Review Workshop on “IT Operations of Banks” held in BIBM

A half day long Review workshop was held at the Bangladesh Institute of Bank Management (BIBM) on 01 April, 2018, in its auditorium. A paper titled “IT Operations of Banks” was presented in the workshop by Mr. Md. Shihab Uddin Khan, Associate Professor of BIBM. Other members of the review workshop team are Mr. Md. Mahbubur Rahman Alam, Associate Professor, BIBM; Ms. Kaniz Rabbi, Assistant Professor, BIBM; Mr. Md. Foysal Hasan, Lecturer, BIBM and Engr. Mohammad Jamal Uddin Mazumder, EVP, Islami Bank Bangladesh Ltd.
The study reviews overall activities of the IT Operations of banks for the years 2018, and also identifies success factors and the problem areas in the IT Operations of Banks in Bangladesh. A good number of officers and executives from different banks, faculty members of BIBM and media representatives participated in the review workshop program.
Mr. S. M. Moniruzzaman, Chairman, BIBM Executive Committee, and Deputy Governor, Bangladesh Bank was present in the review workshop as the Chief guest. Mr. Debdulal Roy, Executive Director, Bangladesh Bank; Mr. Md. Arfan Ali, President & Managing Director, Bank Asia Limited and Mr. Abul Kashem Md. Shirin, Managing Director & CEO, Dutch–Bangla Bank Limited were present on the occasion as designated discussants.
Dr. Barkat-e-Khuda, Dr. Muzaffer Ahmad Chair Professor, BIBM; Mr. Md Yasin Ali and Mr. Helal Ahmed Chowdhury (supernumerary professors of BIBM) also spoke among others at the workshop.

Deputy Governor S. M. Moniruzzaman said Bangladesh Bank has been playing notable role to maintain smooth and secured e-banking operations. BB has taken necessary initiatives for e-banking, e-commerce and e-payment, automated clearing house system, mobile phone banking etc.

He said banks have been allowed to make online money transactions, payment of utility bills, transfer of funds, payments for trading goods and services through e-channels like Internet, ATM, Mobile phone etc. Considering the paramount importance of information systems security in banks BB has issued new version of ICT security guidelines for banking and financial institutions.

Some major findings of the research study are stated below:
At the end of 2018, around 96 percent banks have introduced real time online banking, meeting the Category-1 architecture and also 100 percent branches of FCBs, PCBs, and SOCBs were computerized. Computerized branches of SBs stood at 28.02 percent at the end of 2018 and they are trying to make 100% branches online within year 2019.
In 2018, a major portion of the IT budget was used in the area of hardware, software and network. Budget for security, training and audit was very low in last five years. By ignoring these three sectors, it is not possible to ensure better cyber security for banks.

Financial organizations should have an effective cost minimization action plan for revenue maximization. Though 87% banks mentioned that they have IT cost minimization plan but most of them don’t have any comprehensive and approved documents of cost minimization strategy and plan.

Regular and periodic testing of a DRS is an important and crucial issue for a centralized online bank. This type of testing increases confidence and expertise of recovering data and business operation in case of any disaster. However, only 72% and 73% banks tested live operation from DRS in 2017 and 2018, respectively. Among them, most tested the live operation in holidays– especially in Saturday (10 a.m. to 4 p.m.). They were afraid of testing during working hours. Frequency and duration of live test is also unsatisfactory. Only 37% banks run all business functions during live operation from DRS.

Managed Switch (Layer-3), Next Generation Firewall (NGFW) and E-mail Gateway can play a vital role to ensure network security in banks. Only 50% banks fully implemented NGFW, only 20% banks configured Managed Switch (Layer-3) in branch level and 40% installed E-mail Gateway. SIEM provides real-time analysis of security alerts generated by applications and network hardware is crucial for combating cyber threats. Only 20% banks implemented SIEM.

Some comments and suggestions provided by designated discussants:
Mr. Debdulal Roy, Executive Director, Bangladesh Bank recommended that universities should redesign their academic syllabus so that students can cope with the upcoming technology in the banking and financial sectors. He said, it is not possible to filter all cyber threats (such as phishing mails) through technology; that’s why we need to develop awareness of users. He also suggested that e-learning can be an effective way to increase customer and employee awareness.

Mr. Md. Arfan Ali, President and Managing Director of Bank Asia Limited, said that management should be proactive rather reactive regarding cyber security. He highlighted the necessity of training for bank employees to enhance IT literacy. He also said that we should properly utilize technology with appropriate business model to boost countries’ economy and to achieve required financial inclusion. He suggested to build a cashless society that will be helpful in minimizing cost.

Mr. Abul Kashem Md. Shirin, Managing Director and CEO of Dutch Bangla Bank Limited, emphasized on increasing cyber security awareness among bank employees. He discussed about top four cyber-attacks in e-banking system – DDoS, Malware, Phishing and Ransomeware attack. He also recommended that to ensure effective security measure, IT security department should be treated as a separate department under the supervision of CEO.
Dr. Shah Md. Ahsan Habib, Professor & Director (Training), BIBM chaired the Occasion