Are Indian Banks Ready For Cyber Due Diligence?

Source :TexT & Photo :cj news india :FRIDAY, JUNE 3, 2011

Recently Reserve Bank of India (RBI) constituted a working group on information security that gave its report to RBI. Subsequently RBI issued a notification asking the bank to follow the guidelines and recommendations mentioned in the notification. The notification had demarcated the immediately implementable and subsequently implementable aspects of these recommendations.

This “notification” has set a specific timeline for implementation of the final recommendations of working Group. While not all these recommendations are immediately implementable yet some of them are and banks of India must comply with the same till October 31, 2011, informs B.S.Dalal, senior partner of New Delhi based law firm Perry4Law and an ex manager of RBI. These mandatory recommendations pertain to policies and procedures which do not require extensive investment, informs Dalal.

In order to provide focused project oriented approach towards implementation of these guidelines, banks would be required to conduct a formal gap analysis between their current status and stipulations as laid out in the circular and put in place a time-bound action plan to address the gap and comply with the guidelines.

However, banks need to ensure implementation of basic organizational framework and put in place policies and procedures which do not require extensive budgetary support, infrastructural or technology changes, by October 31, 2011. The rest of the guidelines need to be implemented within period of one year unless a longer time-frame is indicated in the circular. There are also a few provisions which are recommendatory in nature, implementations of which are left to the discretion of banks.

It is clear that not all provisions of the report are discretionary but only a small portion of the same. Banks have to establish adequate cyber security and cyber due diligence mechanisms within stipulate periods otherwise action can be taken against them by RBI.

Recently RBI imposed penalty upon 19 banks for non compliance of prescribed standards. Similarly, RBI has also directed that any strictures passed against directors of a bank by any financial sector regulators must be reported to it. Non compliance of the recommendations of RBI working group may attract both penalty and strictures, suggest B.S.Dalal.

The notification also suggests a quarterly review process and the first calendar quarter after the issue of the guideline falls on 30th June 2011. Banks must do the needful in their own interest. They may also seek the expert techno legal services of Perry4Law and Perry4Law Techno Legal Base (PTLB) in this regard. Interested banks and financial institutions may contact them in this regard.

A tale of software, corporate fraud & mom-approved romance

Source :By Anindita Mitra | Place: Bangalore | 
Agency: DNA Thursday, Jun 9, 2011, 13:06 IST :

We’ve had books about call centres and thrillers about the world of finance. 

We’ve even had one or two about the murky world of media.

 And now it’s time for one from the IT sector. Hickory Dickory Shock, by Sundip Gorai is the book we’re talking about. No, this one is not the run-of-the-mill boy-meets-girl, office politics kind of a story. We’ve had enough of that. Gorai’s debut novel is a thriller on a different level. It reminds you of the Satyam fiasco that we’re still reeling from.

The protagonist is a math genius, Maninder Tuten Chatterjee aka 210 (born to a Bengali father and a Punjabi mother at 2.10 am). 210 is recruited by Shivan Computers. In the thriller, his Punjabi mother Gurpreet has a significant role to play, as does Geetika Chopra or Geeks, the girl that Gurpreet wants as 210’s wife. She works for Shivan as well.

The story starts in 2006, right when the IT bubble in India was puffing up. Two years down the line, the software visionary of Shivan —Dr Sarin— and its product architect Smita Kulkarni are murdered. 210 stands accused as the murderer of Dr Sarin.

Before this happens, 210 has been privy to a web chat between two chatters, Hickory and Dickory. He learns of a conspiracy brewing inside Shivan. A masked man disappears with LoRD, a cutting-edge software invention. Things take an even murkier turn as Raja Reddy, the chairman of Shivan Computers, hatches an accounting fraud (ring a bell, anyone?). LoRD is actually Reddy’s means of doing this.

The story takes off from here and covers much ground at frenetic pace. 210 pieces together an emerging pattern on Shivan’s financial mess, tracks down a couple of CDs that a now-dead employee of Shivan had unearthed. The CDs contain further proof of the fraud. The company flounders as one of their biggest customers terminates a contract, since the product is in direct competition with LoRD. And 210 chances upon a set of riddles, on a poster of a contest in the company cafeteria.
210 then has to go to the US to demonstrate LoRD to Bank AI. Geeks and Gurpreet find LoRD and launch it when 210 begins his demonstration and help him bag the deal. The next day, Raja sells LoRD to a venture capitalist, Tech Gajendra. Gajendra, with 210’s help and the recovered CDs, exposes Raja’s financial irregularities as well as the secret behind LoRD’s design. This book is worth reading as much for the thrills and the plot as the well-fleshed out characters and the healthy dose of humour with which they are introduced to the readers. 

There’s Gurpreet, the formidable former kabaddi champion, who thinks it’s infra dig that her son is going to work for a chips company or even worse, a cheap one, as 210 tries to explain the merits of the term blue chip. Then there’s Geetika Chopra, prankster par excellence and mother-approved romantic interest, into whose arms the hero falls, with complete disregard for cliché, on his first day at work. Even the minor characters are etched out in details that compel the reader to take a note of them.

Sundip Gorai is an IIT alumnus with an MBA from IMT. He has fifteen years of experience in business intelligence and analytics. He has seen the underbelly of the software industry and has travelled extensively. He currently lives in Atlanta, USA.
m_anindita@dnaindia.net

Citigroup Confirms Bank’s Network Faced Cyber Attack

Source :cj news India:THURSDAY, JUNE 9, 2011

Reserve Bank of India (RBI) has been stressing upon ensuring cyber security for banks in India. RBI has also constituted the working group on information security. As per the recommendations of the working group, RBI has directed that all banks would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

Meanwhile, RBI sought the inputs of various stakeholders upon the report of the working group. After analysing the public inputs, the final notification has been recently released by the RBI. The notification mandates complying with the recommendations of RBI in a time bound manner.

However, it seems the recommendations of the working group constituted by RBI have still not been implemented. A “progress report” must be sought from banks of India in this regard by RBI as soon as possible.

RBI has also made the appointment of chief of internal vigilance mandatory for banks in India. RBI has also prescribed cyber security due diligence for banks in India. In fact, cyber due diligence and banking due diligence could have prevented the recent Citibank fraud.

The truth is that banks and financial institutions in India are not serious at all regarding cyber due diligence, cyber crimes, financial frauds and cyber security. This is resulting in an increase in banking related cyber crimes and financial frauds.

As per the latest news, Citigroup Inc said computer hackers breached the bank's network and accessed data on hundreds of thousands of bank card holders in the latest of a string of cyber attacks on high-profile companies. Citigroup said about 1% of its card customers were affected by the breach, which had been discovered in May during routine monitoring. The names of customers, account numbers and contact information, including email addresses, were viewed during this cyber attack. However, other information such as birth dates, social security numbers, card expiration dates and card security codes (CVV) were not compromised.

Cyber attacks against banking and financial institutions are very common and frequent. They cannot be eliminated absolutely but efforts must be made to make them as less as possible. Banks and financial institutions of India must consider cyber security very seriously in the larger interest of their customers.

Audit glare on SBI provisions

Source :The.telegraph: Mumbai, June 10:2011

The Institute of Chartered Accountants of India (ICAI) has asked the State Bank of India — the country’s largest commercial bank — to explain the reasons for the surge in the provisions it made against bad loans in its results for the fourth quarter ended March 31. The SBI had raised its provisions against bad loans by 49 per cent to Rs 3,264 crore from Rs 2,187 crore in the year-ago period. Total provisions at the bank rose 82 per cent to Rs 6,059 crore during the same period. The sharp jump in provisions was the principal reason behind the PSU banking giant reporting a net profit of Rs 21 crore compared with Rs 1,867 crore in the same period last year. The resultant fall in the SBI’s profits drew a caustic remark from RBI deputy governor K.C. Chakrabarty recently. Although Chakrabarty did not name the bank, he said whenever the chairman of a bank retired, its profits went down as the successor wanted to start with a clean slate. “If we don’t audit or create the standard then anybody will report anything that will not be meaningful and nobody will rely on that. Books should not be as per the minds of the chairman but reporting should be as per books,” he had said. It is now learnt that the accounting regulator will soon take up the reasons behind the rise in provisions at the SBI during the fourth quarter, not only with the bank, but also with its auditors. ICAI president G. Ramaswamy was quoted as saying that a letter would be sent to the SBI asking it to state the reasons that led to the increase in provisions in the March quarter. The letter is expected to be sent within a week and further action will depend on the SBI’s response, the ICAI chief added. It, however, could not be ascertained as to whether the accounting regulator will look into specifics such as the jump in provisions for NPAs or its overall provisioning procedures. Meanwhile, the SBI has also breached the Reserve Bank of India’s credit exposure norms with respect to loans it provided to Reliance Industries Ltd (RIL) in the past three consecutive years. In its annual report, the SBI has disclosed that its credit to RIL was in excess of the limits prescribed under the RBI’s prudential credit norms. The bank added that apart from RIL, Indian Oil Corporation and Bhel were the other two clients who had benefited from a breach in the prudential credit limits. Under the RBI norms, loan exposure to any entity has to be capped at 15 per cent of capital funds in the case of a single borrower and 40 per cent of capital funds in the case of a borrower group. However, the exposure to a single borrower can go up to 20 per cent if the additional 5 per cent is on account of extension of credit to infrastructure projects.

SBI breaches RBI norms on Reliance Industries exposure for third straight year

Source : ET : PTI Jun 10, 2011, 03.05pm IST

Country's largest bank SBI has breached RBI's credit exposure norms during three consecutive years with regard to its loans provided to Mukesh Ambani-led Reliance Industries (RIL).

The public sector lender, which also has significant exposures to troubled Air India besides certain telecom firms being probed in relation to the 2G scam, has now disclosed that its credit to RIL was in excess of the limits prescribed under the RBI's prudential credit norms.

Detailing the cases where it breached prudential limits for single-borrower exposure during the fiscal ended March 31, 2011, SBI has named RIL as also public sector majors Indian Oil and BHEL as three such borrowers in its annual report.

This is the third straight year when SBI has exceeded the single-borrower ceiling with regard to RIL, as per the bank's annual reports for the past three financial years.

However, the bank brought down its exposure to RIL within the limit on the last date of the previous fiscal, ie., March 31, 2011, according to the SBI annual report.

The public sector lender had provided credit in excess of prudential norms to RIL during 2009-10 and 2008-09 also. During the year 2009-10, the bank's credit exposure was in excess of prudential limits for Reliance Industries, Indian Oil Corp (IOC), BHEL and Tata Group.

Prior to that, SBI exceeded prudential credit limits during 2008-09 with regard to its exposure to RIL and IOC.

As per RBI guidelines, the exposure ceiling limits are 15 per cent of capital funds in case of a single borrower and 40 per cent of capital funds in the case of a borrower group. However, the credit exposure to a single borrower can go up to 20 per cent, if the additional 5 per cent exposure is on account of extension of credit to infrastructure projects.

Similarly, the credit exposure to borrowers belonging to a group may go up to 50 per cent, if the additional 10 per cent exposure is for credit to infrastructure projects.

The bank's exposure to telecom companies recently came under criticism as some of these companies are facing probes in connection with the 2G scam involving alleged breach of regulations in allotment of licenses.

In an analyst conference after the bank's full-year results for 2010-11, SBI disclosed that its exposure to telecom companies was Rs 22,600 crore (3 per cent of its loan book), while exposure to telecom companies under investigation was Rs 1500 crore.

India business execs lose faith in Indian Govt - Survey

 Source :TEXT & PHOTO :Reuters - NEW DELHI | Mon Jun 13, 2011 12:46pm IST

Three quarters of leading Indian companies have lost faith in Prime Minister Manmohan Singh's second-term government, saying a governance crisis ranging from corruption scams to policy limbo will hit economic growth and their investment plans.

A survey of 75 leading companies by the Economic Times newspaper and Federation of Indian Industry and Chambers of Commerce (FICCI) is the latest sign of corporate unease with the Congress party-led coalition government in a country where grievances from companies are rarely aired in public.

Singh has been besieged by corruption scandals, including a $39 billion telecoms scam that saw a minister fired and parliamentary bills blocked by the opposition, as well as anti-graft hunger strikes by a civil activist and a yoga guru that galvanized many Indians.

The survey, published on Monday, said 80 percent of companies believed that decision-making by the government had slowed and 72 percent feared investment plans would be hit.

Ministers have repeatedly shrugged off criticism over the government's handling of the economy, pointing out that growth was among the highest in the world. Critics say growth is driven despite the government, not because of its policies.

India's economic expansion is seen slowing to 8.5 percent by the government in 2011/12, from nearly 9 percent in the prior year, a forecast that many private economists think is optimistic.

Foreign direct investment (FDI) has fallen 28.5 percent in 2010/11, in part a sign of falling investor confidence in Asia's third largest economy.

The BSE Sensex has fallen more than 10 percent since mid-November, when the corruption scandals began to spiral. That compares with emerging markets equities firming 2.1 percent in the same period.

"The prevailing negative sentiment among domestic investors will have a bearing on the perception of foreign investors," the Economic Times quoted Harsh Mariwala, president of FICCI, as saying.

CONFIDENCE SHAKEN

A separate survey by the Economic Times and Synovate of 43 leading company executives, also published on Monday in the same newspaper, showed 63 percent believed that the governance crisis would likely hit India's growth.

The telecoms scandal has seen the jailing of one minister and several company executives. It has shaken India's business elite with billionaires Anil Ambani and Prashant Ruia both questioned by police, something unheard of in India in recent times. Both have denied any wrongdoing.

Parliament has been virtually shut down during the last three sessions, with the main opposition Bharatiya Janata Party (BJP) paralysing government attempts at legislative business. Few reform bills have been passed, including one to make it easier for industry to acquire land.

In January, a group of 14 public figures from industrialists to former central bank governors warned in an open letter that corruption and bad governance threatened India's growth story.

There was one hint of optimism. The FICCI survey said nearly half of respondents expected the remaining three years of the government to be more reform-orientated.

"I do not believe the government has been rendered ineffective," said Bajaj Auto Chairman Rahul Bajaj.

(Additional reporting by Ami Shah in Mumbai: Writing by Alistair Scrutton; Editing by C.J. Kuncheria and Paul de Bendern)