“It won’t be an exaggeration to say that some of the big losses suffered by banks on account of frauds could have been avoided if good compliance culture was ingrained,” – MK Jain, the Deputy Governor of Reserve Bank of India.
This statement reflects the state of compliance in banks today, as in the year of 2019, from July to January, RBI imposed a monetary penalty of Rs. 122.9 crore on different occasions.
Alongside, seven different public sector banks were fined with Rs. 11 crores due to noncompliance.
Are these just numbers? Is it simply a matter of losing money? What is really at stake?
Lapse of judgement in understanding the fundamental necessity of compliance as a culture with a toxic combination of lack of resourceful technologies. This predicament can easily be pinpointed as the primary reason for this conundrum.
Understanding compliance as a culture
Owing to the threat landscape today, along with the digital landscape, what worked once does not anymore. Banks, especially, given the sensitive PII and money they deal with, have to work in tandem with the current technology.
This means the concept of compliance shouldn’t just be something IT deals with or something that is “taken care of”. It has to be an ingrained organizational philosophy. Every employee across verticals and the entire C-Suite must take responsibility in ensuring compliance. The C-Suite has to be participants in strategizing compliance and cybersecurity – bringing in different perspectives together. Not only does this help in making comprehensive strategies, but it also paves the way for a broader discussion on cybersecurity. Be it to invest in cutting edge technologies, deploying a team for a more in-depth cybersecurity assessment, or even ensuring there is enough awareness in the organization.
All of this is only possible by bringing in a good compliance culture—a concept RBI has stressed repeatedly. Insider threats are part and parcel of noncompliance. Although threats will continue to exist, the ability to mitigate them lies in imbibing compliance.
What do the industry experts say?
When we asked the CROs, CISO and CIOs of popular banks what they think is the biggest threat when it comes to noncompliance and cybersecurity, in unison, their answers led to data security, customer data, and insider threats. Be it access to wrong data, or clicking on phishing emails—humans are unfortunately the weak link. This happens due to lack of awareness, lack of stringent solutions in place, and mostly the human factor of vulnerability.
A CISO of a world-famous bank said, “Most of the cyber incidents have an internal angle. People need to be aware and question what’s in it for me and what is my role in security and mostly how much skin do I have in the organizational security.”
All of these lead to one answer, an intelligent Identity and Access Management solution which addresses insider threats like no other.
Cross Identity in tune with the RBI CSITE guidelines
Cross Identity solution is tailor-made to fit the needs of banks. From access to governance, from single sign-on to intelligent data—CI can enable banks with it all. This addresses the need to have one solution set that can help banks with RBI compliance, security, and efficiency. Here are some key parameters which are in line with the guidelines provided by RBI.
- Vigilance with access – The aspect of access is the biggest challenge in banks today. Owing to the nature of ‘trust’ that naturally exists, inefficient timely revoking of accesses, and taking advantage of privileged accesses. This can be addressed seamlessly with CI.
The organizations can define the access rights, exceptions, duration for all kinds of accesses. The workflow for allowing or revoking access can also be made without hassle. If there are exceptions made for certain accesses on a need to have basis, then these can be reviewed on a periodic basis. The reviewer is empowered with all the access data in a single dashboard where allowing or revoking is a click away.
- Efficiency – According to an Accenture study, the number of employees in banks who will move into new roles and require reskilling will rise to 43% in the next three years. This further reflects the importance of managing the number of employees into newer roles better. Often times, when employees change roles, transfer to a newer location, or even leave—the problem of residual access continues to exist. The accesses in the organizations have to be updated accordingly. When this fails, it is a clear breach of compliance when people have additional access as well as a huge dent in your security. CI has role-based access control capabilities. Wherein the accesses are updated based on the roles and provided accordingly. This also applies to the suspension of accesses when employees are on prolonged leaves as well.
- Intelligent security- Security today is not just about gatekeeping, but about making decisions based on intelligent data. Noticing abnormal patterns in logon is a simple example that can save banks millions. Such patterns help in predicting the threats enabling banks to be more proactive rather than being reactive with only a crisis management plan. CI has a risk engine that can continuously monitor accesses and provide timely reports. It provides analytics and controls with unusual behavior by allocating risk scores to different accesses by comparing usual behavior set against unusual behavior.
- Audit away- The solutions provided in CI, not only allow you to be secure but also help streamline auditing. With access certification and access review in place—you can launch certification campaigns as often as you’d like and obtain reports accordingly.
Cross Identity’ solution set is made to keep the pain points of the financial institutions in mind. By understanding what the experts have to say, what the previous examples tell us, have all been factors in building this solution. Enable your bank with CI and say yes to seamless compliance and comprehensive security.
