Lockdown and rewiring banks

Key areas which have been impacted are third-party vendors and their talent working on banks' premises. A changeover to move data to the vendor is a risk that needs to be evaluated by all banks

With the spread of Covid-19, governments have mandated lockdowns and social distancing, thereby creating a paradigm shift in the working of banks, from a traditional office space towards an agile, responsive and dynamic mode of operating. 

While banks and financial institutions have invoked their existing business continuity plans (BCP), the current situation calls for a more adaptive and reactive BCP. Banks have invoked their BCPs for critical functions and that has helped them in keeping their branches and critical operations active. However, for areas such as support functions, IT vendors, auditors and on-going projects, the efforts to achieve seamless integration with the prevailing situation are still continuously evolving and they are working towards building a dynamic BCP.

Data management 

Protection of data, with the migration to work-from-home outside the secure networks, through remote devices and open networks, brings its own challenges. Banks will  be required to significantly augment their monitoring, and fraud prevention tools, for detection of unauthorised movement of data. And policies around data transfer between banks and external vendors need to be strengthened. 

The challenge for teams that have functioned only on office premises or on the shop floor is the transition to remote working. For example, front-end functions have significantly reduced; however, the impact on client servicing has significantly increased. Assistance to existing clientele, quick response in implementing measures to combat the lockdown, while ensuring effective communication with customers, and re-establishment of contact have to be areas of focus. Another area which has been impacted are third-party vendors and their talent working on banks’ premises. A changeover to move data to the vendor is a risk that needs to be evaluated by all banks. 

Today’s environment demands the need for remote working. However, once the novelty has worn off, the stress of its challenges will become more apparent, with the lack of boundaries, undefined roles and responsibilities, and social isolation, amongst others. Additionally, banks and financial institutions have limited work from home, and flexi-work policies and have not conducted rehearsals of such scenarios.  The inadequate knowhow and competencies to migrate to collaborative tools are also key factors in the effective migration to the offsite working model in banks. Adaptive methods to deal with on-boarding new hires and  exits of existing employees are also areas that need to be looked into by banks, to facilitate smooth transitions, in and out of a bank. 

Risk management 

With the Reserve Bank of India’s (RBI’s) relief packages, it is now crucial that banks adhere to ensure adequate implementation and due compliance and make the necessary tweaks within their systems and processes to accommodate the necessary changes. For example, the three-month moratorium period for repayment of loans will require change in computation logics, change in asset classification and modifications to the customer statement of accounts, among others. Adequate tracking, testing, and collaboration with vendors needs to be done, to incorporate such changes. 

Vulnerabilities in cyber risk have not been adequately envisaged until lately by banks and financial institutions. There has been a rise in cybercrimes, and ransomwares — for example, a ransomware called “Coronavirus”, steals and encrypts data, whereas another newer ransomware, “CovidLock”, locks a victim’s phone. Another key aspect to be considered is the continuing risk given the uncertainty around the situation.