9.1 Keeping in view the terms of reference and the existing level of computerisation in the banks, the Committee has made certain recommendations in the preceding chapters. A summary of the Committee’s recommendations is given below :

Communication infrastructure and usage of INFINET

9.2 The approach that could be considered for improving the effectiveness of VSAT network aim at:

• enhancing the transponder capacity to the extent feasible and the number of outroutes as the demand grows, and simultaneously
• work towards having a high performance fiber backbone initially with 2 mbps and 64/128 kbps connectivity appropriately integrating with the VSAT based network. The INFINET should be a blend of satellite, microwave and terrestrial links, appropriately configured depending upon availability, accessibility and likely volume of message traffic. It may be borne in mind that there are a number of places in India which are inaccessible and with difficult terrain and in such places, use of VSATs will be particularly effective.

(Para 2.6.2,2.6.3,2.6.5)

9.3 Banks will need to have servers for files, mail, Web and name services (DNS). Certain applications like Inter Branch Reconciliation (IBR) can be implemented either in a centralised set up or in a decentralised set up depending on the number of branches and volume of transactions. For a bank with very few branches, a centralised set up may be a better option. For banks with large number of branches and geographically widely distributed locations, decentralised approach at Regional / Controlling offices levels may be most useful.

(Para 2.6.4)

9.4 To the extent possible, multiple branches of a bank may be connected to the branch with VSAT through leased lines within a city. Banks may also consider sharing of VSATs by allowing branches of other banks to get connected to their VSATs through leased line links within a city. As and when PSTN link is made available, dial-up connection to VSAT can also be used. Thus the VSAT backbone needs to be used only for inter-city / inter-region / inter-zone traffic.

(Para 2.6.6)

9.5 It would be desirable that participating banks consider setting up their own corporate networks and connect them with the INFINET through appropriate technologies.

(Para 2.6.7)

9.6 For both inter-bank and intra-bank applications, it is necessary to have an application architecture keeping in mind that the INFINET backbone network will be VSAT based. The requirements document and the specifications for each of the applications will have to be prepared considering the VSAT backbone and its characteristics and limitations while casting the applications.

(Para 2.6.8)

9.7 Based on the growth in the network traffic, which will be continuously monitored by IDRBT, INFINET may be expanded by using a blend of satellite and land links as media for payment and settlement systems backbone.

(Para 2.6.9)

Standardisation and Security

9.8 The participating banks setting up their corporate network with INFINET as the backbone would be using TCP/IP. In view of this, some suggestions and recommendations have been made for appropriately configuring Wide Area Network (WAN) inter- networking devices.

(Para 3.5.1)

9.9 There should be an appropriate institutional arrangement for key management and authentication by way of a certification agency. RBI may consider appointing IDRBT as the certification agency for security management.

(Para 3.5.2)

9.10 Banks should adopt widely used standard of cryptography procedures to prevent data tamper during transmission. These standards would require to be periodically reviewed.

(Para 3.5.3)

9.11 The technology should be allowed to evolve into standard - based solutions for multi-vendor heterogeneous environment working cooperatively and collectively for EFTPOS, including the debit, credit and Smart cards based operations. Card layout with Europay, Master card VISA (EMV) specifications appears most suitable.

(Para 3.5.4)

9.12 The Committee recommends that banks may initiate the process of identifying a suitable e-mail/groupware solution, which can run on the INFINET.

(Para 3.5.5)

9.13 The application architecture should be designed keeping in view the INFINET as the backbone for both intra-bank and inter-bank applications. The requirements document and the specifications for each of the applications will have to be prepared considering the VSAT based backbone and its characteristics and limitations while casting the applications.

(Para 3.5.6)

9.14 RBI and banks should have a Standing Committee with members having requisite expertise to periodically review standards / security policies / message formats / system software and their implementation.

(Para 3.5.7)

Outsourcing of technology and services

9.15 Outsourcing software technology would be a better option for banks to resort to in the context of rapid changes taking place in the IT industry so that the fruits of latest developments are available to the banks.

(Para 4.5.1)

9.16 Software outsourced could be customised – either in-house (depending on the availability of core IT competencies at individual banks) or could be outsourced.

(Para 4.5.2)

9.17 It is essential that software that has been outsourced is maintained regularly – either by outsourcing maintenance or by in-house maintenance.

(Para 4.5.3)

9.18 Banks could form Information Technology subsidiaries – either singly or by a group of banks. Such subsidiaries should be closely connected with technology solution providers.

(Para 4.5.4)

9.19 While outsourcing, banks have to consider the competitive edge acquired by them in relation to the capacity of the software outsourced to retain the existing clientele and the ability to attract newer customer groups.

(Para 4.5.5)

9.20 Banks should select the appropriate vendor taking into account factors such as their standing in the Indian IT industry, their image in respect of services offered within the country, their successful track record and continued good financial results, location of support services at desired locations, availability of adequate competent technically qualified and experienced personnel, their capacity to integrate the benefits of growth in technology and latest trends into various banking related applications, and their strategic alliances with leading international IT service providers in making the selection.

(Para 4.5.6)

9.21 Outsourcing application software from more than one vendor could be resorted to by banks. Seamless interface between different software should be provided for, on the basis of clearly defined roles of the different solution providers.

(Para 4.5.7)

9.22 Specific terms and conditions governing the outsourcing activity have to be clearly spelt. Factors such as security, safety for day-to-day operations, integrity of data, liability for third party software, confidentiality obligations, rights of bank personnel to access vendor sites, penalty clauses for delays etc. should be integral part of agreement with vendors.

(Para 4.5.8)

9.23 There is a need for obtaining full sets of documentation – both user and system.

(Para 4.5.9)

9.24 The entire source code should be obtained, if need be under an ESCROW arrangement.

(Para 4.5.10)

9.25 There is a need for expanding the current centralised decision making at the CPPD of banks. Branches play a vital role in technology upgradation; they should be ideal stakeholders in the IT policies of banks.

(Para 4.5.11)

9.26 There is a need for harmonious working relationship with the Inspection / Audit departments of banks, controlling offices, the policy framing departments, systems specialists and even major customers.

(Para 4.5.12)

9.27 It would be ideal to develop in-house capability to perform management of CPPD / IT department. Audit of fully computerised branches and various computer applications may be outsourced. Each bank needs to devise a manual on computer audit and develop appropriate methodologies / systems for conducting computer audit.

(Para 4.5.13)

9.28 All new applications should be subject to pre-installation and post-installation audit in addition to periodical audit.

(Para 4.5.14)

9.29 The capability of the CPPD / IT department for selection of applications for outsourcing, choice of vendors, negotiation, managing the contract and post-installation of the software, managing future computerised solutions etc., have to be reviewed on an on-going basis or at least once in three years.

(Para 4.5.15)

9.30 The personnel policies of banks should provide for not only computerised operations and maintenance of outsourced software but also to ensure the continued availability of such skills for the bank.

(Para 4.5.16)

Computerisation of Government Transactions

9.31 There is a need to computerise all branches of banks dealing with Government transactions. In the first phase computerisation of all focal point branches and State Government Link Cells should be completed by March 31,2000 to be followed by the second phase of computerisation of all branches dealing with Government transactions on an expeditious basis.

(Para 5.3.1)

9.32 Efforts should be made to forward scrolls and other data in respect of Government transactions to all PAOs, Treasury Offices, Drawing and Disbursing offices, and to Finance Departments of State Governments and Accountants General on magnetic media in the initial phase and in an on-line manner subsequently.

(Para 5.3.2.)

9.33 The computerisation of Government departments should be synchronised with the computerisation of bank branches dealing with Government transactions.

(Para 5.3.3)

9.34 The Public Accounts Departments of the RBI should be connected to CAS, Nagpur to enable same day reporting and booking of Government transactions.

(Para 5.3.4)

9.35 All PAOs / Circle offices should be computerised not later than March 31, 2001 and DDOs / Treasury offices before March 31, 2002 in alignment with the computerisation of FPBs and dealing branches.

(Para 5.3.5)

9.36 A Working Committee may be constituted for monitoring the progress of computerisation of branches at banks dealing in Government transactions. This Committee may prepare a blue print for computerisation, monitor the standards of message formats, system and application software developed and progress of implementation. This Working Committee may be made into a Standing Committee over the medium term, if it is felt necessary.

(Para 5.3.6)

9.37 Electronic reporting of transactions to GAD of SBI / Link Cell of banks should be resorted to, with an initial three day cycle to be compressed into two days after stabilisation.

(Para 5.3.7)

9.38 There is a need to delink the submission of scrolls from the funds settlement by the payee branch.

(Para 5.3.8)

9.39 Establishment of connectivity between the CAS, Nagpur and the Reserve Bank’s departments (DGBA, IDMC) and the Controller General of Accounts and the Finance departments of State Governments is necessary. The RBI should develop the necessary software package for information exchange using the INFINET.

(Para 5.3.9)

9.40 The Government may examine the feasibility of introducing a variant of the Electronic Funds Transfer system to facilitate the collection of taxes which could start preferably with collection of direct taxes.

(Para 5.3.10)

9.41 The need for affording interest credit in respect of Relief Bonds to the accounts of Bond Holders through ECS has to be made a workable reality. In the long run, collection of subscriptions to the Relief Bonds Scheme could be routed through ECS mode and with the linking of banks / branches through the INFINET.

(Para 5.3.11)

9.42 The migration to dematerialisation of Government securities requires upgradation of existing technology which should be suitably worked out with scalability as an essential feature.

(Para 5.3.12)

9.43 The computerisation of Government accounts would require a process re-engineering to upgrade the entire process of Government accounting / funding.

(Para 5.3.13)

Data Warehousing, Data Mining and Management Information System

9.44 A robust MIS founded on data warehousing and data mining, at individual bank level is essential for implementing various regulatory guidelines including the latest one on ALM. The structure, configuration and design of the data warehouse may vary from bank to bank.

(Para 6.3.1)

9.45 Data warehouse can be established even across multiple computer platforms as long as the transaction details are made available to the data warehouses in standardised formats. Therefore, banks should standardise the data formats and start supplying the data on a continuous basis from the branches which have already been computerised. It is expected that the computerised branches themselves would provide the critical data for a data warehouse to go live.

(Para 6.3.2)

9.46 All banks should put in place their data warehouse strategy by January 1, 2001. The banks with a large number of computerised branches may start their pilot projects by warehousing certain categories of data (if not all the transactions) by April 1, 2001.

(Para 6.3.2.)

9.47 A Task Force may be set up by IBA to explore feasible methodology for working out a unique identification system for individual customer data bases at banks.

(Para 6.3.3)

9.48 The Reserve Bank of India could establish a Data Warehouse on Banking and Finance for the data collected under the regulatory provisions. Data collected by the Department of Supervision, the Department of Banking Operations and Development, the Exchange Control Department, the Department of Economic Analysis and Policy and the Department of Statistical Analysis and Computer Services of the RBI can be used for data warehousing and data mining.

(Para 6.3.4)

9.49 The Indian Banks’ Association may initiate the process of building another Industry Level Data Warehouse, based on agreements to be signed by the participating banks on sharing of data. This data warehouse may mask the customer information, but it should be based on individual customer information so that the participating institutions can derive the benefit of business segmentation analysis and trend forecasting on various banking operations.

(Para 6.3.5)

Legal framework for Electronic Banking

9.50 The Reserve Bank may promote amendment to the Reserve Bank of India Act,1934 and assume the regulatory and supervisory powers on payment and settlement systems. Simultaneously, the RBI may promote a new legislation on Electronic Funds Transfer System to facilitate multiple payment systems to be set up for banks and financial institutions.

(Para 7.8.1)

9.51 The RBI and IBA should pursue with the Department of Telecommunications (DoT) / other competent Authority to permit encryption of data files / messages transmitted through communication channels for facilitating easier access to remotely located branches to the INFINET network.

(Para 7.8.2)

9.52 Amendment to the Bankers’ Books Evidence Act, 1881 and other relevant Acts would need to be carried out in order to facilitate recognising computer print-outs and records stored on electronic media used in banking transactions as primary evidence within the definition of the Bankers’ Books Evidence Act, 1881.

(Para 7.8.3)

9.53 A Standing Committee to examine legal issues on Electronic Banking with members drawn from the Legal Departments of the RBI, IBA and a few banks may be set up by the Reserve Bank.

(Para 7.8.4)

9.54 CBDT would need to take up the question of amending the relative provisions of the Direct Tax Laws like Section 40 A of the Income Tax Act, 1961 to accord electronic funds transfer the status of crossed cheques / drafts for the purpose of payment of income tax and other taxes. Simultaneously, it should be ensured that the account payee transactions are put through the electronic fund messages to the stipulated account in the same manner as account payee crossed cheques are treated.

(Para 7.8.5)

9.55 The definition of presentment in the Negotiable Instruments Act, 1881 have to be amended to permit electronic presentment of data or image of the cheque to facilitate the introduction of cheque truncation in India. The Reserve Bank may be empowered to frame Regulations on Cheque Truncation by suitable amendment to the Reserve Bank of India Act,1934. Appropriate changes may accordingly be incorporated in the Clearing House Rules and Regulations as well.

(Para 7.8.6)

9.56 There should be a clear distinction between the role of a service provider and that of a regulator and supervisor. Since low value and high volume payments require a good deal of servicing of the participating institutions, it is recommended that such payment and settlement systems may be managed by a group of banks with only the net clearing positions being settled at the Reserve Bank or the settlement bank as notified by the RBI. The Reserve Bank may restrict its electronic funds transfer services only for large value transactions and essential Government securities transactions. Suitable amendment may be carried out to the Reserve Bank of India Act, 1934 empowering the RBI to frame regulations on operating its own electronic funds transfer services and to implement model regulations for electronic funds transfer, payment and settlement systems to be operated by group of banks.

(Para 7.8.7)

9.57 The proposed Standing Committee on legal issues on Electronic Banking may, among others, consider the need for appropriate regulation/ legislation on netting of inter-bank payment obligations arising out of the EFT systems which would operate on deferred/ discrete/ netting basis. The need for a model Posting Rules which would determine the time of posting of the net position and the time gap after which withdrawal would be permitted by the bank acting as the Settlement Bank, may form part of the netting regulations/ legislation. The Standing Committee may examine the need for incorporating model risk management practices as part of the netting regulation / legislation.

(Para 7.8.8)

9.58 Issues on confidentiality of data in the computerised environment and in the context of banker’s secrecy obligations require a detailed scrutiny which may be examined by the proposed Standing Committee on legal issues on Electronic Banking.

(Para 7.8.9)

Other Related Issues

Technology plan for banks

9.59 Participating banks would need to work out appropriate technology plans in line with the financial application architecture that they would be adopting.

(Para 8.1.3)

Re-engineering

9.60 Banks may choose the branches and areas of operation where they have already introduced a certain degree of automation and computerisation and review the systems and procedures in these branches/areas to adapt them to the technology that is newly introduced. These banks should now attempt to have a hi-tech bank within the bank, totally distinct and different from the other branches and areas of operation which now perform the routine business without that much of intensity of computerisation.

(Para 8.3.1)

9.61 The stress should be laid on review of the processes, based on the technology introduced or likely to be introduced in selected areas, dovetailing with the processes at the other branches and, if necessary, there can be a separate manual or work procedure for this purpose, without disturbing the existing situation.

(Para 8.3.2)

9.62 Such of the banks which do not expect any problem in introducing new systems and procedures tailored to the technology upgradation being attempted, can straight away proceed with the process of re-engineering.

(Para 8.3.3)

9.63 The newly established private banks which have the advantage of starting with the latest technology from the very beginning, should take up the process re-engineering in right earnest.

(Para 8.3.4)

9.64 Each bank should chalk out a time-bound programme, synchronising with the level of computerisation being planned by it, stemming from the directions of the top management.

(Para 8.3.5)

9.65 The exercise of re-engineering would require complete commitment from the top management and a constant review till its final application. Such an exercise may need to be monitored by a designated authority. In the case of public sector banks, this may be assigned to the in-charge of Computer Policy and Planning Department. The designated authority would report directly on the matter to the Chairman of the bank.

(Para 8.3.6)

9.66 The designated monitoring authority should constantly and continuously interact with the other banks, the Reserve Bank of India, the Government, IDRBT, IBA and institutions connected with Information Technology. The Indian Banks Association would have to take the initiative of convening periodic meetings of the monitoring authorities of the banks, at least once a quarter to review and discuss the problems, if any, faced by the banks including the matching of their procedures with the technology. The Reserve Bank may call the meeting of the Chairmen and Managing Directors of public sector banks every half year to discuss the progress in upgradation of technology in the banks.

(Para 8.3.7)

9.67 The implementation of the process re-engineering has to be monitored in relation to time schedules set up and then replicated to other branches / Departments etc.

(Para 8.3.8)

Issues Relating to Human Resource Development

9.68 Banks should create an environment conducive to their rank and file, in absorbing the latest and advanced technology available all around. Education of staff on IT should be given due importance. Adequate budgetary allocation for the purpose, needs to be given. The training establishments of the banks should be strengthened with adequate personnel and other infrastructure facilities, to impart necessary IT training to all levels of staff. The banks may, if necessary, have tie-up arrangements with some specialised institutions imparting training in IT to conduct customised training programmes for the bank staff.

(Para 8.5.1)

9.69 There is a need for an institution specialising in affording training to bank staff exclusively in banking related IT. A continued training programme for all banks will need to be worked out by IBA in consultation with the Indian Institute of Bankers, IDRBT, the training establishments in banks, NIBM and NCST.

(Para 8.5.2)

9.70 The larger banks should explore the possibilities of giving exposure to their technical staff on the latest developments that are taking place around the world in the area of IT and allied areas by deputing their technical officers to the banks and other specialised institutions abroad and also to the Seminars, Workshops, etc. relating to IT.

(Para 8.5.3)

9.71 IBA may examine the issue of providing incentives for acquiring specialised knowledge and skill in IT related matters in the form of financial benefits and/or better promotional opportunities, keeping in view the administrative constraints of the banks.

(Para 8.5.4)

Sharing of Experiences on technology implementation

9.72 The meetings of CPPD Chiefs should be sufficiently frequent enough to be effective. Meetings by the IBA for this purpose, once in two months would be useful. The Heads of Technology Departments of banks other than the public sector banks may also be invited by rotation for these meetings to provide opportunities for exchange of experiences about the technology implementation and management of change to modern technology.

(Para 8.7.1)

9.73 The IBA Standing Committee on technology issues may also meet more frequently to ensure the successful implementation of industry level technology projects like ECS, EFT, SPNS and Smart Card.

(Para 8.7.2)

9.74 Implementation of an industry level Data Warehousing under the aegis of the IBA may also require close co-ordination and sharing of experience by banks.

(Para 8.7.2)

9.75 The IBA Standing Committee may also consider preparing an Approved List of Software Vendors on specified application packages such as Total Branch Computerisation (TBC) package, Inter-Branch Reconciliation (IBR) Package, ALM Package etc.

(Para 8.7.2)

9.76 The Model Guidelines for outsourcing as recommended by this Committee may be periodically reviewed by this Standing Committee based on the feed back given by the members of IBA.

(Para 8.7.2)

9.77 CPPD Chiefs would need to participate actively in bringing into the open issues in banking technology. For the banking industry to benefit from such initiatives, IDRBT may take necessary action to create a Web-site and make reports, reviews and news items available on the Internet for downloading.

(Para 8.7.3)

9.78 Vendors on Banking Technology may be persuaded by IBA to organise events like Exhibitions and Symposia and international events like International Transaction Processing Seminars / ACH Seminar etc. every year. The goal should also be to make India a good market place for banking software. Such a move would help in driving down the cost of banking technology over a period of time.

(Para 8.7.4)

(A.Vasudevan)
Chairman
(D.K.Tyagi)		(Gulshan Rai)
(H.Krishnamurthy)		(S.M.Padwal)
(V.P.Gulati)		(M.N.Dandekar)
(K.Shesha Sayee)		(A.K.S.Rao)
(R.V.Iyer)		(P.Basu)
(R.R.Chavan)		(C.N.Ram)
(A.G.Prabhu)		(V.T.Godse)
(Ashish Rege)		(A.Ghosh)
(V.S.N.Murthy)		(Smt.Shyamala Gopinath)
(B.Ramani Raj)		(N.V.Deshpande)
(S.R.Mittal)
Member-Secretary