Seminar on IT Governance for Directors of Banks - 2015

A Seminar on IT Governance for Directors of Banks was organized by IDRBT on July 27-28, 2015. Thirty Directors from both public and private sector banks attended the programme. The Seminar enabled the Directors to understand the importance of IT Governance in banks. The deliberation at the Conference reflected the emerging governance issues that the boards of banks are often faced with.

In his inaugural address,Dr. A. S. Ramasastri, Director, IDRBT, welcomed the Directors of Banks and set the tone for the seminar by focusing attention on crucial issues like IT Governance, IT Strategy, IT Security, IT Infrastructure Management, IT Skillset Management, Adoption of Technology for Banks, Relevance of Social Media in Banking, etc. Highlighting the importance of technology as an essential ingredient in the banking system, he said that technology needs to be looked as a core and not as a peripheral. He touched upon the pain points relating to Governance in Banks, which are captured below:

  • IT Governance: Banks need to consciously look at where to invest in terms of IT, where IT Governance comes into picture. IT Governance must specifically look into what kind of IT investments are made and what could be the return on such investments. The boards need to question time and again whether such investments would help the end customer and the banks as well
  • IT Strategy: Strategy, one of the crucial components of Governance, gets into play while deciding on the right type of IT investments at the right place, given the alternatives to choose such as internal model where IT is developed internally; outsourced model where an external vendor is hired to work along with the organization and the cloud model where the organization entrusts the operations to the third party
  • IT Security: A prime concern for banks are the frauds at various levels namely, IT and accounting. As banks embrace technology, they are more prone to vulnerabilities/threats. Therefore, security is important to the banking system
  • IT Infrastructure Management: Emphasise on continuity of providing services in the IT environment and manage the entire IT infrastructure. IT Infrastructure should be maintained properly and must be available 24/7 to the customers and banks as well
  • IT Skillset Management: Above all, manpower with adequate skillsets is vital for every organization. Boards must constantly review the needful skill upgradation of the workforce.

IT Governance is the core integral part of an enterprise. Despite having set standards, most of the boards and top management have minimal clarity over the role and functionality of IT in the organizations. Dr. Santanu Paul, Distinguished Fellow, IDRBT dwelt upon the topic of "Corporate Governance and IT Governance: Role of the Board" and provided an overview of the IT Governance and the role of the board in improving efficiency of the organizations. He explained how banks can turn out to be high performing organizations. He stressed that instead of compliance of standards and rules, boards must focus more on the role of IT in helping achieve business goals at a faster pace. He took the directors through on various aspects of IT Governance which included – domains of IT Governance, IT Governance standards, role of the board in IT Governance.

Shri B. Sambamurthy, Former Director, IDRBT spoke on "Business IT Strategy for Banks". In the current scenario, as the use of technology has increased, new delivery channels have opened up making the marketplace cluttered. Introducing the participants to the new trends of IT in banking, he stressed on the important role of the consumers in shaping the IT and business strategy for banks. He explained the components of IT life cycle and the opportunities and challenges in the evolving business frontiers namely – Mobile Banking Frontiers and Payment Systems. He enlisted the top mobile applications which were used for payments. He also charted out a 10-point plan as part of a payment strategy.

A panel discussion was also organized as part of the Seminar on the "Gopalakrishna Committee Recommendations" chaired by Shri G. Gopalakrishna, Director, CAFRAL. He was joined by:

  • Shri C.V. R. Rajendran, Former CMD, Andhra Bank
  • Shri R. Athmaram, Executive Director, Bank of Maharashtra
  • Shri K. Subrahmanyam, Executive Director, Union Bank of India.

Shri Gopalakrishna, the jury chair, in a candid conversation with the Directors of banks, gave a brief on Gopalakrishna Committee Recommendations and the mandate of RBI to guard the banks from various sources of risks especially in the IT.

Key Points of the Panel Discussion:

Shri G. Gopalakrishna, Director, CAFRAL
  • Since 1990, RBI has cautioned banks over Risk in IT
  • The introduction of computerization in banks eased the banking systems but also posed a serious threat with the increase in the number of cyber frauds. Overtime, frauds have been contained through the very technology
  • The Gopalakrishna Committee Recommendations has been formulated based on IT Governance, Information Security, IT Operations, IT Outsourcing, IS Audit, Cyber Fraud, Business Continuity Planning (BCP) and Customer Education
  • These recommendations set a benchmark to ensure security in IT
  • In order to evaluate IT control, the boards of banks must enable an internal IS Audit. Bodies like ISACA help in creating awareness in IS Audit by conducting programmes on a regular basis. IT frameworks such as COBIT must be benchmarked so that banks across implement it as a standard framework
  • Regular reviews should be conducted through CIO/CISO Forums as they will be beneficial
  • Risks are there, but yet with the increase in technology, the mobile banking needs to be encouraged
  • Cyber security is a big challenge with banks losing billions of money. Therefore, create dedicated teams which monitor cyber threats
  • Online monitoring/audit is very important in a computerized world
  • Banks need to develop specialists/experts in the IT domain and recruit and train their staff with regular IT functionalities in order to handle IT-related risks.
Shri K. Subrahmanyam, Executive Director, Union Bank of India
  • As IT is now into every aspect of banking, IT Governance plays a crucial role in complying with the set standards
  • IT Governance should be aligned with business strategy
  • The board needs to understand as to how much to be invested in technology
  • IT risk is a very crucial aspect of governance
  • IT risk is related to safety, security and performance
  • IT resource management: Banks should evaluate Return on Investment (RoI)
  • Risks are there, but yet with the increase in technology, the mobile banking needs to be encouraged
  • Banks need to improve capabilities of banks to evaluate the performance of IT.
Shri C. V. R. Rajendran, Former CMD, Andhra Bank
  • IT implementation must benefit banks in either way – one, cost reduction or two, profitability
  • Banks can implement PoS machines for ease of payments
  • Technology must be used effectively to enhance customer experience – i.e., empower customer with technology
  • Train and educate the staff on implementation of technology
  • The concept of constructive destruction must be adopted by banks to kill certain technology which is obsolete
  • Compliance will fall into place once banks business smoothens. Therefore, banks must first concentrate on the banking business to recoup returns on investment
  • IT should be profit-laden and not compliance-laden strategy.
Shri R. Athmaram, Executive Director, Bankof Maharashtra
  • Investment in technology must be improved
  • Banks must invest on Disaster Recovery Sites as much as on other verticals of banking as they are crucial
  • Can systems absorb talented staff over time?
  • Outsourcing of IT is a major concern for banks.

Thereafter, the faculty of IDRBT interacted with the Banks' Directors and presented the "Role of IDRBT in Development of Banking Technology". The faculty briefed them about the research activities of the Institute. The Directors also visited the Research Centres to get hands-on experience of the research work being done.

In the next session, Prof. G. Sivakumar, IIT Bombay, spoke on "IT Infrastructure Management in Banks: Challenges and Opportunities". As the future goes digital, he drew the attention of the bankers on the impact of digitization of the banks. The terms like branchless banking, cashless economy, everything from a mobile phone would become a norm. He stressed on the need for the alignment of IT goals with that of business goals. He explained the benefits of having strong Decision Support Systems (DSS) that enables expansion of client-base, cross-selling, customer profitability and improved efficiency. He also discussed the disadvantages of IT Silos in Banks, besides topics like re-engineering IT systems, Enterprise Architecture and its evolution.

The Seminar concluded with the valedictory address of Shri H. R. Khan, Deputy Governor, RBI and Chairman, IDRBT on "IT Governance and IT Strategy: The Need of the Hour".