Strengthening IT governance in banks

Syed Tashfin Chowdhury | Published: April 16, 2018 22:24:26 | Updated: April 19, 2018 21:17:09

A recent Bangladesh Institute of Bank Management (BIBM) study revealed the information that nearly 90 per cent of the banks in our country do not have full-fledged information technology (IT) governance despite growing number of banking activities being carried out through the IT system.

This is a matter of concern for Bangladesh as IT governance is extremely necessary for banks locally and across the world, as the global economy leans increasingly toward internet banking, online transactions, cashless methods of payment and more.

At a workshop held at the BIBM auditorium on April 10 on 'IT Operations of Banks', the study's findings were revealed in presence of senior officials of private banks. The study has found that Bangladesh is lagging behind in ensuring IT infrastructure and cyber-security due to non implementation of IT governance in the banks.

It has been found that as many as 68 per cent of banks in Bangladesh do not have any IT governance framework. Also, 78 per cent do not have data leakage prevention system while eight per cent banks are yet to initiate the implementation of IT governance.

Conducted in 2017, the study also found that 60 per cent of banks had updated their cyber-security policy in 2017, compared to 73 per cent in 2016.

Training for cyber-security awareness increased with 97 per cent of bank employees receiving training during the last year, up from 84 per cent in 2016, according to the survey. Also, IT investment increased 13.49 per cent to Tk 20.35 billion last year. However, from the sum, 36.5 per cent went towards procuring hardware.

The survey reflects that most banks in Bangladesh have unfortunately forgotten the series of global cyber fraud events that had started in February 2016 through the Bangladesh Bank heist.

In February 2016, hackers had breached Bangladesh Bank's system and used the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging network to request nearly $1 billion from its account at the New York Fed. The majority of requests where declined after a typo triggered suspicion. However, $81 million worth of the malicious requests were eventually approved. The authorities in Bangladesh are still trying to recover these funds.

After the February incident, US$ 10 million was also hacked from a Ukrainian bank through the SWIFT platform. In 2017, it was reported by some international media that money was transferred from a number of banks in Nepal by using stolen SWIFT codes. Although the total amount was not reported, it was confirmed that NIC Asia Bank in Nepal was one of the banks whose codes were compromised.

The incident had shown how hackers can manipulate some of the most sound networking systems in the world. And it is not just with international transactions among banks. Back in 2016, some bank account holders in the country were horrified to find that money from their accounts had been withdrawn from ATM booths, even when they had their cards in their possession.

The media eventually reported that money of a number of clients of three banks in Bangladesh was stolen after data scanning devices were set by the swindlers in at least six ATM booths in Dhaka.

The devices were used to scan the card and PIN, which were needed to clone the cards. Once the cards were cloned, they were used for further transaction in ATM booths, POS in superstores and so on. Fortunately, the accountholders were reimbursed by the banks. The affected banks had also put up awareness messages in their ATM booths while other banks followed suit.

Cyber criminals keep themselves updated about the latest technologies and measures being taken by the authorities in banking and financial institutions sectors. They are constantly coming up with new methods through which they can run away with money from unsuspecting victims, be it an organisation or an individual.

This is why, like the cyber criminals, the managers, directors and employees of banks, financial organisations and other organisations that conduct monetary transactions through networked electronic devices, need to keep themselves updated about the latest cyber fraud methods and crimes. Hence, regular training sessions of the bank employees along with updates to banking software are required of the banks.

But this is where we are lagging behind. Bankers at the BIBM workshop observed that a lack of understanding on IT governance among directors and top managers is responsible for poor implementation of IT security. There was also the notion among some bank directors that investment into IT facilities will increase their costs.

Bangladesh Bank deputy governor and chairman of the executive committee of BIBM said that the central bank had already formulated a set of guidelines to save banks from the risk of cyber attacks. He further suggested that banks could use local software at an affordable price for ensuring their cyber security as foreign software involve additional cost and management hassle.

Also present at the workshop, former BB deputy governor Nazneen Sultana had urged for better communications among banks, better trained workforce and awareness building of customers of banks to tackle cyber security-related problems.

Southeast Bank additional managing director SM Mainuddin Chowdhury had recommended banking system automation while Standard Chartered Bank country technology manager Monitur Rahman had stated that banks could take cost-effective cloud facility to save themselves from cyber crime.

The planning and implementation of these recommendations could be the beginning of a formidable cyber fortress for our banking system. As Bangladesh rapidly moves toward its Middle Income Country status by 2021, numerous businesses, foreign investors as well as local businessmen are engaged in international banking. Also, locally, the number of transactions through user-friendly devices is also increasing. In this regard, the banking sector needs to thrive and reach a standard of IT governance which should be at par with global standards.

Share if you like