Document Details

FlashyClematis845

Uploaded by FlashyClematis845

National P.G. College Lucknow

Atul Gupta

Tags

core banking systems banking services financial technology banking

Summary

This document explores core banking systems, encompassing various banking services, products, and technologies in India. It details core banking functions and the critical role of information technology in enhancing service delivery and customer satisfaction within the banking industry.

Full Transcript

Chapter -5 CORE BANKING SYSTEMS OVERVIEW OF BANKING SERVICES Today banks provide various banking services to citizens staying even at the remotest location in India. Key factors that helped banks reach this level of service delivery being: 1. Information Technology (IT) 2. Usheri...

Chapter -5 CORE BANKING SYSTEMS OVERVIEW OF BANKING SERVICES Today banks provide various banking services to citizens staying even at the remotest location in India. Key factors that helped banks reach this level of service delivery being: 1. Information Technology (IT) 2. Ushering of reforms by successive governments led to huge growth in India’s global business. 3. Successive governments focus to have financial inclusion for all Indians. Banks were found to be most capable of helping government achieve this goal. 4. Growth of internet penetration across India. Q. Why is it important to have Core Banking Systems? CORE BANKING SYSTEMS (CBS) helps to meet the requirements of its customers, to be able to meet the global challenges in banking and to enhance its service delivery models allowing banks to scale up operations, better service delivery and improved customer satisfaction thereby improving the overall efficiency and performance of its operations. Q. What are the key features of banking services? The core of banking functions is acceptance of deposits and lending of money. The key features of a banking business are as follows: The custody of large volumes of monetary items, including cash and negotiable instruments, whose physical security should be ensured. Dealing in large volume of transactions. Operating through a wide network of branches and departments, which are geographically dispersed? Increased possibility of frauds as hence mandatory for banks to provide multi-point authentication checks and the highest level of information security. Q. Enumerate the major products and services provided and rendered by commercial banks? 1. Deposits involve deposits made by customers in various schemes for pre- defined periods. Commercial banks accept deposits in various forms such as term deposits, savings bank deposits, current account deposits, recurring deposits and various other innovative products. 2. Advances constitute a major source of lending by commercial banks. The type of advances granted by commercial banks take various forms such as cash credit, overdrafts, purchase/ discounting of bills, term loans, securitization of credit sales, housing loans, educational loans, and car loans, etc. 3. Remittances involve transfer of funds from one place to another. Most common modes of remittance of funds are as follows: 4. Demand Drafts are issued by one branch of the Bank and are payable by another branch of the Bank The demand drafts are handed over to the applicant. 5. Mail Transfer (MT), no instrument is handed over to the applicant. The transmission of the instrument is the responsibility of the branch. Generally, the payee of MT is an account holder of the paying branch. 6. Electronic Funds Transfer (EFT) is another mode of remittance which facilitates almost instantaneous transfer of funds between two centers electronically. 7. Real Time Gross Settlement (RTGS) is an electronic form of funds transfer where the transmission takes place on a real-time basis. In India, transfer of funds with RTGS is done for high value transactions, the minimum amount being ` 2 lakh. The beneficiary account receives the funds transferred, on a real- time basis. 8. National Electronic Funds Transfer (NEFT) is a nation-wide payment system facilitating one-to-one funds transfer. Under this Scheme, individuals can electronically transfer funds from any bank branch to any individual having an account with any other bank branch in the country participating in the Scheme. 9. Immediate Payment Service (IMPS) is an instant payment inter-bank electronic funds transfer system in India. IMPS offer an inter-bank electronic fund transfer service through mobile phones. Unlike NEFT and RTGS, the service is available 24x7 throughout the year including bank holidays. 10. Collections involve collecting proceeds on behalf of the customer. 11. Clearing involves collecting instruments on behalf of customers of bank. The instruments mentioned above may be payable locally or at an outside center. ECS is generally used for bulk transfers performed by institutions for making payments like dividend, interest, salary, pension, etc. and takes two forms: ECS Credit or ECS Debit.In the case of ECS Credit, number of beneficiary accounts are credited by debiting periodically a single account of the bank. Examples of ECS Credit includes payment of amounts towards dividend distribution, interest, salary, pension, etc.In the case of ECS Debit, large number of accounts with the bank are debited for credit to a single account. Examples of ECS Debit includes tax collections, loan installment repayment, investments in mutual funds etc Other Banking Services a) Back operations: These cover all operations done at the back office of the bank. These are related to general ledger, Management Information Systems, reporting, etc. b) Retail Banking: These are also called front-office operations that cover all operations which provide direct retail services to customers for personal use. Eg debit cards, personal loans, mortgages etc. c) High Net-worth Individuals (HNI): Banks provide special services to customers classified as High Net-worth Individuals (HNI) based on value/ volume of deposits/ transactions. d) Risk Management: Risks are all pervasive in the banking sector. This should be done at strategic, tactical, operational and technology areas of the bank. Risk management is best driven as per policy with Q. What is meant by CBS and what are its characteristics? Core Banking System/Solution (CBS) refers to a common IT solution wherein a central shared database supports the entire banking application. It allows the customers to use various banking facilities irrespective of the bank branch location. Eg Finacle, Flex cube , FinnOne The characteristics of CBS are as follows:  There is a common database in a central server located at a Data Center, which gives a consolidated view of the bank’s operations.  Branches function as delivery channels providing services to its customers.  CBS is centralized Banking Application software that has several components which have been designed to meet the demands of the banking industry.  CBS is supported by advanced technology infrastructure and has high standards of business functionality.  Core Banking Solution brings significant benefits such as a customer is a customer of the bank and not only of the branch.  CBS is modular in structure and is capable of being implemented in stagesas per requirements of the bank.  A CBS software also enables integration of all third-party applications including in-house banking software to facilitate simple and complex business processes. Q. What are the key aspects of CBS ? INFORMATION FLOW CUSTOMER CENTRIC KEY ASPECTS REGULATORY COMPLIANCE RESOURCE OPTIMIZATION Q. Enumerate the key features of Core Banking Systems. 1) On-line real-time processing. 2) Transactions are posted immediately. 3) All databases updated simultaneously. 4) Centralized Operations (All transactions are stored in one common database/server). 5) Real time seamless merging of data from the back office and self-service operations. 6) Significant reduction in the errors which occurred due to duplication of entries. 7) Separate hierarchy for business and operations. 8) Business and Services are productized. 9) Remote interaction with customers. 10) Reliance on transaction balancing. 11) Highly dependent system-based controls. 12) Authorizations occur within the application. 13) Increased access by staff at various levels based on authorization. 14) Daily, half yearly and annual closing. 15) Lesser operational cost due to less manpower usage. 16) Automatic processing of standing instructions. 17) Centralized interest applications for all accounts and account types. 18) Anytime, anywhere access to customers and vendors. 19) Banking access through multiple channels like mobile, web etc. Q. Enumerate on the key modules of CBS? In the case of a CBS, at the core is Central server. All key modules of banking such as back office, branch, data warehouse, ATM Switch, mobile banking, internet banking, phone banking and credit-card system are all connected and related transactions are interfaced with the central server. Q. Explain the key technology components of CBS ? 1) Database Environment: This consists of the centrally located database servers that store the data for all the branches of the bank.Whenever a customer requests for a particular service to be performed, the application server performs a particular operation it updates the central database server. The databases are kept very secure to prevent any unauthorized changes. 2) Application environment: It consist of the application servers that host the different core banking systems like Flex Cube, Bank Mate etc. and is centrally used by different banks. The access to these application servers will generally be routed through a firewall. 3) Enterprise Security Architecture & Security Solution: To ensure security; proxy servers, firewalls, intrusion detection systems are used to protect the network from any malicious attacks and to detect any unauthorized network entries. Periodic assessment and testing are carried out to assess the vulnerability and identify the weaknesses. 4) Connectivity to the Corporate Network and the Internet: Network administration also plays a very significant role in core banking systems. There should be adequate bandwidth to deal with the volume of transactions so as to prevent slowing down and resulting in lower efficiency. 5) Data Centre and Disaster Recovery Centre: The core banking systems consists of a Data Centre which includes various application servers, database servers, web servers etc. and various other technological components. The bank should adopt full-fledged documentation and prepare necessary manuals dealing with the disaster recovery procedures. Arrangements for alternate connectivity of the banks with the data center should be established whenever there is a disruption in the primary connectivity. Proper awareness should be created among the employees through periodic trainings and mock drills. 6) Online Transaction monitoring for fraud risk management: Risk evaluations are carried out and considering the risk profile and other regulatory requirements of the bank, effective monitoring should be done as a part of managing fraud risk management. There are also methods that facilitate fraud reporting in CBS environment. Proper alert system should be enabled to identify any changes in the log settings and the audit logs pertaining to user actions are captured. Q. Enumerate the different steps in the implementation of CBS ? 1) Planning: Done as per strategic and business objectives of bank. 2) Approval: The decision to implement CBS should be approved by the board of directors as it requires high investment and recurring costs 3) Selection: Select the right solution by the bank to meet their specific requirements and business objectives. 4) Design and develop or procured: Appropriate controls covering the design or development or procurement of CBS for the bank. 5) Testing: Extensive testing must be done before the CBS is live. The testing is to be done at different phases at procurement stage to test suitability to data migration to ensure all existing data is correctly migrated and testing to confirm processing of various types of transactions of all modules produces the correct results. 6) Implementation: CBS must be implemented as per pre-defined and agreed plan with specific project milestones to ensure successful implementation. 7) Maintenance: CBS must be maintained as required. E.g. program bugs fixed, version changes implemented, etc. 8) Support: CBS must be supported to ensure that it is working effectively. 9) Updation: CBS modules must be updated based on requirements of business processes, technology updates and regulatory requirements; 10) Audit: Audit of CBS must be done internally and externally as required to ensure that controls are working as envisaged. Q. List down the components of CBS IT Environment. 1) Application Server 2) Database Server 3) ATM Channel Server 4) Internet Banking Channel server 5) Internet Banking Application Server 6) Web Server 7) Proxy Server 8) Anti virus software server Q. What are the core business process in CBS? 1) Current and Savings account 2) Credit Cards 3) Loans and Trade Finance 4) Mortgage /Property Loans 5) Internet banking process 6) Treasury process Q. Enumerate the different sub processes involved in Information Security? Information Security Policies, Procedures and practices: This refers to the processes relating to approval and implementation of information security. User Security Administration: This refers to security for various users of information systems. The security administration policy documents define how users are created and granted access as per organization structure and access matrix. Application Security: This refers to how security is implemented at various aspects of application right from configuration, setting of parameters and security for transactions through various application controls. Database Security: This refers to various aspects of implementing security for the database software. For example - Role based access privileges given to employees. Operating System Security: This refers to security for operating system software which is installed in the servers and systems which are connected to the servers. Network Security: This refers to how security is provided at various layers of network and connectivity to the servers. For example - Use of virtual private networks for employees, implementation of firewalls etc. Physical Security: This refers to security implemented through physical access controls. For example - Disabling the USB ports. Q. What are the risks and controls associated with Information security in banks? Risk Controls Significant information resources Super user access or administrator may be modified inappropriately, passwords are changed on system, disclosed without authorization, installation and are available with and/or unavailable when needed. administrator only. Password of super use or administrator is adequately protected. Lack of management direction and Security policies are established and commitment to protect information management monitors compliance assets. with policies. Potential Loss of confidentiality, Vendor default passwords for availability and integrity of data and applications systems, operating system, system. databases, and network and communication software are appropriately modified, eliminated, or disabled. User accountability is not All users are required to have a unique user established. id. It is easier for unauthorized users to The password is periodically changed, guess the password of an kept confidential and complex (e.g., authorized user and access the password length, alphanumeric system and/or data. content, etc.). Unauthorized viewing, modification System owners authorize the nature or copying of data and/ or and extent of user access privileges, unauthorized use, modification or and such privileges are periodically denial of service in the system. reviewed by system owners. Security breaches may go Access to sensitive data is logged and undetected. the logs are regularly reviewed by management. Inadequate preventive measure for Environmental control like smoke key detector, server and IT system in case of fire extinguisher, temperature environmental threat like heat, maintenance devices and humidity control humidity, fire, flood etc. devices are installed and monitored in data center. Unauthorized system or data Network diagram is prepared and access, kept loss and modification due to updated. Regular reviews of virus, network worms and Trojans. security are performed to detect and mitigate network vulnerabilities. Potential loss of confidentiality, Physical access restrictions are availability and integrity of data and implemented and administered to system. ensure that only authorized individuals can access Q. What are the different types of risk associated with the core banking system? 1) Operational Risk: It is defined as a risk arising from direct or indirect loss to the bank which could be associated with inadequate or failed internal process, people and systems. The components of operational risk include the following : a) Processing Risk arises because faulty reporting of important market developments to the bank management may also occur due to errors in entry of data for subsequent bank computations. b)Information Security Risk comprises the impacts to an organization and its stakeholders that could occur due to the threats and vulnerabilities associated with the operation and use of information systems and the environments in which those systems operate. c) Legal Risk arises because of the treatment of clients, the sale of products, or business practices of a bank. d)Compliance Risk is exposure to legal penalties, financial penalty and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices. e) People Risk arises from lack of trained key personnel, tampering of records, unauthorized access to dealing rooms and nexus between front and back end offices. 2) Credit Risk: It is the risk that an asset or a loan becomes irrecoverable in the case of outright default, or the risk of an unexpected delay in the servicing of a loan. 3) Market Risk: Market risk refers to the risk of losses in the bank’s tradingbook due to changes in equity prices, interest rates, credit spreads, foreign- exchange rates, commodity prices, and other indicators whose values are set in a public market. 4) Strategic Risk: Strategic risk, sometimes referred to as business risk, can be defined as the risk that earnings decline due to a changing business environment, for example new competitors, new mergers or acquisitions or changing demand of customers. 5) IT Risk:. Some of the common IT risks related to CBS are as follows: a) Ownership of Data/ process b) Authorization process c) Authentication procedures d) Several software interfaces across diverse networks e) Maintaining response time f) User Identity Management g) Access Controls h) Incident handling procedures i) Change Management Q. What are the risk and controls in CASA Process? Risk in CASA Key Controls 1. Credit Line setup is The credit committee checks that the Financial Ratios, the Net-worth, unauthorized and not in line the Risk factors and its corresponding mitigating factors, the Credit Line with the bank’s policy. offered and the Credit amount etc. is in line with Credit Risk Policy and that the Client can be given the Credit Line. 2. Credit Line setup in CBS is Access rights to authorize the credit limit in case of account setup unauthorized and not in line system should be restricted to authorized personnel. with the bank’s policy. 3. Customer Master defined in Access rights to authorize the customer master in CBS should be CBS is not in accordance restricted to authorized personnel. with the Pre- Disbursement Certificate. 4. Inaccurate interest / charge Interest on fund based facilities is automatically calculated in the CBS being calculated in CBS. as per the defined rules. 5. Unauthorized personnel Segregation of Duties to be maintained between the initiator and approving the CASAS authorizer of the transaction for processing transaction in CBS. transaction in CBS. Q. What are the risks and controls with respect to credit cards? Risk wrt to credit cards Key Controls Credit Line setup is unauthorized and not in The credit committee checks that the Financial Ratios, the line with the bank’s policy. Net-worth, the Risk factors and its corresponding mitigating factors, the Credit Line offered and the Credit amount etc. is in line with Credit Risk Policy and that the Client can be given the Credit Line. Credit Line setup in CBS is unauthorized and Access rights to authorize the credit limit in case of not in line with the bank’s policy. account setup system should be restricted to authorized personnel. Customer Master defined in CBS is not in Access rights to authorize the customer master in CBS accordance with the Pre- Disbursement should be restricted to authorized personnel. Certificate. Inaccurate interest / charge being calculated Interest on fund based facilities is automatically in CBS. calculated in the CBS as per the defined rules. Unauthorized personnel approving the CASAS Segregation of Duties to be maintained between the transaction in CBS. initiator and authorizer of the transaction for processing transaction in CBS. Inaccurate reconciliations performed. Daily reconciliation for the balances received from credit card network with the transactions updated in the credit card system on card network level. Q. What are the risks and controls with respect to mortgages? Risk wrt to mortgages Key Controls Incorrect customer and loan details are There is secondary review performed by an captured which will affect the over- all independent team member who will verify loan details downstream process. captured in core banking application with offer letter. Incorrect loan amount disbursed. There is secondary review performed by an independent team member who will verify loan amount to be disbursed with the core banking application to the signed offer letter. Interest amount is incorrectly calculated Interest amount is auto calculated by the core banking and charged. application basis loan amount, ROI and tenure. Unauthorized changes made to loan master System enforced segregation of duties exist in the core data or customer data. banking application where the person putting in of the transaction cannot approve its own transaction and reviewer cannot edit any details submitted by person putting data. Q. What are the risks and control with respect to treasury process? Risk wrt to treasury Key Controls Unauthorized securities setup in systems such Appropriate Segregation of duties and review controls as Front office/Back office. around securities master setup/ amendments. Inaccurate trade is processed. Appropriate Segregation of duties and review controls to ensure the accuracy and authorization of trades. Unauthorized confirmations are Complete and accurate confirmations to be processed. obtained from counter-party. Insufficient Securities available for Settlement Effective controls on securities and margins. Incomplete and inaccurate data flow Inter-system reconciliations, Interfaces and batch between systems. processing controls. Insufficient funds are available for Controls at CCIL/NEFT/RTGS settlements to ensure the settlements. margin funds availability and the timely funds settlements. Incorrect Nostro payments processed. Controls at Nostro reconciliation and payments. Q. What are the risks and controls associated with loans and advances? Risk Key Controls Credit Line setup is unauthorized and not The credit committee checks that the Financial in line with the bank’s policy. Ratios, the Net-worth, the Risk factors and its corresponding mitigating factors, the Credit Line offered and the Credit amount etc. is in line with Credit Risk Policy and that the Client can be given the Credit Line. Credit Line setup is unauthorized Access rights to authorize the credit limit in and not in Loan Booking system/CBS should be line with the bank’s policy. restricted to authorized personnel. Masters defined for the customer are not in Access rights to authorize the customer master accordance with the (re Disbursement in Loan Booking system/CBS should be Certificate. restricted to authorized personnel. Segregation of duties exists in Loan Disbursement system. The system restricts the maker having checker rights to approve the loan/facilities booked by self in loan disbursal system Credit Line setup can be breached in Loan disbursement system/CBS restricts Loan disbursement system/CBS. booking of loans/ facilities if the limit assigned to the customer is breached in Loan disbursement system/CBS. Lower rate of interest/ Commission may be Loan disbursement system/CBS restricts charged to customer. booking of loans/ facilities if the rate charged to the customer are not as per defined masters in system. Facilities/Loan’s granted may be Segregation of duties exists in Loan unauthorized/in- appropriate Disbursement system. The system restricts the maker having checker rights to approve the loan/facilities booked by self in loan disbursal system Inaccurate interest / charge being Interest on fund based loans and charges for calculated in the Loan disbursal system non-fund based loans are automatically calculated in the Loan disbursal system as per the defined masters. Q. Enumerate the functions of RBI? a) Regulation and supervision of banks. b) Formulates implements and monitors the monitory policy. c) Issuance and regulation of currency. d) Inspection of banks. Q. What is meant by money laundering and what are the different stages involved in money laundering?  Money Laundering is the process by which the proceeds of the crime and the true ownership of those proceeds are concealed or made opaque so that the proceeds appear to come from a legitimate source.  The objective in money laundering is to conceal the existence, illegal source, or illegal application of income to make it appear legitimate.  Money laundering is commonly used by criminals to make ‘dirty’ money appear ‘clean’ The different stages involved in money laundering are 1) Placement 2) Layering 3) Integration Q. Explain the different stages in money laundering? a) PLACEMENT - The first stage movement of proceeds from the scene of the crime to a place, or into a form, less suspicious and more convenient for the criminal. b) LAYERING - It involves separation of proceeds by sending the money through various complex financial transactions to change its form and make it difficult to follow and hide the proceeds. c) INTEGRATION - It involves conversion of illegal proceeds into apparently legitimate business earnings through normal financial or commercial operations. Q. Enumerate the different reporting requirements of entities as per Section 12 of PMLA ? Every reporting entity(banking companies, financial institutions and intermediaries) shall maintain a record of all transactions a) Furnish to the Director within such time as may be prescribed, information relating to such transactions, whether attempted or executed, the nature and value of which may be prescribed; b) Maintain record of documents evidencing identity of its clients and beneficial owners maintain record of documents evidencing identity of its clients and beneficial owners as well as account files and business correspondence relating to its clients Q. What is meant by cyber crimes and what does it constitute? Cyber Crime also known as computer crime is a crime that involves use of a computer and a network. The computer may have been used in committing a crime, or it may be the target. a) Committing of a fraud by manipulation of the input, output, or throughput of a computer-based system. b) Computer forgery, which involves changing images or data stored in computers, c) Deliberate damage caused to computer data or programs through virus programs or logic bombs, d) Unauthorized access to computers by 'hacking’ into systems or stealing passwords, and, e) Unauthorized reproduction of computer programs or software piracy. f) Cybercrimes have grown big with some countries promoting it to attack another country’s security and financial health. Q. List down the key provisions of Information Technology Act 2008 ? Section 43: Penalty and compensation for damage to computer, computer system Section 65: Tampering with Computer Source Documents Section 66: Computer Related Offences Section 66-B: Punishment for dishonestly receiving stolen computer resource or communication device Section 66-C: Punishment for identity theft Section 66-D: Punishment for cheating by personation by using computer resource Section 66-E: Punishment for violation of privacy Q. What constitutes Sensitive personal data? Sensitive Personal Data or Information’, consists of password, financial information (including bank account, credit card, debit card or other payment details), physical, physiological and mental health conditions, sexual orientation, medical records, and biometric information.

Use Quizgecko on...
Browser
Browser