Handling the technology part of a business setup, a CTO can contribute enormously to the business transformation, new services or products, as everything requires technology, observes Milind Varerkar, General Manager-IT, Saraswat Bank, in an interview with Poulami Chakraborty of Elets News Network (ENN)
How does a CTO play the role of a business facilitator for a financial institution?
CTO is a natural ally to the business units for taking up digital banking initiatives. The role of CTO requires the person to ensure seamless availability of technical resources and ensure a strong security. Being in technology domain, a CTO can contribute enormously to the business transformation, new services or products as everything requires technology. Even in projects such as Business Analytics, the CTO can be of crucial help to deliver the right technology and framework.
How do you view tech implementation by the Indian financial institutions?
The Indian The banking sector has made great strides in tech adoption. Although private sector banks lead initially, now public sector banks (PSB) and urban cooperative banks (UCBs), like Saraswat Bank, are also not far behind. With Aadhaar and PAN, the KYC has already become online and eKYC is the norm today for account opening. With RBI issuing licences to payment banks, these banks are expected to be born with technology in their DNA. The initiatives of NPCI, viz. Unified Payment Interface (UPI) and BBPS would be game changer for the payment services.
What technology has been adopted for internal operations within your institution?
We have identified Lead management, Loan Origination and Account opening for automation. Lead Management is already automated and braches have experienced surge in leads through such process. We have launched “Saraswat Bank Connect” app, through which any one make enquiries for any product of the Bank and the lead is directed to the portal, which is accessed by branches directly. We are in the process to implement Loan Origination System with which the loan sanctioning and disbursement will be automated bringing down the turnaround time. We are also going live with account opening process based on eKYC.
What kind of challenges does the convergence of social media, mobile banking and cloud pose for the banking sector?
With social media, mobile and cloud, I would also include Analytics to make it SMAC. In fact, it has presented banking sector with an opportunity rather than challenges. Challenges remain in serving the customers for their specific needs. Be it in money transfer, bill payment or other banking services. The customer expects to be served on any medium of her choice and that too at a time convenient to her. Hence for banks it is necessary to ensure that the technology works 24×7 without any interruption. Opportunities are in observing customer behaviour online or through mobile and use analytics and cloud to keep engaging with the customer with personalised offers.
How are you addressing those challenges?
We, at Saraswat Bank, have prepared Digital Strategy for both short term (one year) and long term (three years). The IT and Business divisions are working in tandem on this. The initiatives discussed above are part of this strategy. These are identified as quick wins.
New payment applications are coming up every day. Is it posing a threat to mobile-based transactions?
The non-banking mobile payment is not a regulated field. With UPI, the banks will be providing a secure channel to the customers to transact and with BBPS even the payment services aggregators also will be part of the payment eco system.
Can you cite a specific case of security lapse and how Saraswat Bank addressed it?
Till date we haven’t encountered any major security lapse. We regularly alert our customers not to share their Debit card PIN and Net Banking credentials. On every POS and e-commerce transaction, a SMS and email is sent to customers to alert them and they can block the card for further damage instantly by giving a missed call.
Is Saraswat Bank exploring technologies, such as biometrics, to authenticate users’ identity? What are the present ways adopted to authenticate users?
Currently we are using 2FA to authenticate users on delivery channels. We evaluate products to use biometrics for all delivery channels and internal users as well.
The banking sector has made great strides in tech adoption. Although private sector banks lead initially, now PSBs and urban cooperative banks, like Saraswat Bank, are also not far behind
What kind of security mechanism is required to make mobile banking applications foolproof?
The application should be CODE signed to ensure source authentication and should have OWASP top 10 framework. Place the App for download on play stores only rather than open platforms or websites. Ensure that PIN authentication is done on HSM. Conduct VAPT for every release.
Please share your thoughts on UPI. Can it address the security concerns liked to payment and banking m-applications?
UPI is a channel that gives freedom to customer to aggregate multiple bank accounts into a single mobile application of any bank, merging several banking features, seamless fund transfers and merchant payments under one umbrella. Dependence on mobile wallets will go and so will the concern of storing money with bank account details or cards in open wallets.
Using UPI, customers can make or ‘collect’ payments by creating a unique virtual address similar to their existing email addresses, thereby eliminating the need to share bank account numbers. This gives a new level of security and interoperability. This will also help realise the government’s agenda of “Less Cash Society”, as not only money transfers but merchant payments will also be routed through UPI. RBI in its Payment System Vision Document (2012-2015) had mentioned the use of UPI for achieving its goal of a “Less Cash Society”.