Clari5

How can RBI’s latest guidelines help Indian banks combat cybercrime?

Rising cybercrime in India is no secret. According to a report by Symantec, India now ranks 3rd in the world, after the US and China, as a source of malicious activity. In fact the National Crime Records Bureau data reveals that in the three years up to 2013, registered cases of cyber crime were up 350 percent, from 966 to 4356. Dubious distinctions both, and give banks and the financial sector in India cause for worry.

Keeping in mind the dramatic swell in online economic crimes, India’s central bank – RBI (Reserve Bank of India) recently issued a comprehensive circular to all banks in India urging them to implement a cybersecurity framework. It prescribes the ideal approach for banks on taking concrete measures to combat cybercrime, fraudulent activities online and thereby retain customer confidence, reduce financial losses and ensure business continuity.

Cybersecurity measures for banks as outlined by RBI’s circular

In light of the rising frequency and impact of cyber attacks, the RBI circular to banks urges them to take adequate measures that are robust and resilient which address and tackle risks posed by cyber criminals, and in the meantime also put in place an adaptive Incident Response Management and Recovery framework to deal with adverse disruptions if and when they occur.

The foundation for fighting cyber crime would stem from a Bank Board approved cyber security policy that outlines the approach for combating cyber crime. This policy is not to be confused with the IT policy or IS security policy and its strategy should encompass some of the following:

  • Identify and assess risks, technologies adopted, regulatory compliance, delivery channels (online/ mobile, etc.), organizational culture, internal and external threats, and processes and policies in place to manage and combat risk
  • Continuous surveillance by testing for vulnerabilities through a SOC (Security Operations Centre) that is constantly updating on the nature of emerging cyber threats
  • IT architecture to be conducive to security measures to be implemented by the bank post assessment of readiness and ensure that network connections to database are allowed through a well defined process and by authorized personnel only
  • Ensuring the confidentiality, integrity and security of customer data is preserved, without any compromise of the same
  • Formulating a Cyber Crisis Management Plan (CCMP) whose primary focus should be: detect, response, recovery and containment to address various types of cyber threats including and not limited to: distributed denial of services (DDoS), ransom-ware / crypto ware, destructive malware, business email frauds including spam, email phishing, spear phishing, whaling, vishing frauds, drive-by downloads, browser gateway fraud, ghost administrator exploits, identity frauds, memory update frauds, password related frauds, ‘zero’ day attacks, remote access threats and more.

 

Baseline Cybersecurity requirements – an indicative list

Banks need to fortify the measures adopted to achieve baseline security and resilience. For instance:

  • monitor logs and incidents in real time or near real time
  • configure hardware and software appropriately
  • automate network discovery and management
  • use the right tools and mechanisms to detect unusual activities in servers, end
    points and network devices
  • protect customer access credentials such as logon user-id, authentication information and tokens, access profiles, etc. against leakage/attacks
  • implement controls to minimize invalid logon counts, deactivate dormant accounts
  • monitor any abnormal change in pattern of logon

The RBI circular mandates a detailed list of cyber defence apparatus. It is evident that a large majority of these measures and requirements can be fulfilled by robust software tools and products that are built for specific purposes. But banks must also remember that from a day-to-day operations’ perspective, it is imperative to have a system that monitors, tracks, alerts and preempts any anomalies that occur in banking transactions, in real time.

“Detect and prevent” as it happens and not wait for end-of-the-day reporting of incidents that are suspicious. In fact RBI’s circular lists out the implementation of risk-based transaction monitoring or surveillance process as part of fraud risk management system across all delivery channels.

In addition to optimizing available technology to strengthen controls for effective risk and fraud management, banks need to conduct employee and management awareness workshops, encourage them to report any suspicious behavior to the incident management team, and conduct targeted training for key staff in operations/ management roles and evaluate awareness periodically.

In parallel, banks need to conduct awareness programmes for their customers and encourage them to report phishing mails/ phishing sites, highlight the risks of sharing their online account credentials, passwords, and other measures they can take to protect themselves from fraudsters and people with malafide intent.

The RBI circular also touches upon the topic of governance aspects which include dashboards, intelligence, proactive monitoring and management capabilities with sophisticated tools for detection, quick response and backed by data and tools for sound analytics.  In addition, banks must keep in mind several other issues while equipping themselves to fight cyber attacks: technology issues, people related issues and process related issues.

It would be fair to assume that if Indian banks were to proactively implement an intelligent, cross-channel anti-fraud defense mechanism, the impact of cybercrime (if/when it occurs) can be vastly minimized.

 

Source: RBI Circular of June 2016

AML as a Service

AML as a Service

Past few months have seen a lot of activity from regulators, bankers and industry bodies alike towards curbing money laundering. Rules are becoming stringent and reporting more accurate. Then there were hefty fines levied on certain banks for non compliance with AML guidelines.

During our conversation with bankers, it consistently emerged that bankers have AML compliance as one of their top priorities. This is a clear outcome of lot of banks having plugged their technology for AML, leaving the banks which have not yet taken solid steps towards AML exposed to becoming a conduit for money laundering leading to take evasions, balck money and terror financing.

However, a major barrier these banks face is that technology investments are CAPEX which means budgeting for these investments at the beginning of financial year. It also necessitates a longer procurement cycle and boardroom discussions with other departments on redirecting budgets towards AML.

Second barrier is diversion of resources from revenue generation towards maintenance of AML technology, annual licenses,a project management team to monitor the technology and additional costs to incorporate the changing regulatory requirements.

Third barrier is upfront purchase of such technology entrenches the bank with the software vendor, making switching costs very high.

Understanding these concerns of our customers, CustomerXPs has launched Clari5 AML-as-a-Service to help them overcome the above mentioned barriers and provide a safe banking environment.

The first barrier of CAPEX is overcome by changing it to OPEX. This means that banks no longer have to make upfront investment in software, but use the ‘pay as you go’ model of monthly payments. This model of payments is more comfortable to the CIO, CRO and CFO.

Second barrier is taken care by the fact that there is no annual license, no maintenance required by the bank and incorporation of all the additional requirements come as part of the subscription.

Third barrier of entrenching with the software vendor is overcome by the fact that the subscription is monthly which means that banks can switch to other models with all risks covered.

Financial Crime in South Africa!

Financial Crime in South Africa is overwhelmingly omnipresent. According to Christopher Malan, Head of Financial Intelligence Center, South African banks have to work towards being more compliant in combating financial crime i.e. Terrorism Financing and Money Laundering.

Four big banks of South Africa were fined for R125 million by the Reserve Bank for failing being compliant to the regulations. Banks are highly criticized for forming cartels, and behaving monopolistically in the African region. This is one of the various reasons for high financial crime rate in South Africa.

According to PWC report, the biggest thieves are not the lowest paid or least educated but was quite opposite. The senior management are the main perpetrators in South Africa. The fraudsters are mainly in their thirties with University degrees.

The most common scams prevailing in South Africa are internal fraud, money laundering, e-mail scams, identity theft, remittance scams, bribing and corruption, and misappropriation of assets. The leading scam among all the above list is the internal fraud. This revelations by PWC has built a cloud of uncertainty and mistrust inside the organisation. This has  shattered the trust of customers on the financial organization.

Financial crime in South Africa has taken its toll on the lives of people. It has directly or indirectly affected the livelihood of people. Frauds and Scams have robbed people of their resources. It has drained the funds available for country’s development. By knowing what to look out for, one can avoid falling victim to common fraud and scams. Hence, the following infographics will give an overview of different prevailing scams in South Africa. I hope you find it useful.

 

 

 

Simplifying Banking Engagement!

Simplifying Banking Engagement and Empowering your Customers

Rapid change in the banking technology and the behavior of customers pushes banks to be on par with the industry. Gone are the days where everything was complex starting from standing in the queue, filling the form, money transfer, etc. Customers are now searching / looking for those products and companies that can simplify their lives.

Simplicity is mutually beneficial to both customers and banks. In this digital generation where people are always online and busy, expect banks to make their banking experience easier. Customers these days are demanding greater personalization, flexibility, better value, improved service, choice and control. Banks need to reevaluate their  assumptions and fundamentally change how they interact with their customers.  Giving more power to customers by making them have greater control over their money may be uncomfortable to banks, but in the long run it will fetch great result and success.

To simply engagement with customers, banks have introduced multi-channel banking. Multi-channel banking is the buzzword in today’s banking world; the banks are competing to increase their reach by adding new customer touch points, including laptops, PCs, mobile phones, tablets, smart ATMs. Banking on the go is one of the basic need of this tech savvy, young population.

Study below shows the channel usage and their satisfaction level. Source (EY Global Consumer Banking Survey 2014)

The graph above depicts the most commonly / frequently used channels: Online, Mobile and ATM’s tops the chart. When we talk about the satisfaction level of these channels Online and ATM’s  are commonly used by the customers with 36% & 35% of satisfaction level each. On the other hand  channels like Mobile and Branch offices satisfaction level is less compared to online channels.

Apart from using multi-channel banking, banks should encourage their customers to play an active role in tailoring their products and services that alleviate and fix problems. Also, customers care more about convenience than about channels. Banks need to look beyond multi-channel toward a fully integrated banking experience. Banks should focus on marketing offers that are relevant to them and send alerts in real-time. This will not only simply banking engagement, but also enhance the customer experience.

Customer Experience is paramount to establish trust and confidence in banks. Customers are becoming more assertive and taking greater control of their banking relationships. Customers are now more demanding and want their banking experience to be simple, easy and tailored according to their needs. Hence, banks should customize the services based on the customer needs.

Banking Customer Experience in Middle East

Banking Customer Experience in Middle East

The growing importance of customer experience has taken over the banking industry by storm. A recent report published by E&Y details out latest trends in customer experience from around the globe and suggests that banks should aggressively leverage valuable insights from customer behavior to effectively chart out their customer experience strategy.

The infographic below throws light on banking customer experience in Middle East and how implementing real-time technology solutions result in customer delight by making use of deep customer insights.

 

 

Fraud Landscape In Africa – The Pervasiveness of Online Fraud

Fraud Landscape in Africa

Financial Fraud has perpetrated the banking industry in big way. As more people use the Internet for their banking needs, the number of fraudsters eyeing online financial transactions has also multiplied. In Africa particularly , online fraud has proved to be one of the most pervasive forms of financial fraud and is hugely impacting the fraud landscape.

 This infographic below details out the fraud landscape in Africa and how use of innovative anti-fraud technology mitigates & prevents frauds from taking place in real-time.

Continued Commitment to Fight Banking Fraud

Gartner recently published a report on Banking Vertical specific software. According to the report, the banking and securities vertical specific software market grew by 5.9%, riding on replacement of legacy applications in mature markets and new technology investments i emerging markets.

CustomerXPs features in the report as a notable vendor providing banking software. With our Clari5 suite of products, we continue to focus on Enterprise Fraud Management and Customer Experience Management for Banks. Inclusion in the report is confirmation of our focus and belief.

Around same time, Gartner published Market Guide for Online Fraud Detection. This guide provides recommendations to fraud managers for their strategic planning in using technology to combat Online Fraud. In this report too, CustomerXPs is mentioned as a Representative vendor. This inclusion is also a testament to credibility of CustomerXPs as a provider of software to fight banking fraud.

As I have written in an earlier post, there is a sense of satisfaction in receiving the positive feedback from the industry analysts and customers alike, a motivation to continue on the journey we have embarked and to keep committed to our goal of helping customers bank in a fraud free environment.

Customer Experience – The new bedrock for consumer banking

The new bedrock for consumer banking:

Customer experience is not a fad but has the potential to make or break a bank’s revenue. A recent research report from Capgemini revealed that more than half of bank customers are dissatisfied with their retail banking experience. The report also reveals that dissatisfied customers are increasingly choosing competing banks over their present service providers. Therefore, in order to stay profitable in the business, banks must invest in intelligent real-time technology that takes proactive care of customers’ needs and pain areas. Positive customer experience not only improves customer loyalty but also improves top-line for banks.

The infographic below highlights recent trends in consumer banking customer experience and how implementing real-time customer experience solutions would result in mutual benefits for banks and customers.

 

consumer banking customer experience.

 

Changing the Indian Banking Fraud Landscape with Real-time Fraud Prevention Technology

Banking fraud is a $3.5 Trillion global menace. Indian Banking Fraud number instances have increased considerably over the past few years. This surge in banking fraud has not only resulted in banks losing millions but also sustaining irreparable reputational damage. With such attacks becoming more frequent, RBI has mandated banks to comply with recommended measures to secure the technology infrastructure and improve fraud risk management practices for frauds across channels. There is thus a growing need for banks to incorporate strong combat mechanism for not only detecting but preventing frauds in real-time.

The infographic below highlights recent trends in the Indian Banking fraud landscape and how implementing real-time fraud management technology would combat such frauds in a fool-proof way.