Several Founders, Co-Founders, CXO Bankers, CXO Fintech professionals & people who participated in the ePanel discussions are:
- Mr. Sony A, Head – Digital, South Indian Bank
- Mr. Arun Tanksali, Co-founder & CTO, Nearex
- Mr. Riaz Maniyar, Founder & CEO at easy2lend.com
- Mr. Neeraj Chandra, Head of Operations, Abu Dhabi Commercial Bank
- Mr. Roopesh Chandran, Director of Business Development, Visa
- Mr. Pratap Ghosh, Head Liabilities Product Group, Bandhan Bank Ltd
- Mr. Shashank Chowdhury, Managing Director -India, Infinite Zero
- Mr. Harveer Singh, Former Head of Product Marketing, Empays Payment Systems. Ltd
- Mr. Shirsha Ghosh, Co-Founder, Torit Innovations
- Mr. Kamonasish Aayush Mazumdar, Chief Marketing Officer, MeraEvents
- Mr. Abhay Kulkarni, Former General Manager Sales, Worldline Global
- Mr. Avro Mukerji, Investment counselor – NRI Burgundy, Axis Bank
- Mr. Rajiv Rai, Chief Digital Officer, Edelweiss Financial Services
- Mr. Vikas R Panditrao, Co-Founder, Forum of Industry Academic Knowledge Sharing
- Many other CEO/CXO Bankers & Fintech professionals on FIAKS Forum
An unusual day in the FAIKS community began when 3 possible scenarios were brought up. This discussion was different than others because this time the views shared were with regards to hypothetical situations. But the discussion wasn’t any less informative. Following 3 scenarios were brought up by a community member and the opinions of other members were requested :
Scenario 1: If the CTO of the bank hires a developer. This developer in head office intentionally gives super admin access to branch staff located 1000 km away. At this remote location, if someone downloads all the customer data on a pen drive and sells it in the market after 3 years, will you blame the CTO of the bank? Considering that this developer leaves the organization after 2 years and the case is brought up after the developer’s departure.
Scenario 2: Similarly, a Consumer Banking Head of a respected bank has regional head and branch heads under him/her. Now, a branch staff opens a Liability account by submitting fake documents. And 1000 such accounts are opened in the bank in several branches. The traction in account starts after 3 years to plot a terror attack. This branch staff leaves the bank after 2 years.
Scenario 3: The same case happens in the case of lending too
Will it be right to hold the CTO, consumer banking head and corporate banking head for 2nd and 3rd scenarios?
A leader in the community believes that yes, to a certain extent, the heads are responsible because the direction that how such activities can be stopped should come from the position of authority. For the first scenario, it doesn’t matter whether the location is remote or not, pen drive access should not be given at all. For the second scenario, the banking head is not be expected to scrutinize each and every document, account, and individual that walks into the bank. The same goes for the 3rd scenario.
A counter-argument to that was that there are serious complacency and competency issues of some senior banking executives are found that needs to be probed. There are some lapses in their work that are worth removing these high placed bankers. Just because they are far above and away in the hierarchy from the perpetrator doesn’t absolve them of the lack of basic checks and balances in the first place and the responsibility to have systems and processes in place.
One of the members thinks that all of these scenarios are a bit difficult to carry out in today’s day and age. This is because there are multiple layers of checks and that too by different units that are performed in the majority of the banks now. When it comes to the first scenario, the InfoSec Team and System Audit Team, which are not reporting to the CTO will have oversight in such cases.
In the second scenario, NTB (New To Bank) AOFs (Account Opening Form) have to be signed by the Sales/Branch Staff and countersigned by the Banking Head/Operations Head. But in the majority of banks, there is an audit check by concurrent auditors or designated CPU Staff who verifies the KYC and cross-check the PAN/Aadhaar from a location which is geographically separated from the sourcing Branch-Sales Team. Further, in-person verification, field verification of address, Phone Confirmation, Re-KYC, periodic audit, offsite Audit, etc. make such frauds a bit difficult.
When it comes to the 3rd scenario, even the lending sector have similar checks and measures which separates sourcing, credit appraisal, sanctioning, etc. Everything is checked by 3 to 4 people. So, in banking, it usually takes two to commit such frauds – Maker and Checker; and large scale lending, i.e credit-related fraud, is usually done with the blessings and guidance of the senior functionaries who are the decision makers
After listening to each point from both the sides, a leader conceded that there is a lot of merit on both sides of the argument. There is a term used very often called RACI in Infosec and Project Management. It is the short form for –
- Who is Responsible
- Who is Accountable
- Who is Consulted
- Who is Informed
There is a fundamental difference between Responsibility & Accountability. This member further explains that “When we were growing up, whenever there used to be a major railway accident, the railway minister used to resign. That was a classic example of holding oneself accountable even though the minister per se was not responsible.”
Register and Read the entire discussions