Many of the learning’s from the financial depository have been adopted in the academic depository, most importantly, the fraud and security aspects of student records. Also, the experience of managing a very large database and documents has helped in this project. NAD is expected to be made mandatory for all recognised boards and institutions this year. The concept to make available to a student all his academic records from the 10th standard onwards in a 24×7 electronic platform was a unique idea not implemented in any country, says Joydeep Dutta, Executive Director & Group CTO, Central Depository Services Ltd, in conversation with Elets News Network (ENN).
With IT being an integral part of almost all functions within the company, how challenging or exciting it is to be the CTO of the company?
The importance of Information Technology (IT) in organisations has never been as strategic and critical as it is in today’s age of innovation and digital transformation. IT is the key differentiator in most organisations because almost every business process has elements of IT enablement. Enterprises are becoming more and more connected with the increasing adoption of digital technologies.
The CTO, therefore, has the unique and advantageous perspective of being aware of the entire organisation’s IT landscape irrespective of which department or business that IT solution belongs. CTO needs to make informed decisions on how systems across the enterprise will seamlessly integrate. As IT heads, our new role is to proactively assist the business to create value proposition with revenue potential in terms of new products and services, use technology as a strategic business enabler, and be agile in delivering solutions. The role of IT is shifting from managing IT operations to being the innovation driver of the organisation.
IT heads are no longer considered subservient to business heads and are equal participants in business planning and strategy meetings. In many companies, senior IT leaders are permanent invitees in board meetings and directly report to the CEO.
The Government under the aegis of Ministry of Human Resource Development (MHRD) nominated CDSL Ventures Limited (CVL) to operate the National Academic Depository (NAD). What is the progress of it?
With our experience in CDSL to run the country’s securities depositories for almost 20 years now, it was logical for the government to entrust the ambitious National Academic Depository (NAD) project on us. Many of the concepts and learnings from the financial depository could be adopted in the academic depository, especially the fraud and security aspects of student records. The project was running in pilot mode for few years before the formal inauguration by the honorable President of India on July 2017.
The concept to make it available to a student all his records from the 10th standard onwards in a 24×7 electronic platform was a unique idea not implemented in any country. The records are securely uploaded by respective institutions and digitally signed for authenticity. The entire verification process, namely request by verification agency, consent by a student, payment for verification services and displaying the final image to the verifier is now possible in minutes across geographies, which earlier could take a month due to the verifier and student physically not being in the same location.
There are more than 1500 MHRD/UGC recognized institutes, which constitute over 40000 colleges. One of the challenges has been the disparate levels of IT maturity of the institutes and the different formats in which academic records are currently held at the institutes. We are helping the IT team of the institutes to convert their records in a format that will enable them to upload the same to NAD.
Institutes no longer need to invest in high end IT infrastructure and security to have their systems internet-facing and available 24×7. So far around 60 percent of institutes have signed up to participate in NAD. The government is expected to soon make it mandatory for all recognized institutions to participate in NAD. There are ongoing awareness sessions across the country being organized by MHRD/UGC to institutes who are yet to join NAD, where we are explaining the NAD process and help institutes understand how they can benefit by participating in the NAD ecosystem.
How depository operations plays a vital part in the financial system?
The eco-system and constituents of the depository system apart from the depository are depository participant (DP), issuers/companies, registrars and share transfer agents (RTA), stock exchanges and stockbrokers, clearing corporation/clearing house and clearing members, the banking system and investors. An effective and fully developed depository system is essential for maintaining and enhancing the efficiency of a mature capital market.
Investor protection is a need for India to attract investors. Apart from holding securities, the depository provides services related to transactions in securities. This system eliminates paperwork and promotes transparent transfers. It also contributes to the liquidity of an investment in securities. The most important advantage of the depository is it eliminates the risk of holding and misplacing physical securities as everything is now done through electronic mode and without paperwork. Stamp duty which was earlier levied is now not applicable and therefore a cost-saving to the investor.
The issue of fake certificates, the problems related to bad delivery, loss of certificates in transit, mutilation of certificates, delays in transfer, long settlement cycles or any kind of issue related to signature mismatch are also eliminated. This also makes the foreign investor confidence to invest in the Indian market as it eliminates the chances of any kind of forgery and delay.
What security measures are you undertaking to curb fraud and cybersecurity attacks?
Cyber threats have emerged as a growing risk with the potential of causing serious financial and reputation damage to organisations. We also need to recognise that cybersecurity is a business issue and not an IT issue, and the risk should be managed with as much discipline as financial risk or credit risk. As IT, we have the role of business enabler without compromising enterprise security.
Increased adoption of digital technologies makes security compliance most challenging. Employee’s awareness sessions to indulge in safe security practices are imparted for new employees and periodically for existing employees. We recognise that enterprise security is every employee’s responsibility. The security culture is further validated by third-party surprise social engineering audits. Our regulator has mandated specific security guidelines, which necessarily requires the implementation of certain security practices and solutions.
With the security landscape complexity increasing with new tools, and solutions addressing new and emerging threats continuously, being introduced by vendors from time to time, we need to continuously evaluate and deploy solutions, which address our security needs. We have to mandatorily undergo cybersecurity audit twice a year against regulatory guidelines. As a best practice, we at CDSL have included cybersecurity update as an agenda item in all quarterly board meetings wherein we update the board in business language on the cybersecurity readiness and ongoing projects in the security space.
To ensure the highest standards of information security compliance, our company is certified for ISO 27001 since 2006. While we put all security measures in place to protect our enterprise, we realise that hackers collaborate, enterprises do not. Consequently, the cost of attacking is disproportionately low compared to the cost of protection. No amount of security guarantees 100 percent protection to our enterprise and therefore there is no such thing as rightsizing of the cybersecurity budget.
Give us an overview of the year 2020.
As a market infrastructure institution, we get a chance to give our wishlist to the respective ministries that often require legislation or changes in the law. The objective is to improve the maturity and transparency of financial markets, increase convenience and lower the cost for market participants and investors. Some of our key wishlist items are as follows: Single Demat account for all financial investments – this can include bank fixed deposits, insurance, pension, etc which are under different regulators – RBI, IRDAI, PFRDA, etc. For the customer, he gets a single consolidated statement for all his investments.
Currently, the consolidated statement (CAS) caters to capital market investments only (shares, MF, etc) Single KYC for all financial investments – we currently have an interoperable KYC system for SEBI regulated entities wherein four KYC registration agencies (KRA) collaborate and provide service to intermediaries, ensuring that if PAN-based customer KYC is done once with any KRA, another intermediary can reuse it from the KRA holding the customer KYC.
It would be good to extend this platform to intermediaries of all financial regulators. For this, the KYC parameters need to be standardized. Mandatory admission of unlisted public companies in the depository and compulsory Demat for all shares – this will ensure more shares to be held in Demat form. For comparison, there are over 6,00,000 unlisted companies compared to only over 5,000 listed companies. Reintroduce online Aadhaar authentication based KYC for capital market intermediaries voluntarily which has recently been reintroduced for banking and telecom companies. This will help to increase the speed and efficiency of the account opening and significantly reduce the KYC cost for the intermediary.