, to offer bill payment and interoperable cash deposit services subject to technical feasibility and certification by NPCI, and display advertisements pertaining to non-financial products/services anywhere within the WLA premises (except the main signboard). Permission granted to WLAOs earlier to source cash from retail outlets has now been repealed. Banks may issue co-branded ATM cards in partnership with the authorised WLAOs and may extend the benefit of ‘on-us’ transactions to their WLAs as well. Robust Infrastructure Adoption of ISO for Messaging in NEFT IX.13 The Structured Financial Messaging System (SFMS) is used in RTGS and NEFT systems. The Next Generation Real Time Gross Settlement (NG-RTGS) system uses the ISO 20022 messaging standard in SFMS. In line with the vision to build capability to process transaction of one payment system in another payment system, the Reserve Bank is examining the feasibility and timeline to adopt the ISO 20022 standard in the SFMS for NEFT as well. This will enhance resilience by building necessary capability to process NEFT transactions in the RTGS system, and vice versa. Effective Supervision Framework for Testing Resilience IX.14 With the introduction of alternate modes of electronic payments, both for financial markets as also businesses and individuals, the resilience of payment systems has gained importance. In this context, a framework to test the resilience of both retail and large value systems in the country is being prepared. Collection of Data on Frauds in Payment Systems IX.15 Data on frauds are currently collected from payment system operators. There is a need to monitor the types of frauds that may be taking place in various payment systems in order to further strengthen the confidence in the payment systems and minimise instances of frauds. Accordingly, a comprehensive framework for collection of data on frauds in payment systems would be drawn up in consultation with the industry. Oversight Framework for Authorised Payment Systems IX.16 The policy framework for oversight of payment systems was approved by the Board for Regulation and Supervision of Payment and Settlement Systems (BPSS) in September 2009. Following a review of the policy, the draft oversight framework for existing and new payment systems prescribing the intensity of oversight proportionate to the systemic risks, or system-wide risks posed by the payment system or operator or participant, has been prepared. The framework would cover resilience of payment infrastructure and critical service providers. In line with the proposed framework, the Department had streamlined the procedure of inspection of non-bank PPIs, covering, inter alia, inspection schedules, frequency, coverage and drafting of inspection reports, and risk categorisation. Furthermore, the frequency of on-site inspection of the CCIL was changed from 2 years to 1 year. Data Reporting by Payment System Operators (PSOs) in XBRL Format IX.17 The Department has completed testing of most of the returns developed in eXtensible Business Reporting Language (XBRL). The user credentials were created for bank and non-bank entities and they were advised to test the submission of returns in the XBRL User Acceptance Testing (UAT) platform. The Department is closely engaged in ensuring smooth transition to XBRL reporting. Once the reporting in XBRL platform stabilises, it is envisaged to migrate the submission of all payment system returns to the XBRL platform. Customer Centricity Customer Surveys IX.18 A survey on Retail Payment Habits of Individuals (SRPHi) in six cities, viz., Bengaluru, Chennai, Delhi, Guwahati, Kolkata, and Mumbai, covering around 6,000 respondents, was undertaken by the Department of Statistics and Information Management (DSIM) on behalf of DPSS. The objective of the survey was to gauge the retail payment habits of individuals with a focus on their awareness, usage and understanding of risks of digital payments. Some of the important findings of this survey are - 96.3 per cent of respondents were aware about digital payments; the awareness was higher with higher education level and among those having bank accounts; cash was most preferred mode of payment followed by digital mode mainly debit card; and with reference to risk understanding, it was observed that 8 per cent of respondents shared their passwords with others occasionally, 45 per cent of the participants admitted to have never changed their password / PIN / OTP and another 6 per cent did so only when prompted. Framework to Limit Customer Liability for Non-bank Authorised PPI Issuers IX.19 The Reserve Bank had earlier limited customer liability for unauthorised electronic banking transactions carried through Scheduled Commercial Banks (including RRBs), Small Finance Banks, Payment Banks, Co-operative Banks and Non-bank Credit Card Issuers. This framework was extended to unauthorised electronic payment transactions involving PPIs, issued by authorised non-bank PPI issuers with effect from March 1, 2019. These guidelines prescribe the limits up to which a customer may bear liability against contributory frauds, negligence/ deficiency on part of non-bank PPI issuer, third party breach where the deficiency lies with neither the issuer nor the customer, and scenarios in which the loss is due to negligence of customer. It specifies the time limit for reporting unauthorised electronic transactions and prescribes the liability accordingly. These guidelines will strengthen the customer grievance redressal framework and build trust in digital payments. Other Developments Tokenisation - Card Transactions IX.20 In January 2019, the Reserve Bank issued a circular on ‘Tokenisation—Card Transactions’, wherein all authorised card payment networks were permitted to offer tokenisation services (Box IX.1), irrespective of app provider, use case and token storage mechanism, subject to certain conditions. Box IX.1
Tokenisation The Reserve Bank has been encouraging innovation in payment systems and simultaneously focusing on the safety and security of individual transactions. Cards constitute an important form of payment: credit and debit cards are used by a large section of public. Enhanced safety and security of transactions performed using these cards is achieved by use of the Additional Factor of Authentication (AFA), generation of transaction alerts via SMS/e-mail, and the like. While performing a card transaction, a customer either enters the card details manually (for e-commerce transactions) or swipes/dips the card at a Point of Sale (POS) terminal. In the process, the card holder’s data could be at risk and susceptible to misuse by fraudsters. ‘Tokenisation’, is a process whereby a card’s 16-digit Primary Account Number (PAN) is replaced with a unique alternate code (called as ‘token’) and a payment transaction is performed using the token, instead of the actual card data being sought or captured at the merchant’s end. This enhances safety and security of the card transaction. On January 8, 2019, the Reserve Bank has permitted all authorised card networks to offer tokenisation services, irrespective of app provider and use case, subject to certain conditions and responsibilities listed therein. There is no relaxation in the extant instructions for AFA. Registration for tokenisation service is purely voluntary for customers and they need not pay any charges for availing this service. For the present, this facility shall be offered through mobile phones/ tablets. The circular provides a framework related to tokenisation, de-tokenisation service; certification of systems of card issuers/acquirers, token requestors and their app, etc.; registration by customer; secure storage of tokens; customer service and dispute resolution; and safety and security of transactions. | Review of Master Direction on Issuance and Operation of PPIs in India IX.21 Based on requests from various stakeholders regarding the problems being faced in undertaking Aadhaar based know your customer (KYC), the timeline for KYC completion of minimum detail PPIs has been extended in February 2019 from 12 to 18 months. Prepaid Payment Instruments (PPIs) - Guidelines for Interoperability IX.22 Guidelines for PPI interoperability were issued on October 16, 2018 in order to enable the PPIs issued by banks and authorised non-bank entities to be used across merchants on-boarded for other payment systems as also for funds transfer between PPIs and bank accounts. Interoperability for PPIs issued in the form of wallets shall be implemented through UPI while for PPIs issued in the form of cards, interoperability shall be through the authorised card networks. EMV Chip Cards and their Processing at ATMs/ micro-ATMs IX.23 The Reserve Bank had given instructions to banks in August 2015 to replace all existing magnetic stripe only cards with Europay, Mastercard and Visa (EMV) Chip and PIN based cards by end-December 2018, and also in May 2016 to enable EMV Chip based processing at ATMs/micro-ATMs. These measures have been prescribed for enhancing safety and security of card transactions. Banks reported significant progress in replacing the magnetic stripe cards. ATMs/micro-ATMs are also being enabled for processing of EMV Chip based transactions. Guidelines for Trade Receivables Discounting System (TReDS) IX.24 The TReDS provides an institutional mechanism for facilitating the financing of trade receivables of MSMEs from corporate and other buyers, including Government Departments and Public Sector Undertakings (PSUs), through multiple financiers. Earlier, only banks and NBFC–Factors were allowed to participate as financiers in TReDS. This pool of financiers was expanded in July 2018 with the addition of other financial institutions as permitted by the Reserve Bank. National Electronic Toll Collection (NETC) IX.25 National Electronic Toll Collection (NETC) is an interoperable electronic toll collection system (multiple issuers-multiple acquirers system) which allows customers to use NETC tags to pay toll fares by linking these tags to any of their bank accounts (savings/current/ prepaid account). During 2018-19, the Reserve Bank granted approval to the NPCI for operating NETC. Policy Paper on Authorisation of New Retail Payment Systems IX.26 In its Statement on Developmental and Regulatory Policies of June 6, 2018, the Reserve Bank had announced that it would encourage more players to participate and promote pan- India payment platforms and would bring out a policy paper for public consultation. The objective was to minimise concentration risk in the retail payment market from a financial stability perspective and to give a fillip to innovation and competition. Accordingly, on January 21, 2019, the Department placed a policy paper on ‘Authorisation of New Retail Payment Systems’ on the Reserve Bank’s website and invited public comments by February 20, 2019. Based on comments/feedback received, guidelines in this regard shall be released. Committee on Deepening of Digital Payments IX.27 On January 8, 2019, the Reserve Bank had constituted a High-Level Committee on Deepening of Digital Payments (Chairman: Shri Nandan Nilekani) with a view to encourage digitisation of payments and enhance financial inclusion through digitisation. The terms of reference of the Committee included suggesting a medium-term strategy for deepening of digital payments. The Committee has submitted its report to the Reserve Bank in May 2019. The Reserve Bank has initiated action on the recommendations of the report. Real Time Gross Settlement (RTGS) System - Implementation of Positive Confirmation IX.28 The NEFT system sends confirmation to remitters regarding the completion of funds transfer, providing an assurance to the remitter that the funds have been successfully credited to the beneficiary’s account. The Reserve Bank issued guidelines in November 2018 for implementation of positive confirmation in the RTGS system by mid-January 2019 in order to provide the same confidence to customers using the RTGS system for funds transfer. The positive confirmation feature in RTGS is initially available for member banks wherein both the remitter and beneficiary banks access RTGS system through thick client interface/SFMS member interface and the same would subsequently be enabled for member banks accessing RTGS through other channels. Inspection of CCIL IX.29 As directed by the BPSS, the Department instituted the process of inspecting the CCIL on an annual basis. Accordingly, the on-site inspection was undertaken in October 2018 against the 24 Principles for Financial Market Infrastructures (PFMI) using the assessment methodology template of Committee on Payments and Market Infrastructures (CPMI) - International Organisation of Securities Commissions (IOSCO) [CPMI – IOSCO]. CCIL was found to have ‘Observed’ 18 principles and ‘Broadly Observed’ 4 principles while 2 principles were ‘Not Applicable’ to it. Extension of RTGS Customer Cut-off timings IX.30 In view of the increasing customer demand and keeping in mind the industry preparedness, the Reserve Bank extended the timings for customer transactions in RTGS from 4:30 pm to 6:00 pm with effect from June 1, 2019. The final cut-off timings for RTGS, however, remained unchanged. Benchmarking India’s Payment Systems IX.31 The Reserve Bank undertook an exercise to benchmark India’s Payment Systems against payment systems in a mix of advanced economies, Asian economies and the BRICS nations to highlight the strengths and weaknesses of the payments ecosystem in India relative to comparable payment systems and usage trends in major countries. The analysis was attempted under 41 indicators covering 21 broad areas including regulation, oversight, payment systems, payment instruments, payment infrastructure, utility payments, government payments, customer protection and grievance redressal, securities settlement and clearing systems and cross border personal remittances. National Electronic Funds Transfer (NEFT) and Real Time Gross Settlement (RTGS) Systems – Waiver of Charges IX.32 Reserve Bank reviewed the various charges levied by it on the member banks for transactions processed in the RTGS and NEFT systems. In order to provide an impetus to digital funds movement, it has been decided that with effect from July 1, 2019, processing charges and time varying charges levied on banks for outward transactions undertaken using the RTGS system, as also the processing charges levied for transactions processed in the NEFT system, will be waived by the Reserve Bank. The banks have been advised to pass on the benefits to their customers for undertaking transactions using the RTGS and NEFT systems. Agenda for 2019-20 Revised Framework for ATM Charges and Fees IX.33 On the basis of requests received from various stakeholders for rationalisation of the number of free ATM transactions as also the charges on usage of ATMs beyond the mandatory free transactions, the Reserve Bank has constituted a Committee in June 2019 to examine the entire gamut of ATM charges and fees. Framework for Harmonising Turnaround Time (TAT) for Resolution of Customer Complaints and Compensation IX.34 Retail electronic payment transactions have been showing a healthy growth over the years. With increasing use of electronic products, there is also a spurt in customer complaints. It is observed that the time limit in resolving customer complaint varies across payment systems. However, very few payment systems have a penal provision that forces entities to offer prompt redressal of the customer complaints. In order to improve customer services, it is necessary to have harmonisation of the response time for reversal of a failed transaction. To begin with, the Reserve Bank will examine the Turnaround Time (TAT) for failed transactions across various payment systems so as to ensure reversal of failed transactions within a specified time and to create a framework for compensation to customer for delay in reversal of failed transactions, with or without complaint from the customer. Availability of NEFT on a 24x7 Basis IX.35 The Reserve Bank is the owner and operator of the NEFT system that operates in half-hourly batches facilitating fund transfers. In order to enhance the usage of the payment systems and improve customer convenience, the Reserve Bank would examine availability of NEFT on a 24x7 basis to facilitate fund transfer needs beyond the banking hours. Global Outreach of Payment Systems IX.36 There is scope for enhancing global outreach of the payment systems, including remittance services, through active participation and co-operation in international and regional fora by collaborating and contributing to standard setting. In this connection, the Reserve Bank will facilitate in establishing network-to-network connectivity between financial switches and ensuring smooth transaction flows, security certification, etc. between Royal Monetary Authority of Bhutan and the NPCI. System Capacity and Scalability IX.37 Payment systems have come a long way, and there is an increasing expectation that the systems should be robust and resilient. Keeping this in mind, a framework for an ongoing assessment of the performance of retail payment systems would be designed. The Reserve Bank will also explore the need for prescribing explicit exit criteria of payment systems and payment system operators based on a transparent point-of- arrival metrics. E-Mandates / Standing Instructions IX.38 The Reserve Bank will consider implementation of e-mandates / standing instructions for retail payment systems, subject to customer protection and adequate safeguards like authenticating payment instrument registration, mandating transaction limits, segments, etc. Security Standards and Information System (IS) Audit IX.39 In view of the requirement for further strengthening the integrity of payment systems, the Reserve Bank will examine the need for framing security benchmarks for mobile banking and broadening the scope of IS Audit of regulated entities. 3. DEPARTMENT OF INFORMATION TECHNOLOGY (DIT) IX.40 The Department of Information Technology (DIT) continued its endeavour to channelise information and communication technology (ICT), in an efficient and cost-effective manner to ensure smooth functioning of the critical and systemically important payment and settlement systems in the country. It also strove to adopt the best global practices in the area for developing effective and efficient IT solutions for the Reserve Bank. IX.41 In a situation in which product life cycles are becoming shorter, robust technology platforms for ensuring faster computation, efficient storage and also faster communication bandwidth are essential. Effective IT control practices and monitoring systems need to be in place to avoid breakdowns in internal control and oversight, to manage internal and external threats, and to increase the effectiveness of IT processes in the Reserve Bank. Agenda for 2018-19: Implementation Status IX.42 In last year’s Annual Report, the DIT had undertaken certain objectives in pursuit of its mission. Key among them were improvement in the currency management system, smooth reconciliation of GST transactions, enhanced enterprise access management system, and concerted efforts to strengthen cyber security. e-Kuber for Goods and Services Tax (GST) IX.43 During the year, the Memorandum of Errors (MoE) - an automated reconciliation mechanism for Goods and Services Tax (GST) transactions was tested to pave the way for no reconciliation errors. Currency Management System IX.44 The Regional Office (RO) module - Currency Management (CyM) in e-Kuber replaced the prevailing Integrated Computerised Currency Operations and Management System (ICCOMS). The enhancement to e-Kuber allows real time accounting of notes and coins in circulation. As the Department of Currency Management (DCM), Regional Offices, Link Offices (LOs) and Currency Chests (CCs) are now on a single platform, integrated workflow management with single point of entry reduces reconciliation issues with real time accounting and inventory management. The new system allows the Reserve Bank to have a near real time view of the balances in currency chests and facilitates an efficient management of the currency through automation of its processes. Going forward, the system would also have a linkage with note printing presses and provision to track currency in transit. Migration of Real Time Gross Settlement (RTGS) to the Latest Technology Platform IX.45 Real Time Gross Settlement (RTGS), a systemically significant payment system and critical Financial Market Infrastructure (FMI), has exponentially grown, in terms of the number of participants and the volume of transactions. The system caters to around 220 participants and is processing, on an average, 0.45 million transactions worth ₹ 10 trillion each day. RTGS was migrated to the latest technology platform along with state-of-the-art software stack to be in sync with the change in business needs and to equip the system with up-to-date technology. This has ensured future proofing of the application in the form of higher scalability, performance and security. The migration of financial messaging infrastructure of the country i.e., Structured Financial Messaging System (SFMS) to a robust platform has ensured resilience and has enhanced security in the payment and settlement ecosystem. Currently, SFMS is managed by Indian Financial Technology and Allied Services (IFTAS). The Department had undertaken organisational restructuring of IFTAS during the year (Box IX.2). Enterprise Access Management System (EAMS) IX.46 A new enhanced Enterprise Access Management System (EAMS), including visitor and vendor management, is in the advanced stage of implementation at all the offices of the Reserve Bank. The system will also be integrated with Samadhan for marking attendance of its employees. ISO 27001 Information Security Management System (ISMS) Certification IX.47 The introduction of IT based applications has facilitated the running of business operations in a smooth and efficient manner but at the same time, it has also brought in a whole new set of challenges on security, availability, confidentiality and integrity of the information stored within the information systems. To address these challenges, the Reserve Bank has undertaken several initiatives, ensuring that the core elements of convenience and efficiency are balanced with safety and security of the IT systems. ISO 27001 Certification ensures administration and protection of key ICT infrastructure of the Reserve Bank in consonance with globally accepted norms and instils confidence in the information system (IS) architecture developed within the Reserve Bank. The Department and three data centers of the Reserve Bank are ISO 27001:2013 certified effective from August 6, 2019. Box IX.2
Organisational Restructuring of Indian Financial Technology and Allied Services (IFTAS) Indian Financial Technology and Allied Services (IFTAS) was set up by the Institute for Development and Research in Banking Technology (IDRBT) in February 2015 as a non-profit company under Section 8 of the Companies Act, 2013 in pursuance of the recommendation of the Rangarajan Committee (2009). IFTAS provides critical infrastructure services (such as INFINET and SFMS for Inter-bank/GST/ governments (central and states payment and receipt transactions)) to the Reserve Bank, other banks and co-operative societies. IFTAS also functions as service provider for NEFT applications developed by the Tata Consultancy Services (TCS). The Reserve Bank has acquired 100 per cent equity shares of IFTAS through its authorised representatives. | e-Kuber for Custom Duties and Cess IX.48 The Reserve Bank has undertaken integration of e-Kuber with Indian Custom’s Electronic Commerce/Electronic Data Interchange (EC/EDI) Gateway - Indian Custom EDI Gateway (ICEGATE) - of Central Board of Indirect Taxes and Customs (CBIC). The integration ensures automatic reconciliation through Common Portal Identification Number (CPIN) matching and is live from July 1,2019. Cyber Resilience and Development of Cyber- Security Culture IX.49 Cyber resilience is the ability to prepare for respond to and recover from cyber-attacks. In this context, a Cyber Security Playbook (CSP) provides a clear understanding of the incident response plan and responsibilities of key persons towards cyber-security standards and accepted practices before, during, and after a cyber-security incident. CSP aims to align IT and business continuity plan (BCP) and define specific communication touch points, including periodic situation updates, response options to proactively mitigate impacts of any attempted/successful exploits. The Department has been undertaking several steps to foster a culture of cyber-security within the Reserve Bank. Agenda for 2019-20 IX.50 The Reserve Bank will integrate and consolidate the upgraded enterprise architecture application. The Enterprise Platform as a strategy leads to consolidation and integration of multiple applications in the IT landscape of the Reserve Bank. This will lead to efficient use of IT infrastructure ensuring optimisation of operations, and a closer alignment between ICT deliverables and business requirements. The Reserve Bank will endeavour for IT security based on adopting a zero-trust framework. e-Kuber for Defence Pensioners IX.51 The Reserve Bank will integrate a Comprehensive Pension Package (CPP) for defence pensioners with e-Kuber and facilitate automatic credit of monthly pension through the standardised version of e-payment module in e-Kuber. The initiative would benefit around 30 lakh defence pensioners, with an addition of 80,000 new pensioners each year. Next-Gen National Electronic Fund Transfer (NEFT) IX.52 NEFT, a systemically significant payment system and critical Financial Market Infrastructure (FMI) of the country, is operated and maintained by the Reserve Bank since its inception. The next generation NEFT will lead to higher degree of automation and state-of-the-art features ensuring conformity to global standards. Introduction of ISO 20022 messaging format in NEFT would standardise messages across the payment and settlement systems and ensure interoperability between payment systems. The Reserve Bank will consolidate its network and storage for easier manageability and monitoring. |