Deputy Governor

LETTER OF TRANSMITTAL TO THE GOVERNOR

Dr. D. Subbarao,
Governor,
Reserve Bank of India.
Mumbai.

Sir,

High Level Committee for preparation of the Information Technology Vision Document : 2011-17

I have immense pleasure in submitting the Report of the High Level Committee appointed vide Memorandum dated February 16, 2010, for preparation of the Information Technology Vision Document 2011-17. The spirit of the document is to guide the Reserve Bank for transforming itself into an Information intensive knowledge organisation. The members of the Committee have shared their rich experience and expertise during their deliberations, and have been unanimous in their views and recommendations. On behalf of the Members of the High Level Committee, and on my own behalf, I sincerely thank you for entrusting this responsibility to us.

High Level Committee for preparation of the
Information Technology Vision Document : 2011-17

Chapter 1
INTRODUCTION

1.1 Background

1.1.1 Information Technology (IT) has transformed the conduct of businesses in every sector of the economy. Financial sector is one such area where the touch of IT has completely overhauled the nature and accelerated the pace of business. IT has been instrumental in improved communication and connectivity across all segments/players of this sector as well as in enhancing the quality, efficiency and speed of delivery of financial services.

The Reserve Bank has played a pivotal role in this process of transformation of the financial sector with the use of IT.  As the central bank, the Reserve Bank has strived to create a conducive environment for promoting technological adoption encompassing the financial sector. Moreover, being an important institution in the financial sector, it too has undergone the process of technological change. Finally, the Reserve Bank has endeavoured to streamline technological change in a manner that would help to enhance the inclusiveness of the financial sector.

1.1.2 While technology has become an integral part of conducting and managing business in the financial sector, it can hardly ever be characterised as static. It has evolved over the years and it is important, therefore, that the financial sector too reviews these developments and adapts itself to the same. It is in this context of review and adaptation to technology that the information management requires specific attention.

1.1.3 The Department of Information Technology (DIT) of the Reserve Bank was formed in 1995 to exclusively to look after the Reserve Bank's requirements in the field of computerisation and modern communications network and undertake advance planning for technology upgradation in the banking sector.  Over a period of fifteen years, DIT has satisfactorily fulfilled most of the objectives set to it at the time of formation. It has been instrumental in designing, developing and implementing IT-based systems, which have helped in the discharge of various functions of the Reserve Bank.

1.1.4 During this period, several developments have taken place in the realm of IT and its adoption in the banking sector. The developments largely relate to improvements in back office management in the form of streamlining Management Information System (MIS), strengthening centralised processing and improving communication networks. As these developments have a bearing on the role, functions and organisation of the Department, it is necessary to review the objectives of DIT in the light of these developments.

1.1.5 To steer the financial sector to achieve the desired technological goals, the Reserve Bank has brought out two vision documents encompassing the periods 2005-08 and 2008-10.  As the tenure of the previous IT vision document was 2008-10, it was incumbent upon the department to prepare the next version of the vision document for the period 2011-17.

1.2 Constitution of the High Level Committee (HLC)

1.2.1 It was in the above background that a HLC was constituted to prepare the IT Vision for 2011-17. The objective was to identify the information needs of the Reserve Bank as also to work on the changes to the organisational structure of DIT.  The terms of reference for the Committee were the following:

1. Review of the contribution of DIT in establishment of IT infrastructure in the Reserve Bank and banking sector over the period of fifteen years;

2. Preparation of Information Technology Vision Document for the period 2011-17, taking into account requirements and expectations of banking system in general and Reserve Bank in particular;

3. Keeping in view the IT Vision Document, redefining the role, functions and organisation of DIT;

4. Specifying the role of the department in meeting the information needs of the Reserve Bank and the society at large.

1.2.2 As the terms of reference covered diverse and specialized areas, there was a need to associate experts with varied backgrounds from within and outside the Reserve Bank to conduct the review. Accordingly, the Committee was formed with the following members:

Dr K.C. Chakrabarty, Deputy Governor, RBI: Chairman
Shri B. Sambamurthy, Director, IDRBT: Member
Shri D.K. Mohanty, ED, RBI: Member
Shri G. Padmanabhan, CGM, DPSS: Member
Shri Deepak Singhal, CGM, HRDD: Member
Shri A. Krishna Kumar, DMD, SBI: Member
Shri Pravir Vohra, Group CTO, ICICI Bank: Member
Prof G Sivakumar, IIT, Bombay: Member
Prof B. H. Jajoo, IIM, Ahmedabad: Member
Dr A. S. Ramasastri, CGM, DIT, RBI: Member-Secretary

1.3 Approach of the Committee

1.3.1   The prime focus of the Committee has been on the preparation of the IT Vision Document for the Reserve Bank of India for the period 2011-17. For this purpose, the Committee had taken into consideration the issues, challenges, evolving technology and changing business environment. In addition to preparing the Vision Document, the Committee had also given specific recommendations for its operationalisation. As DIT is responsible for adoption of IT in the Reserve Bank, the Committee reviewed its activities during the past fifteen years. The Committee recognised the need for extensive use of information for decision making, identified the gaps and put forth specific recommendations in terms of systems and structure.  Based on the review of its past activities and its evolving role for development of information systems, the Committee has given recommendations on the future role, responsibilities and organization of DIT.

1.3.2 Three sub-groups were formed to concentrate essentially on the terms of reference and recommend the measures to accomplish them, as follows:-

(a) Sub-Group on preparing IT Vision for the Reserve Bank for 2011-2017:

Members:
Prof G Sivakumar, IIT Bombay
Shri R K Saraf, CGM (IT), State Bank of India
Shri S Ganeshkumar, CGM, RBI (on deputation to IDRBT)
Convenor:
Smt Nikhila Koduri, DGM, DIT CO, RBI

(b) Sub-Group on specifying the role of the department in meeting the information needs of the Reserve Bank in particular and the society in general.

Members:
Prof B H Jajoo, IIM, Ahmedabad
Dr Goutam Chatterjee, Adviser, DSIM, RBI
Shri Ravindra P Marathe, GM, Bank of Baroda
Convenor:
Shri Hemant Kumar, GM, DIT CO, RBI

(c) Sub-Group on redefining the role, responsibilities, functions and organization of DIT

Members:
Shri G. Padmanabhan, CGM, DPSS
Shri Deepak Singhal, CGM, HRDD
Shri Pardeep Maria, Adviser, DSIM, RBI

Convenor:
Shri G Ramesh, DGM, DIT CO, RBI          

1.4 Layout of the Report

• Chapter 1 gives the background for the preparation of the IT Vision 2011-17

• Chapter 2 discusses the context in which the IT Vision Document has been prepared and also gives strategy for achieving the goals set in the document.   

• Chapter 3 delineates the review of the contribution of DIT in establishment of IT infrastructure in the Reserve Bank and banking sector over the period of fifteen years.

• Chapter 4 discusses the information needs of the Reserve Bank and the society

• Chapter 5 redefines the role, responsibilities and organization of DIT.

1.5 Acknowledgements

1.5.1 The Member-Secretary of the Committee, Dr A S Ramasastri has worked with a missionary zeal, and ensured that the quality of the report is not compromised while pursuing the large agenda that encompassesvarious facets of central banking. His involvement in the preparation of the three sub-group reports and in getting them organized into the Committee report is commendable. The Committee would like to record its appreciation for his dedicated work.

1.5.2 The members of the three sub-groups have given their valuable time in providing very useful inputs and the convenors worked diligently to produce reports of high quality. The Committee acknowledges its gratitude towards their contribution. The Committee wishes to record its appreciation to the teams consisting of the following officers in preparation of the reports:

• Smt Nikhila Koduri, DGM and Smt Dipti Vishwanathan, Manager (report on IT Vision for the Reserve Bank for 2011-17) 

• Shri Hemant Kumar, GM and Shri Sanjeev K Gupta, Manager (report for  identification of  the information needs of the Reserve Bank in particular and the society in general)

• Shri G. Ramesh, DGM and Shri Bipin Nair, Manager (report on the redefining the role, responsibilities, functions and organisation of DIT)

1.5.3 The secretarial support to the Committee was ably provided by the Department of Information Technology, Reserve Bank of India.  Smt Shubhangi V Latey, Manager, Shri S Shamej, Manager, Shri M. Mahesh, Assistant Manager deserve special mention in this regard. Shri Himanshu Joshi, Director, DEPR and Smt. Pallavi Chavan, Assistant Adviser, DEPR gave valuable inputs in editing the Report.

1.5.4 Finally, the Committee wishes to place on record the commendable work done by Smt Nikhila Koduri, DGM, and Smt Dipti Vishwanathan, Manager who have been associated with the work of the Committee right from organising the meetings to collating information from various sources and finally in the preparation of the draft report.

Chapter 2
Strategy for implementation of IT Vision 2011-17

2.1 Changing Environment and Challenges ahead

2.1.1 Over the years, the functions of the Reserve Bank and its focus have evolved in response to the changing economic environment. While discharging its traditional functions, the Reserve Bank has been in the forefront of adopting new initiatives. These new initiatives required adoption of appropriate technology to deliver optimal solutions and in the process increased the need to plan and implement newer IT strategies.

2.1.2 Simultaneously, there have been changes in the technology environment. The Reserve Bank is committed to create adoption of newer technologies. In this context,   cloud computing, virtualisation and open source technologies can be used for driving efficiencies of operation and reducing costs to customer. By using cloud computing, the service providers can deliver a variety of IT enabled capabilities to the customers.

2.1.3 The adoption of technology has brought in efficiency in the payments systems operated by the Reserve Bank. This can be measured by the increasing use of electronic mode of transmission of money by customers of banks. Adoption of Core Banking Solutions has emerged as a single most significant innovation which has transformed the way banks have managed their businesses. However, these systems have not been fully exploited for information management and decision support. Similarly, the IT governance structures are yet to be fully strengthened.

2.1.4 In the context of (a) increased demand on IT solutions (b) changing technology scene and (c) gaps in adoption of technology to meet the information needs, the Committee has identified the specific areas that need to be addressed during the ensuing years. These issues may be addressed in the short, medium and long term. Some of the important issues are delineated below:

• issues in integration of information and technology

• focused approach in usage of data for MIS and Decision Support System (DSS)

• inadequacies in information needed to take vital decisions

• disparate IT systems at different levels of maturity

• metadata and uniform data reporting standards

• adoption of data mining and business analytics for information refinement

• re-engineered business processes and delivery models 

• strategic alignment between business and IT  

• information and security policies 

• business continuity management

• project management

• vendor management

• availability of trained manpower for deployment of technology 

The Committee has taken into account the above challenges while preparing the IT Vision Document 2011-17.

2.2 The IT Vision Document 2011-17 is enclosed.

2.3 Implementation Strategy

2.3.1 Keeping in view the goals identified in the Vision Document, and taking into account the steps required to operationalise the same, the HLC has reviewed the activities of DIT during the past 15 years and identified the information needs of the Reserve Bank and society and has recommended certain changes in the present role, responsibilities, functions and organization of the department.

2.3.2 DIT may be entrusted with the responsibility to identify the specific action points and prepare action plans for short, medium and long term implementation. For this purpose, the department may use the recommendations given by the Committee in this report. Further, the department may coordinate with other departments of the Reserve Bank and also external organizations to achieve the goals set in the Vision Document.

2.3.3 A high level standing committee at the top management level may be formed to monitor the progress of implementation of IT Vision Document.

Chapter 3
REVIEW OF ACTIVITIES OF DIT IN THE LAST 15 YEARS

3.1 Genesis

3.1.1 Following the macroeconomic and structural reforms undertaken from July 1991 onwards, it was important for the Reserve Bank to gear up its internal Information Technology (IT) set up for an effective handling of the new tasks that were devolved on it. The Reserve Bank undertook a number of steps to exploit the rapid strides in the field of computers and communications towards improving efficiency, productivity and customer services not only within its own organisation but also across the banking sector as a whole.

3.1.2 In order to focus on planning and implementation of computerised systems, a department known as the Department of Information Technology (DIT) was set up on January 1, 1995. The department was mandated to service the technology needs of the Reserve Bank and serve as a facilitator in the deployment of IT in banks and the financial sector. It was also entrusted with the responsibility of r facilitating reforms in the Payment and Settlement Systems of the country, a role it played till the constitution of a separate department called Department of Payment and Settlement Systems (DPSS) in March 2005.

3.2 Functions of DIT

The mission of DIT was to function as the nodal agency for technological improvements and for achieving operational excellence both within the Reserve Bank and in the banking sector, and to implement a safe, secure and efficient integrated payment and settlement system for the country.  DIT was carved out of two divisions of the erstwhile Department of Statistical Analysis and Computer Services (DESACS) viz. Computer Operations Division and Systems and Programming Division which were merged with the erstwhile Management Services Department. The functions of DIT went beyond those of its constituent units. The functional areas of DIT were broadly grouped as following:

3.2.1 Computer Technology: This included:

1. Development of new software for various departments
2. Computerisation of banking departments, such as DADs, PADs, PDOs
3. Introduction of cash dispensers for payment of bills
4. Procurement of office automation equipment

3.2.2 Communication Technology: This included:

1. Setting up of inter-office connectivity using satellite (VSAT)
2. Use of terrestrial lines for varied applications
3. Facilitation of SWIFT network in banking sector in India

3.2.3 Payment systems and Technology upgradation: Monitoring of upgradation of technology in Public Sector Banks (PSBs) included progress in the development of an integrated and robust Payment and Settlement system and implementation of the decisions of the Payment System Advisory Committee. It also included:

1. Development and operationalisation of Securities Settlement System (SSS), Negotiated Dealing System (NDS) and Real Time Gross Settlement System (RTGS)

2. Ensuring  optimal use of electronic media for eliminating delays and ensuring adequate security in payment areas through Electronic Clearing System (ECS) and Electronic Funds Transfer (EFT);

3. Monitoring National Clearing Cells (NCC) operating from four metros and introducing MICR systems at more centres.

3.2.4 Coordination with banks: Monitoring the progress achieved by public sector banks in computerisation and informing the Government of the same.

3.2.5 The other functions of DIT included:

1. Contributions to various Committees/Working Groups using technology as a platform

2. Preparation of guidelines for  Indian Financial Network (INFINET)- network for the exclusive use of the Closed User Group (CUG)  - banks and financial institutions

3. Introduction of various channels/products of payment i.e. Centralised Funds Management System (CFMS), Structured Financial Messaging Solution (SFMS), Magnetic Ink Character Recognition (MICR), ECS, EFT and  National EFT

3.3 Activities during various phases:

Initial efforts within the Reserve Bank were aimed at mechanisation of activities in the 1980s which expanded into computerisation of its critical operations in the 1990s.  The next decade marked a phase of consolidation, with renewed thrust towards putting in place comprehensive systems following the generic architecture and providing solutions to enhance the efficiency of the payment and settlement systems in India. The broad approach followed in implementation of IT initiatives centred around the need for having homogenous IT systems catering to varied processing requirements of the Reserve Bank and providing for seamless integration across the various applications, wherever feasible. Recognising the need for distributed computing across the various locations of the Reserve Bank and taking advantage of the benefits of centralised processing in an IT environment, DIT adopted the approach of ‘Centralised Processing with Decentralised Access’. While managing technology implementation was a major activity which had to be handled by DIT, managing and imbibing the rapid developments taking place in the field of technology was a bigger challenge. Though hardware-related technological obsolescence has not greatly impacted the progress achieved, there have been issues related to software obsolescence. Some of the notable developments which have taken place during the last fifteen years of DIT’s operation are as follows:

3.3.1 Formative Phase: 1995-2000

In the initial period, DIT brought into focus the need for quick and efficient use of new technologies in the Bank in the areas of:

1. Payment and Settlement Systems: One of the major responsibilities entrusted to DIT was the compliance of the Core Principles for Systemically Important Payment Systems (SIPS) as outlined by the Bank for International Settlements, Basle, Switzerland. During this period, the NDS, SSS and the RTGS were introduced. For coordinating the process at the national level, a National Payments Council was formed in 1999 to lay out policy framework for reforms in payment and settlement systems.  

2. Maintenance of Network: DIT spearheaded setting up of the INFINET (WAN based satellite communication and terrestrial lines network) using VSAT technology. It was the forerunner of an efficient telecommunication backbone for the banking and financial sector. Hub and network management system was located at IDRBT and also managed by them.

3. Setting Standards in IT:  Rapid computerisation across different financial sector entities made it essential for Reserve Bank to adopt international best practices and standards. In order to ensure this and to facilitate Straight Through Processing (STP), DIT took various steps towards getting International Standards Organisation (ISO) and BS7799 certification in respect of certain critical applications and systems. DIT also took steps towards standardising the operating system, databases and messaging platforms.

4. Ensuring delivery channels: Guidelines relating to IT based delivery channels from the perspective of conforming to critical minimum requirements were issued by the Reserve Bank. At the root of all the new delivery channels was the need for banks to migrate towards the use of core banking solutions, which facilitated all centralised offerings by the banks.

3.3.2 Stabilisation Phase : 2000-2005

During this period, the focus of DIT shifted to stabilising the responsibilities/projects that were entrusted to it. The main areas of work related to the following:

1. Critical Payment Systems/Applications: These years saw the commencement of the RTGS system, increasing awareness of its applicability as also setting legal framework of the rights and responsibilities of its participants. The PDO-NDS application was also made operational which resulted in computerising the functioning of the PDO. Further it also saw the integration of the RTGS with the internal accounting system of the Reserve Bank.  

2. Maintenance of Network: The Local Area Network (LAN) was operationalised in all offices of the Reserve Bank. This enabled all the desktops in an office to be connected to each other in a LAN environment.

3. Availability of infrastructure: Digital signatures with Public Key Infrastructure (PKI) were used to protect data and image flow over the network and to establish authenticity and non-repudiation.  

4. Preparedness of the banking sector: Work dealing with the advent of the Year 2000 and the reforms of payment and settlement systems including drafting Payment Systems Act to take care of legal requirements for payment and settlement systems reforms, was also initiated during this period.   

5. Technology Upgradation in the banking sector was mainly done in the following areas:
   
   
   • Adoption of international standards in areas of hardware, systems software and security
   • Networking of computerised branches
   • Data warehousing and data mining
   • Implementation of the  re-engineering process
   • Extensive training and development of human resources
   • Computer/Information audit

3.3.3 Maturity phase: 2005- till present

During this period, the major activities conducted / overseen by DIT were the following:

i. Payment and Settlement Systems:

• Department of Payment and Settlement Systems (DPSS) was carved out of DIT in 2005 for regulation and supervision  of payment and settlement systems encompassing cheque based clearing systems,  ECS, EFT, inter-institutional government securities clearing as also the RTGS.

• Integration of RTGS with the Integrated Accounting System (IAS)

• Centralised Public Accounts Department System (CPADS) was made functional

ii. Infrastructure: 

• To enable the consolidation of systems and centralised data processing as also for business continuity and disaster recovery in the event of any contingency, it was decided to set up Data Centres in the Reserve Bank. Accordingly, three state-of-the-art data centres were set up followed by migration of all payment and non-payment system applications. The data centres were designed to meet the Tier-IV standard of the Uptime Institute.

• There was migration to Multi-Protocol Label Switching (MPLS) of Indian financial network (INFINET).

• Centralised Data Base Management System (CDBMS) - Data Warehouse of the Reserve Bank was made operational.

iii. Non-Payment Applications i.e. Human Resources Management System (HRMS), Integrated Establishment System (IES), Mail Messaging System (MMS), Enterprise Knowledge Portal (EKP) and Document Management Information System (DMIS) were also implemented thus heralding a new generation of applications for the use by every staff member of the Reserve Bank. This period also saw the introduction of Smart card-based access control system as also connectivity of all Reserve Bank offices by the video conferencing facility. Migration of Secured Internet Website to a centralised system at the data centre was also undertaken.

iv. Miscellaneous: There was an effort towards ensuring constant availability of services by effective and failsafe Business Continuity Plans (BCP) and hence, periodical BCP exercises were undertaken. Information Security policy put in place. There was adoption of Core Banking Solutions (CBS) by almost all the banks.

3.4 Conclusion

3.4.1 From the above, it can be seen that DIT has accomplished the tasks entrusted to it, particularly those relating to the building of efficient and secure payment systems. It has also put in place a fairly robust IT infrastructure in the form of data centres, Local Area Network (LAN) and Wide Area Network (WAN). Over the last decade and a half, attention has been focused particularly on operationalising and maintaining the payment systems in a safe, secure and efficient manner. Consequently, the implementation of distinct information systems to support decision making activities and re-engineering the business processes could not be accorded equal priority.

Chapter 4
Information Systems

4.1 Existing Setup

4.1.1 Information Systems in the Reserve Bank

The existing system of gathering information in the Reserve Bank is based on the functions / roles performed by it. Various departments play a contributory role in collection of information. Information is also collected from external sources.

The present data collection systems in various departments are disparate and are at different levels of automation. The Bank has started a process of bringing all such systems to single interface in the form of On-line Returns Filing System (ORFS). Currently some returns are already under ORFS while efforts are on to bring others in its fold.

There are consistent efforts to set standards for data reporting in the form of eXtensible Business Reporting Language (XBRL). XBRL taxonomies have already been developed and implemented for Basel II return.

Most of the information collected or generated in various departments flows into the Reserve Bank’s Enterprise Data Warehouse (EDW). The EDW also contains data of 72 countries which are members of the BIS Data Bank. The process of flow of data from various systems to EDW is getting automated. There are still manual procedures in the data flow from several systems. As an information sharing mechanism, this system, provides consistent time series on broad spectrum of macroeconomic variables. However, departments still rely on their respective systems for meeting regular reports / ad hoc queries. As a result, the facilities provided by dash boards and business analytics are yet to be fully exploited.

The Enterprise Knowledge Portal (EKP) is fast emerging as a robust information and collaborative channel for sharing information within the organization.

4.1.2 Information Systems for Society

Market participants/ analysts/ academicians/ other professionals rely heavily on the information provided by the Reserve Bank. In addition to the regular publications in the printed format, Reserve Bank is also providing information to the public through its website.

By providing access to the general public for the publishable part of the data warehouse over the internet through a link Data Base on Indian Economy (DBIE), a beginning has been made towards the real-time dissemination of data to the society. With institution of ‘Real Time Hand Book of Statistics on Indian Economy’ in 2009, the scope of this work has been further broadened.

4.1.2 Need for review

There have been several changes in the financial sector both domestically and internationally, necessitating collection of data to meet the new requirements of regulation and policy making. Further there have been changes in the technology for collection of data and dissemination of information. Therefore, there is a need to review the existing systems in the Reserve Bank, based on the principles of information management, information technology and information governance.

4.2 Issues and Concerns

After examining the present data and information management systems in the Reserve Bank, the Committee identified following issues and concerns to be addressed:

4.2.1 Information Management: One of the major objectives of information management is to collect, process, compile and analyse data in a timely manner for taking policy decisions. However, at present, a strong linkage in the use and sharing of information for decision making is missing within the Bank. This, to some extent, has bred information illiteracy within the organisation. Hence, in order to make policies based on timely and correct data, the following issues need to be addressed :

i. Data Quality: Presently, the data reported to Reserve Bank is not necessarily forwarded from the centralised system or the MIS servers of banks. Manual intervention often leads to incorrect reporting. This raises doubts on the genuineness of data management.  Policy decisions based on such data may be erroneous.

ii. Data Definition: There is no metadata available encompassing all the returns received by the Reserve Bank. The EDW has its own metadata and it covers statistics only conforming to this data.

iii. Timeliness: While regulatory returns are received well in time due to their statutory nature, statistical returns, which are more granular in nature, are received with considerable time lag limiting their use for policy decisions.

iv. Availability: All data in the Reserve Bank is not ported to the EDW. Further, users are not aware of the availability of data. The EDW is not used optimally.

v. Accountability: Often there is no accountability for the data submission.

vi. Coverage: Though the data captured in the Reserve Bank from primary and secondary sources is satisfactory, there are some data gaps in the coverage and these need to be adequately addressed.

vii. Data dissemination: This needs to be strengthened in the areas of:

• high frequency data on financial markets
• data on progress in financial inclusion and
• socio - economic data like unemployment rate  

4.2.2 Information Technology

i. Various departments of the Reserve Bank have their own disjoint data management systems that lack the capability of data analysis.

ii. Reserve Bank still relies excessively on paper-based documents which are preserved in physical files. There is no fully IT enabled system, wherein internal notes are prepared, authorised electronically using digital signatures and stored in a networked server for future retrieval.

iii. Aggregation and Distribution of information pose a challenge.

iv. Cyber attacks and newer forms of security threats pose challenges.

4.2.3 Information Governance

The concerns and issues regarding data and information can be addressed by having a proper governance structure in place with respect to the data, information, security and information technology. There is an overarching need for adoption of principles of integrity, accessibility and security for setting the appropriate benchmarks.

4.3 Recommendations

After examining the issues and concerns that need to be addressed, the Committee recommended the following:

4.3.1 Information Management

i. The quality of data received in Reserve Bank needs to be improved for its use in decision support system. The generation of required data directly from the transaction processing system at the bank’s end and automating flow of such data to the Reserve Bank without any manual intervention in a straight through process is recommended.

ii. While respective departments who have prescribed the return/ statement should be the owner of the received data, the data should reside in the central repository.

iii. A comprehensive assessment of the Reserve Bank’s information architecture needs to be done to help identify potential inefficiencies. A complete list of data items, their definitions, concepts and metadata for all the data collected and maintained by the Reserve Bank should be compiled and prepared.

iv. All data managed by the Reserve Bank to move to the EDW on a near real time basis.

v. In the Reserve Bank, the culture of using data and information for policy making needs to be encouraged.

vi. Information hubs across departments with built-in safeguards.

vii. Real time links to be provided between RBI and Financial Institutions to facilitate remote examination.

viii. Reserve Bank may equip itself to make virtual visits to banks.

4.3.2 Information Technology

i. There is a need to adopt efficient IT solutions, which can be enabled to improve methods of data submission, receipt of data for staging purpose, transfer of clean data for appropriate access and analytical capability to the stored data.

ii. The Reserve Bank needs to encourage use of more technological solutions such as business intelligence tools, business analytics, data mining tools and semantic search for analysis of data.

iii. Reserve Bank may also implement the second generation intelligent data warehouse.

iv. The Reserve Bank to move to a fully IT enabled workflow and document management system thus paving the way for a less-paper environment.

v. Use of DSS for MIS to be encouraged.

vi. RBI to be constantly remain vigilant to security threats and keep in touch with agencies like CERT-IN etc for prevention of cyber attacks.

4.3.3 Information Governance

i. It is suggested to put in place policies/guidelines in the following areas:

1. Data Governance - covers governance structure with respect to the organisation’s data asset which is structured in nature.

2. Information Governance - covers governance structure with respect to the    organisation’s information assets which may be structured or unstructured.

3. Information Security (IS) Governance - deals with the security and risk   aspect of information assets of the organisation.

4. Information Technology (IT) Governance is the overall structural framework which covers entire gamut of IT systems and their performance and risk management.

ii. Comprehensive guidelines on the data quality and uniform data reporting standards to be prepared.

iii. Data dissemination policy may be put in place to ensure that the requisite data is available to the users.

iv. Management of received data should be with one department with expertise in IT. This will enable harnessing the latest available technology.

4.4  Role of DIT, DSIM and other departments

To carry forward the above recommendations, the Committee suggests the following :

i. DIT needs to provide technical support to all the information system initiatives and the necessary IT infrastructure.

ii. Receipt of data from all sources should be consolidated at a common repository at the Reserve Bank.

iii. An inter-department group to be formed for examining, overseeing and implementing new data requests.

iv. Each Central Office Department (COD) and Regional Office (RO) of the Reserve Bank need to have a separate unit to cater to their information needs. A nodal officer needs to be posted in each COD/RO for coordinating with the central department which is maintaining the central data repository.

v. The nodal officer of the COD unit to have the responsibility of maintaining accuracy, consistency, completeness, and updating of data. The responsibility of the nodal officer may also include:

• Coordination with the data suppliers
• Supply the data to users
• Handle the data related queries

vi. The nodal officer of the RO units to coordinate with the local bank branches in cases of training and conducting surveys among banks and other financial entities.

vii. Data supply to any other entity needs to be routed through central data repository i.e. EDW. The EDW and its internet portal Database on Indian Economy (DBIE) may be the predominant platform for data dissemination internally as well as outside the Reserve Bank.

Chapter 5
Recommended role, responsibilities, functions and organization of DIT

5.1 Present structure: Based on the roles, responsibilities and functions of DIT, the department is presently organised into the following divisions :

1. IT Applications – Payment Systems

2. IT Applications-Non Payment Systems

3. IT Infrastructure- Networking

4. IT Infrastructure-Hardware and Software

5. IT Policy

6. Administration (General and Data Centre) at the Central Office

5.1.1 In addition to the divisions at Central Office, the Department operates and maintains three data centres namely Primary data centre, On-City data centre and Off-City data centre.

5.1.2 Presently the staff in DIT is a complement of the DSIM cadre and general side officers.  Although there is no separate IT cadre in the Bank, officers with either IT background or aptitude to work in an IT environment are considered to be posted to DIT. There have been some efforts by the Reserve Bank to employ people with IT background through a special recruitment / contract appointment.

5.1.3 The present IT Vision Document 2011-17 provides the genesis for reviewing the functions and consequently the organisation structure of this department.

5.2 Issues faced by the department : After examining the present roles, responsibilities and functions as also the organisation structure of DIT, the Committee observed the following issues posing challenges to the department. These issues grouped under related heads are enumerated below :

5.2.1 Policy related

i. Governance: There are inadequacies in structure in the areas of IT governance, information governance, data governance, information security governance.

ii. Policy Formulation: For ensuring overall efficiency of the IT systems, there is a need for periodical reviews of information and security policies encompassing data and information governance, information security, IT, audit of IT processes and infrastructure.

5.2.2 Process related  

1. Business Continuity Management: With several critical systems brought under IT at different points of time and with different maturity levels, it is becoming exceedingly difficult to plan and implement business continuity activities relating to crisis management, incident management, emergency management, contingency planning as well as alternate planning of all its applications.

2. Internal Process Re-engineering: Adoption of IT-based solutions is expected to bring in several advantages like faster processing, cost reduction and qualitative change in the working environment. This requires meticulous process re-engineering. Although some efforts are made for process re-engineering, there is no focal point for all the activities, thus leaving scope for considerable improvement.

3. IT Infrastructure Management: This function relates to procurement and maintenance of IT Infrastructure including hardware and software and network management in the Reserve Bank. Currently, there are a multitude of suppliers and service providers performing various IT related functions in the Reserve Bank. Proper co-ordination is becoming a serious concern in ensuring timely delivery of various items.

4. Vendor Management: This function relates to single vendor lock-in problems, concentration risk and accountability issues. Dependency on third party service providers for provision of certain services pose limitations on the range and level of services offered. Lack of coordination among vendors also leads to operational problems. This results in reducing the overall efficiency of systems.

5. Project Management:  Managing IT resources, either for achieving the desired objectives or creating new resources for business or functional objectives, has become complex. Therefore, there is an overarching need for professionally managed projects. Absence of formal project management guidelines in the Reserve Bank often results in project overruns in terms of effort, cost and time.  

5.2.3 HR related

There is no separate IT cadre in the Reserve Bank.  However, the Reserve Bank had earlier recruited a few IT specialists and had also employed a few on contract basis. In view of the transfer and placement policy of the Reserve Bank, it is not possible to keep officers posted to DIT on a permanent basis. The new entrants to the department, particularly those identified to work at data centres or with specific applications take a longer time to acquire the necessary skill sets. Thus, it has been difficult to identify officers with the right aptitude to work in the IT environment in the Reserve Bank. There is an alignment mismatch between IT and HR related issues.

5.3 Recommendations

Based on the issues discussed above, the Committee recommended the following :

5.3.1 Policy related

i. A high level multi-disciplinary / multi-departmental group may be entrusted   with the preparation of various governance framework/structure/prepare appropriate policies as mentioned above for the Reserve Bank. DIT may provide the secretarial services for this high level group.

ii. RBI may consider constituting a top level body with external technical & domain expertise to address bank wide IT strategy, plan and standards.

iii. In order to put in place the above governance frameworks, there is a need to define and assign the following roles in the Reserve Bank:

• Chief Information Officer (CIO) - Responsible for managing information assets of the organisation including data, and implementing data governance and information governance framework.

• Chief Information Security Officer (CISO) - Responsible for ensuring the security framework for the information assets of the Reserve Bank. CISO will prepare the information security policy in accordance with the business priorities and risk. CISO will be responsible for implementing the information security governance framework.

• Chief Information Technology Officer (CITO) - Responsible for providing and maintaining the IT infrastructure of the Reserve Bank. 

5.3.2 Process related

i. A department/division may be entrusted with the responsibility of BCM which would include Business Impact Analysis (BIA: process of analyzing the effect of interruptions to business operations or processes on all business functions) and preparing Business Continuity Plans(BCP: process of developing prior arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions can continue within planned levels of disruption)

ii. A multi-disciplinary group(s) is to be entrusted with the responsibility of process re-engineering. The Group would be responsible for optimizing processes and allocating resources before taking up any new development as outlined under:

• Creation of an Internal Process Re-engineering (IPR) Cell in DIT.

• The IPR Cell to consist of a group of experts with domain knowledge and also with knowledge of IT management. The domain knowledge group will change for each project.  External experts may also form part of the team.

• Any computerisation in the Bank must start after certification from IPR Cell that it is process compliant.  

5.3.3 HR related 

(A) Suggested structure  

1. Some institutions have attempted to resolve the issues relating to IT Infrastructure Management by setting up a separate subsidiary for providing total IT infrastructure management services. The Reserve Bank could also consider this option. This subsidiary could attract talent with proper market related remuneration package.

2. The new subsidiary could relieve IDRBT from network management and other services to enable it to concentrate on research related activities.  This would enable IDRBT to become a Centre of Excellence (CoE) by serving as a laboratory for all research and development activities. It would also help the Reserve Bank to focus on policy related issues.

3. There could be several operational and legal hurdles that need to be addressed before achieving the above objective. Therefore, until the formation of a subsidiary, DIT may attempt to bring all outsourcing activities relating to procurement and maintenance of hardware and software as also network management to a single vendor.

4. In case it is not possible to achieve the above objectives, DIT may recruit specialists on contract basis for IT infrastructure management. 

5. In order to implement IT projects in a professional manner, specific multi- disciplinary groups consisting of officers from various domains including business, technology and legal may be formed. The groups may be responsible and accountable for the project and be entrusted with necessary powers. The groups may be flat in their structure and may be disbanded at the end of the project.

6. Appropriate project management guidelines may be put in place.

7. DIT to be solely responsible for providing IT services, systems and technology for maximising value of information and knowledge.

(B) Others

1. There should be a talent pool of IT resources in the Reserve Bank. This pool may be formed with the joint concurrence of DAPM, HRDD and DIT. DIT will have to articulate and identify the criteria for IT personnel. 

2. The awareness about the functions and opportunities of DIT should be highly publicised and the relevance of the department to the overall functioning of the Reserve Bank should be suitably indicated so as to reflect that tenure at DIT would serve as an encouragement for career progression within Reserve Bank.

3. The initiative taken by the Reserve Bank for lateral recruitment of officers at the senior level can be further pursued. This will help in strengthening the IT pool.

4. A core team of officers who have an aptitude for IT and who have the necessary minimum expertise can be identified and trained in core IT areas for forming the IT pool.

5. DIT and HRDD should jointly work towards formulating a policy for providing continuous training to this pool of resources which would help in up-gradation of skills and would also keep the resources abreast with latest technology trends.

6. Resources from the IT pool could be deployed to   Regional Offices for effective implementation and monitoring of all IT projects.

7. A model organisation structure for IT Governance on the lines prepared by IDRBT can serve as a reference model (Annex 2).

Annex 1

Study of organisation structures of other Central Banks

Members of the Sub-Group 3 in its first meeting held on July 7, 2010 deliberated upon the IT practices & organization structure followed in Central Banks across the globe. Members desired that a study of the IT Organisation Structure of few Central Banks could be taken up by DIT, which could facilitate the Sub-Group in finalising its recommendations. Accordingly, DIT initiated the study of Central Banks by contacting few Central Banks through e-mail by also by seeking information through websites.

Bank Negara Malaysia

The IT services Department in Bank Negara Malaysia is structured to look after System development and solutioning, Services and Infrastructure Management and Strategic Planning and Governance on a broader scale. The System development and Solutioning division looks after the Payments and Treasury Systems, Statistical and Administrative Systems and Knowledge Management Systems. The Services and Infrastructure Management division looks after the DC and RC Operations and Management, Systems and Storage Management, IT Services Management, Network Management and End User Computing Services. The Strategic Planning and Governance division looks after the Strategic Planning, Governance Security and Risk Management, Project Management Office and Finance Administration and Training. The IT Department is headed by a Director who reports to the Assistant Governor of the Bank in the organizational hierarchy. The Assistant Governor in turn reports to the Deputy Governor and Governor.

Staffing, Remuneration and Career path of IT personnel in Bank Negara

91% of IT personnel (Executives and Managers) hold bachelor/master degree in IT-related fields. Basically, three categories of applications/infrastructure services are managed by the IT skilled personnel :

• Enterprise Applications such as email, search, collaboration tools, and document management system

• Business Applications which are developed or procured (off-the-shelf software) to meet the needs of the line departments

• Infrastructure services such as network, server, storage, end-user empowerment tools as well as security monitoring tools

Further, the Bank Negara Malaysia (BNM) offers tangible and intangible reward propositions based on value contributions and continuity in earning potential.  It provides common benefits to all staff in the organization and their remuneration package are commensurate with their respective roles and positions. To ensure that its remuneration package remains competitive and relevant, BNM continuously benchmarks with the relevant industries, specialists and job families annually. Infrastructure (i.e. network, servers, database and security) and    application system development skilled IT personnel are recruited mainly for IT Department. However, there are IT personnel who were recruited for some departments to undertake specific roles such as the following :

• IT-related skills for the design and development of multi-media contents and development of websites in Corporate Communication Department.

• IT-related skills to undertake 1st level technical support for software packages such as the treasury and financial systems.

• The IT personnel career path follows the same organization-wide generic career path.

• All responsibilities assigned are related to IT (with the exception of departmental administration staff). This includes the support and maintenance of ICT Infrastructure, Application Development and Planning.

Swiss National Bank

The Swiss National bank’s Information and Technology Management generally deals with the areas of Management Support, Banking Applications, Banking Operations and Infrastructure. The organization of the IT department is structured into banking applications comprising of banking applications, monetary applications, statistical applications and inter-bank interfaces, Enterprise applications comprising HR and Financial Applications, Enterprise Content Management Applications, Electronic Workplace and Databases, infrastructure viz Client Systems, Server Systems, Network and Storage and Data Centre Services and IT security and architecture. The CTO at the Swiss National Bank is called “Head of IT” and reports directly to the Governing Board – he is not a member of the board.

The IT Department is fully staffed with IT professionals (exception: Secretary) holding either a degree in computer science, engineering or a similar educational background. A number of them have many years of experience in IT.

Bank of Canada

The Bank of Canada has developed a framework that establishes at a high level, the roles, responsibilities, structure, principles, and process of all management bodies and people involved in IT decision making within the Bank.

The Executive Team is very actively and visibly involved in strategic Bank-wide IT and performs the following role:

• Clear alignment of IT strategy with Bank strategy involves balancing trade-offs, building agreement, and resolving conflicting priorities.

• Co-ordinated and efficient use of shared IT solutions and services on pursuit of business value

• Consistent and common standards for processes, tools, and technology more predictability

• Collaboration across IT to improve learning and knowledge sharing  less re-invention and fewer mistakes

• Improved performance and quality measures demonstrating how well we are doing.

At the Executive Management level there is a Corporate Management Committee which provides oversight on all corporate policies and standards, approves IT strategic direction, priorities and budget and resolves contentious issues. The chiefs of all departments are members of the Information Technology Review Committee which essentially:

• Provides strategic coherence
• Builds consensus, approves exceptions to standards
• Advises CMC on IT investment at the Bank level and the Program level
• Analyzes issues raised by ITRC
• Prioritization of smaller initiatives on an annual basis and advises ITRC
• Proposes standards and principles and advise ITRC of the bank-wide impact

The Directors are the members of the Business Information Technology Council which:

• Run IT operations, deliver IT programs
• Finalises Strategy, budget, Service agreements and performance metrics

The Executive sponsor is the Champion and the guide to the program and performs the following role:

• Defines and drives business value
• Ultimate authority for the project
• Approves overall scope, schedule and budget, approves major changes and champions approval at EMC.
• Represents project to the EMC.

Key roles of the Business Leader Supported by Steering Committee

• Deliver the Business Value Approve resource allocation and key project people
• Resolves major scope, schedule and budget issues
• Resolves issues escalated by the Program Manager
• Approves key internal and external positioning and communications
• Drives rapid decisions on issues with wider Bank implication

Key role of Program Manager

• Provides program leadership and direction
• Deliver the Program/Project objectives
• Approves detailed project plans, budgets and work products
• Resolves or forwards policy issues requiring action
• Controls project stream resource allocation
• Makes user resources available as required
• Disposes of issues and project scope change requests
• Monitors and reports progress

The Bank of Canada has in its IT governance the Chief at the helm of ITS  and is supported by Directors for Operations and Infrastructure, Applications and Data Management Services , Enterprise Portfolio Management ,Project Delivery and IT transformation.

Better business value delivered by Information Technology Services (ITS)

• Clear roles, responsibility and accountability between the business and ITS, with enhanced decision making processes

• Greater focus on the right priorities and allocation of the right expertise at the strategic, tactical, and operational levels

• Improved quality and effectiveness of end-to-end delivery

• Prioritization decisions based on a Bank-wide views

• Joint business and IT planning, focused on longer term projections

• Simplification and leveraging of technologies across businesses

• Collaborative and transparent processes

Federal Reserve Bank New York

The Technology Services Group (TSG) is responsible for the strategic planning and provisioning of automation services to the Federal Reserve Bank New York. These include application development, data architecture, network, communications and data center infrastructure and operations, project management, technology vendor management, and overall information technology and information security. The TSG also provides national information security, incident response, national remote access and enterprise search services for the Federal Reserve System. The TSG reports to the first Vice-President who reports to the Chairman of Federal Reserve Bank. TSG is organized around various business lines that work together to deliver high-quality products and services to Bank and System clients viz. Application Development, Governance, Information Security, Program Management Office and Technical Engineering and Computing Services.

Bank of England

The Information Systems and Technology Division (ISTD)  of the Bank of England deals with Security, Communications, Information Strategy, IT Governance, Risk Management, Application Platform Support, Infrastructure Management, Service Operations, Data Centre Operations etc. The Chief Information Officer (CIO) is the Head of the ISTD and is supported by Chief Technology Office;  Application Development and Maintenance comprises of  Analytical IT and Financial Operations and Central Services IT; CIO Support ; Infrastructure; Service Management and Operations. The CIO reports to an Executive Director who is the Central Services Secretary of the Bank and the Executive Director reports directly to the Governor of the Bank.

Annex 2

IT – Organizational Structures

IT Governance Model

Model Organizational Structure for IT

Functional Overview of IT

Alignment in Action

Information Security Function

Responsibilities

• Information Security Strategy and Policy for the bank. (applications, data, infrastructure and people related)

• Owning and sponsoring all security programs in the bank.

• Monitoring security logs of applications, operating systems, databases, networks, etc.

• Business Continuity and Disaster Recovery Planning and Monitoring.

• Facilitating investigations in IT frauds and mitigation measures.

IT Supplier and Resource Management Function

Responsibilities

• All IT Sourcing (in-sourcing, outsourcing and co-sourcing) activities
• Supplier Relationship Management
• Supplier short listing, negotiation, selection (through EOI, RFI, RFP etc.)
• IT Procurements
• Service Level Agreement (SLA) Management: Enforcement and Review
• Supplier performance Management (metrics, standards, audits etc.)
• Maintain the IT  Supplier Service catalogue (Empanelment)
• Planning Training and Development of Human Resources in IT
• Promoting Green IT initiatives like saving energy, cost and other resources

IT Assurance Function

Responsibilities

• All Quality, Risk and Compliance Management Initiatives within IT
• Performance / conformance metrics, reports, dashboards
• Testing all solutions (developed in-house or outsourced)
• Internal user feedback and analysis
• Interaction with Audit, Risk and Compliance functions within the bank

Appendix

Memorandum
High Level Committee for
Information Technology Vision of the Reserve Bank of India

The Department of Information Technology (DIT) at the Reserve Bank of India was formed in 1995 to take care of information technology (IT) deployment within the RBI and to serve as facilitator for adoption of IT in the banks. Over a period of fifteen years the department has satisfactorily fulfilled most of the objectives set to it at the time of formation. During this period, several developments have taken place in the realm of technology and its adoption in the banking sector, which have a bearing on the role, responsibilities, functions and organization of the department. IT environment has undergone substantial transformation over this period and hence there is felt a need to revisit Department's objectives with an aim of redefining goal, focus and mandate for the department in the changed environment. It has accordingly been decided to set up a High Level Committee for this purpose.

2. The terms of reference for the Committee are:

1. Review of the contribution of DIT in establishment of IT infrastructure in the Reserve Bank and banking sector over the period of fifteen years

2. Preparation of Information Technology Vision Document for the period 2011-17, taking into account requirements and expectations of banking system in general and Reserve Bank in particular.

3. Keeping in view the IT Vision Document, redefining the role, responsibilities, functions and organization of DIT

4. Specifying the role of the department in meeting the information needs of the Reserve Bank in particular and the society in general.

3. As the terms of reference cover diverse dimensions, there is a need for experts with varied backgrounds from within and outside the Reserve Bank to participate in the review. Accordingly, the constitution of the Committee is as follows :

5. The Committee may submit the report within six months from the date of its first meeting.

(Dr D Subbarao)
Governor

February 16, 2010