IT Governance To Provide End-To-End Compliance Posture At HDFC Bank

HDFC Bank has entered into a $7.4 million, three-year strategic enterprise-level agreement with Symantec for IT compliance, enterprise security and storage management solutions. Symantec will also provide HDFC Bank with consulting and implementation services. Prior to the announcement there was a discussion called ‘Meet The Leaders’. The panelists were C.N. Ram, Head IT, HDFC Bank; G.V. Gopalakrishnan, Executive VP – IT, HDFC Bank; Vishal Dhupar, MD, Symantec; and Umang Bedi, Business Head, Banking and Financial Services, Symantec. Biztech2.0 takes you through the discussion.

Improving Customer Experience

On the efforts to enhance customer experience, C.N. Ram, Head, IT, HDFC Bank, said, “It is found that 70 percent of customer transactions are done without visiting the bank – via phone banking, ATM or online. It is critical for the IT department to construct the data and services so they can be processed to exercise the above transactions. Availability of data is of equal importance in ensuring that transactions can be made round the clock. The differentiator that the bank is trying to shape for itself is in offering a suite of products such as MFs, equity trading etc. and build channels for customers to use these products. We want HDFC Bank to be a one-stop finance shop for our customers.”

Giving a vendor perspective on what has changed in companies wanting to enhance the customer experience, Vishal Dhupar, MD, Symantec, said, “What we have found over a period of time is that companies want to have a single transactional backbone that is protected while it is resident in the company or is moving.” Availability of data is also important. As companies come up with more and more products, integration of various services enhances customer experience.

Challenges in the Way

“The challenge lies in coming up with various software for the new banking products and integrating them,” says Ram. “Since the volume of transactions is increasing, with new services, the amount of computing power is also surging. As a result the number of information assets with the company are getting wider in scale. Security and processing of data therefore becomes a challenge. This challenge gives us an opportunity to use BI solutions that facilitates customer profiling.”

As businesses grow in size, the complexity of operations also increases. The IT alignment with the business processes becomes very important. Companies are looking for cost optimisation to enhance customer operations. “Data centres can be an agent of transformation in this process,” says Dhupar. IT governance can play a decisive role in charting out universal processes for the organisation.

IT Governance Initiatives at HDFC

HDFC Bank views SOX, BASEL II and ISO 27001 not just as compliance requirements but as agents to improve its functional and process efficiency, which proves to be a competitive advantage. The bank is listed on NYSE, so it has to comply with SOX. BASEL II is being implemented, and ISO 27001 is also under consideration. “Symantec will bring its expertise in helping the bank meet the complex compliance requirements of SOX, BASEL II and ISO 27001, and help in defining and bringing consistency in processes,” explains G.V. Gopalakrishnan, Executive VP – IT, HDFC Bank.

“These compliances are very amorphous in nature,” says Umang Bedi, Business Head, Banking and Financial Services. “They are vague and not specific. There are popular frameworks like COBIT and ITIL that acts as an enabler to convert the compliance into actionable policies for companies.”

Symantec will map the various controls at HDFC before matching them with the compliance requirements. They will also be fit into the bank’s policy to throw an automated view of the compliance posture for the CEO and the top management. For example, if the company has configured the anti-virus or data archives with certain controls, Symantec will map the controls on the basis of the compliance requirements with SOX, Basel II and ISO 27001 and provide a single-window view of the compliance posture with the help of software, with reference to the controls that match the company policy.

One advantage of this partnership will be number of man-hours saved as the IT workforce will be busy doing the IT job and not evidence collection. Interestingly, about 300 employees were manually extracting evidences into Excel CSV format for the purpose of audit. The new initiative will provide an end-to-end automated IT governance posture.

Top Three Banking Trends in 2008

According to Ram, the top three trends to watch out for this year will be the Internet, mobile-based transactions, and financial inclusion. The Internet will be one channel that customers will use more often for banking transactions, on par with social networking. Mobile-based transactions will also go up, and as the rural population shares in the economic prosperity, financial inclusion will become a major opportunity that banks should capitalise on.