FAQs on Core Banking Systems (CBS)
- Blog|FEMA & Banking|
- 15 Min Read
- By Taxmann
- |
- Last Updated on 19 January, 2023
FAQ 1. What is Core Banking Solution (CBS)?
Core Banking Solution (CBS) refers to a common IT solution wherein a central shared database supports the entire banking application. The characteristics of CBS are:
-
- There is a common database in a central server located at a Data Center, which gives a consolidated view of the bank’s operations.
- Branches function as delivery channels providing services to its customers.
- CBS is centralized Banking Application software that has several components which have been designed to meet the demands of the banking industry.
- CBS is supported by advanced technology infrastructure and has high standards of business functionality.
- Core Banking Solution brings significant benefits such as a customer is a customer of the bank and not only of the branch.
- CBS is modular in structure and is capable of being implemented in stages as per requirements of the bank.
- A CBS software also enables integration of all third-party applications, including in-house banking software, to facilitate simple and complex business processes.
Some examples of CBS software are given below. These are only illustrative and not exhaustive:
-
- Finacle: Core banking software suite developed by Infosys that provides universal banking functionality covering all modules for banks covering all banking services.
- FinnOne: Web-based global banking product designed to support banks and financial solution companies in dealing with assets, liabilities, core financial accounting and customer service.
- Flexcube: Comprehensive, integrated, interoperable, and modular solution that enables banks to manage evolving customer expectations.
- BaNCS: A customer-centric business model which offers simplified operations comprising loans, deposits, wealth management, digital channels and risk and compliance components.
BankMate: A full-scale Banking solution which is a scalable, integrated e-banking systems that meets the deployment requirements in traditional and non-traditional banking environments
FAQ 2. What are the key technology components of Core Banking Solution (CBS)?
The key technology components of CBS are as follows:
-
- Database Environment
- Data Centre and Disaster Recovery Centre
- Application Environment
- Web Environment
- Security solution
- Enterprise Security architecture
- Connectivity to the Corporate Network and the Internet
- Network Solution architecture to provide total connectivity
- Branch and Delivery channel environment
- Online Transaction monitoring for fraud risk management
FAQ 3. What are the key aspects in built into the Architecture of Core Banking Solution (CBS)?
-
- Regulatory compliance: Compliance in case of banks is complex and expensive. CBS has built-in and regularly updated regulatory platform which will ensure compliance.
- Information flow: Facilitates information flow within the bank and Improves the speed and accuracy of decision-making. It deploys systems that streamline integration and unite corporate information to create a comprehensive analytical infrastructure.
- Resource optimization: Optimizes utilization of information and resources of banks and lowers costs through improved asset re-usability, faster turnaround times, faster processing and increased accuracy.
- Customer centric: Through a holistic core banking architecture, enables banks to target customers with the right offers at the right time with the right channel to increase profitability.
FAQ 4. What is a Proxy Server?
-
- A Proxy Server is a computer that offers a computer network service to allow clients to make indirect network connections to other network services.
- A client connects to the proxy server, and then requests a connection, file, or other resource available on a different server.
- The proxy provides the resource either by connecting to the specified server or by serving it from a cache.
- In some cases, the proxy may alter the client’s request or the server’s response for various purposes.
FAQ 5. What are the various stages involved in deployment and implementation of Core Banking Solution (CBS)?
This module helps in analyzing the actual figures with the planned data and in planning business strategies. Two kinds of elements are managed in Controlling –Cost Elements and Revenue Elements. These elements are stored in the Financial Accounting module.
The deployment and implementation of CBS should be controlled at various stages to ensure that banks automation objectives are achieved:
-
- Planning: Planning for implementing the CBS should be done as per strategic and business objectives of bank.
- Approval: The decision to implement CBS requires high investment and recurring costs and will impact how banking services are provided by the bank. Hence, the decision must be approved by the board of directors.
- Selection: Although there are multiple vendors of CBS, each solution has key differentiators. Hence, bank should select the right solution considering various parametersas defined by the bank to meet their specific requirements and business objectives.
- Design and develop or procured: CBS solutions used to be earlier developed in-house by the bank. Currently, most of the CBS deployment are procured. There should be appropriate controls covering the design or development or procurement of CBSfor the bank.
- Testing: Extensive testing must be done before the CBS is live. The testing is to be done at different phases at procurement stage to test suitability to data migration to ensure all existing data is correctly migrated and testing to confirm processing of various types of transactions of all modules produces the correct results.
- Implementation: CBS must be implemented as per pre-defined and agreed planwith specific project milestones to ensure successful implementation.
- Maintenance: CBS must be maintained as required. E.g. program bugs fixed,version changes implemented, etc.
- Support: CBS must be supported to ensure that it is working effectively.
- Updation: CBS modules must be updated based on requirements of business processes, technology updatesand regulatory requirements.
- Audit: Audit of CBS must be done internally and externallyas required to ensure that controls are working as envisaged.
FAQ 6. What is Section 43 of IT Act, 2000 related to penalty and compensation for damage to computer and computer system?
Section 43 provides for Penalty and compensation for damage to computer, computer system, etc.
If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network, or computer resource: [C/CS/CN]
-
- Accesses or secures access to such computer, computer system or computer network;
- Downloads, copies or extracts any data, computer database or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
- Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
- Damages or causes to be damaged any computer, computer system or computer network, data, computer database or any other programs residing in such computer, computer system or computer network;
- Disrupts or causes disruption of any computer, computer system or computer network;
- Denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
- Charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, he shall be liable to pay damages by way of Compensation to the person so affected.
- Destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means; Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage.
FAQ 7. What is Internal Control in Banks?
Risks are mitigated by implementing internal controls as appropriate to the business environment.
These types of controls must be integrated in the IT solution implemented at the bank’s branches.
Some examples of internal controls in bank branch are given here:
-
- Work of one staff member is invariably supervised/checked by another staff member, irrespective of the nature of work (Maker-Checker process).
- A system of job rotation among staff exists.
- Financial and administrative powers of each official/position is fixed and communicated to all persons concerned.
- Branch managers must send periodic confirmation to their controlling authority on compliance of the laid down systems and procedures.
- All books are to be balanced periodically. Balancing is to be confirmed by authorized official.
- Details of lost security forms are immediately advised to controlling so that they can exercise caution.
- Fraud prone items like currency, valuables, draft forms, term deposit receipts, traveller’s cheques and other such security forms are in the custody of at least two officials of the branch.
FAQ 8. What are Information Technology (IT) risks related to control of a bank?
IT risks need to be mitigated by implementing the right type and level of controls in the automated environment. This is done by integrating controls into IT.
Sample list of IT related controls are:
(1) The system maintains a record of all log-ins and log-outs.
(2) The system checks whether the amount to be withdrawn is within the drawing power.
(3) The system flashes a message if the balance in a lien account would fall below the lien amount after the processing of the transaction.
(4) Access to the system is available only between stipulated hours and specified days only.
(5) Individual users can access only specified directories and files. Users should be given access only on a ‘need-to-know basis’ based on their role in the bank. This is applicable for internal users of the bank and customers.
(6) A user timeout is prescribed. This means that after a user logs-in and there is no activity for a pre-determined time, the user is automatically logged- out of the system.
(7) Exception situations such as limit excess, reactivating dormant accounts, etc. can be handled only with a valid supervisory level password.
(8) If the transaction is sought to be posted to a dormant (or inoperative) Account, the processing is halted and can be proceeded with only with a supervisory password.
(9) Once the end-of-the-day process is over, the ledgers cannot be opened without a supervisory level password.
FAQ 9. What is Money Laundering in terms of Banks?
1. Section 3 of Prevention of Money Laundering Act (PMLA), 2002 defines ‘Money Laundering’ as:
‘whosoever directly or indirectly
-
- attempts to indulge, or
- knowingly assists, or
- knowingly is a party, or
- is actually involved
in any process or activity connected with the proceeds of crime and projecting it as untainted property shall be guilty of the offence of money-laundering.
2. Money Laundering is the process by which the proceeds of the crime and the true ownership of those proceeds are concealed or made opaque so that the proceeds appear to come from a legitimate source.
-
- The objective in money laundering is to conceal the existence, illegal source, or illegal application of income to make it appear legitimate.
- Money laundering is commonly used by criminals to make ‘dirty’ money appear ‘clean’ or the profits of criminal activities are made to appear legitimate.
- Money Laundering involves three stages namely- Placement, Layering, Integration.
3. Stages of money laundering are:
1. Placement
-
-
- The first stage involves the Placement of proceeds derived from illegal activities:
- the movement of proceeds, frequently currency, from the scene of the crime.
- to a place, or into a form, less suspicious and more convenient for the criminal.
-
2. Layering:
-
-
- Layering involves the separation of proceeds from illegal source using complex transactions designed to obscure the audit trail and hide the proceeds.
- Criminals frequently use shell corporations, offshore banks or countries with loose regulation and secrecy laws for this purpose.
- Layering involves sending the money through various financial transactions to change its form and make it difficult to follow.
- Layering may consist of several banks to bank transfers or wire transfers
-
-
-
-
- between different accounts
- in different names
- in different countries
-
-
making deposit and withdrawals to continually vary the amount of money in the accounts changing the money’s currency purchasing high value items (boats, houses cars, diamonds) to change the form of money-making it hard to trace.
3. Integration
-
-
- Integration involves conversion of illegal proceeds into apparently legitimate business earnings through normal financial or commercial operations.
- Integration creates the illusion of a legitimate source for criminally derived funds and involves techniques as numerous and creative as those used by legitimate businesses.
- E.g:
-
-
-
-
- false invoices for goods exported,
- domestic loan against a foreign deposit,
- purchasing of property and
- commingling of money in bank accounts.
-
-
FAQ 10. What is a Cyber Crime?
- Cybercrime also known as computer crime is a crime that involves use of a computer and a network.
- The computer may have been used in committing a crime, or it may be the target.
- Cybercrimes is defined as:
– Offences
– that are committed against individuals or groups of individuals
– with a criminal motive to
-
-
- intentionally harm the reputation of the victim or
- cause physical or mental harm, or loss, to the victim
(directly or indirectly),
-
– using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones.
FAQ 11. What are they key functions of RBI?
The key functions of RBI are given here:
-
- Monetary Authority: Formulates implements and monitors the monetary policy with the objective of maintaining price stability and ensuring adequate flow of credit to productive sectors.
- Regulator and supervisor of the Financial System: Prescribes broad parameters of banking operations within which the country’s banking and financial system functions with the objective of maintaining public confidence in the system, protect depositor’s interest and provide cost-effective banking services to the public.
- Issuer of currency: Issues and exchanges or destroys currency and coins not fit for circulation with the objective to give the public adequate quantity of supplies of currency notes and coins and in good quality.
FAQ 12. What are the risks involved in the credit card process?
Various risks that are involved in the Credit Card process are as follows:
-
- Credit Line setup is unauthorized and not in line with the banks policy.
- Masters defined for the customer are not in accordance with the Pre-Disbursement Certificate.
- Credit Line setup can be breached.
- Inaccurate interest/charge being calculated in the Credit Card system.
- Inaccurate reconciliations performed.
FAQ 13. What are the possible risks and their controls around the CASA (Current and Saving Account) process?
S. No. | Risk | Key Controls |
1. | Credit Line setup is unauthorized and not in line with the banks policy. | The credit committee checks that the Financial Ratios, the Net-worth, the Risk factors and its corresponding mitigating factors, the Credit Line offered and the Credit amount etc. is in line with Credit Risk Policy and that the Client can be given the Credit Line. |
2. | Credit Line setup in CBS is unauthorized and not in line with the banks policy. | Access rights to authorize the credit limit in case of account setup system should be restricted to authorized personnel. |
3. | Customer Master defined in CBS is not in accordance with the Pre-Disbursement Certificate. | Access rights to authorize the customer master in CBS should be restricted to authorized personnel. |
4. | Inaccurate interest/charge being calculated in CBS. | Interest on fund based facilities are automatically calculated in the CBS as per the defined rules. |
5. | Unauthorized personnel approving the CASA’S transaction in CBS. | Segregation of Duties to be maintained between the initiator and authorizer of the transaction for processing transaction in CBS. |
6. | Inaccurate Accounting Entries Generated in CBS | Accounting entries are generated by CBS basis the facilities requested by the Customer and basis defined Configurations for those facilities in CBS. |
FAQ 14. What is a Mortgage Plan?
A Mortgage loan is a secured loan which is secured on the borrower’s property by marking a lien on the property as collateral for the loan. If the borrower stops paying, then the lender has the first charge on the property. Mortgages are used by individuals and businesses to make large real estate purchases without paying the entire value of the purchase up front. Over the period of many years, the borrowers repay the loan amount along with interest until there is no outstanding.
Types of Mortgage Loan:
-
- Home Loan: This is a traditional mortgage where customer has an option of selecting fixed or variable rate of interest and is provided for the purchase of property.
- Top Up Loanhere the customer already has an existing loan and is applying for additional amount either for refurbishment or renovation of the house
- Loans for Under Construction Property: In case of under construction properties the loan is disbursed in tranches/parts as per construction plan.
FAQ 15. What is a classification of Credit Facilities?
CLASSIFICATION OF CREDIT FACILITIES: These may broadly be classified as under
(i) Fund Based Credit Facilities: Fund based credit facilities involve outflow of funds meaning thereby the money of the banker is lent to the customer. They can be generally of following types:
-
-
- Cash Credits/Overdrafts
- Demand loans/Term loans
- Bill Discounting
-
(ii) Non-Fund Based Credit Facilities: In this type of credit facility, the bank funds are not lent to the customer and they include Bank Guarantee and Letter of Credit.
FAQ 16. What are the risks w.r.t. to information security for Banks?
Risks | Key IT Controls |
1. Significant information resources may be modified inappropriately, disclosed without authorization, And/or unavailable when needed. (e.g., they may be deleted without Authorization). | Super user access or administrator passwords are changed on system installation and are available with Administrator only.
Password of super user or administrator is adequately protected. |
2. Lack of management direction and commitment to protect information assets. | Security policies are established and management monitors compliance with policies. |
3. Potential loss of confidentiality, availability and integrity of data and system. | Vendor default passwords for applications systems, operating system, databases, & network and communication software are appropriately modified, eliminated, or disabled. |
4. User accountability is not established. | All users are required to have a unique user id. |
5. It is easier for unauthorized users to guess the password of an authorized user and access the system and/or data. This may result in loss of confidentiality, availability and integrity of data and system. | The identity of users is authenticated to the systems through passwords.
The password is periodically changed, kept confidential and complex & (e.g., password length, alphanumeric content, etc.) |
6. Unauthorized viewing, modification or copying of data and/or unauthorized use, modification or denial of service in the system. | System owners authorize the nature and extent of user access privileges, and such privileges are periodically reviewed by system owners. |
7. Security breaches may go undetected. | Access to sensitive data is logged and the logs are regularly reviewed by management. |
8. Potential loss of confidentiality, availability and integrity of data and system. | Physical access restrictions are implemented and administered to ensure that only authorized individuals can access or use information resources. |
9. Inadequate preventive measure for key server and IT system in case of environmental threat like heat, humidity, fire, flood etc. | Environmental control like smoke detector, fire extinguisher, temperature maintenance devices and humidity control devices are installed and monitored in data center. |
10. Unauthorized system or data access, loss and modification due to virus, worms and Trojans. | Network diagram is prepared and kept updated. Regular reviews of network security are performed to detect and mitigate network vulnerabilities. |
FAQ 17. What is the Impact of Technology in Banking?
-
- The four key components of banking business with controls pervading all the four areas of business process, policies and procedures, regulatory requirements and organization structure.
- However, in the CBS environment, technology encompasses all the four critical components which are business processes, policies and procedures, regulatory requirements and organization structure.
- All control relevant for all four components are embedded inside and facilitated through technology. The same technology platform is configured as per specific business style of the bank to provide new products and services.
- The dependence on technology in a bank is also very high. If IT fails, then none of the business processes can be performed.
- Hence, it is important to understand how the four components of banking business are configured, maintained and updated using technology.
- As per policy directives of regulators, the banking software should be configured or updated.
- The controls also need to be implemented and updated at different layers of technology such as system software, network, database, application software, etc.
FAQ 18. What are the various sub-processes involved in the Information Security?
Information Security
Information security is critical to mitigate the risks of Information technology. Security refers to ensure Confidentiality, Integrity and Availability of information. RBI has suggested use of ISO 27001: 2013 implement information security. Banks are also advised to obtain ISO 27001 Certification. Many banks have obtained such certification for their data centers. Information security is comprised of the following sub-processes:
-
- Information Security Policies, Procedures and practices: Refers to the processes relating to approval and implementation of information security. The security policy is basis on which detailed procedures and practices are developed and implemented at various units/department and layers of technology, as relevant. These cover all key areas of securing information at various layers of information processing and ensure that information is made available safely and securely.
- User Security Administration: Refers to security for various users of information systems. The security administration policy documents define how users are created and granted access as per organization structure and access matrix. It also covers the complete administration of users right from creation to disabling of users is defined as part of security policy.
- Application Security: Refers to how security is implemented at various aspects of application right from configuration, setting of parameters and security for transactions through various application controls.
- Database Security: Refers to various aspects of implementing security for the database software.
- Operating System Security: Refers to security for operating system software which is installed in the servers and systems which are connected to the servers.
- Network Security: Refers to how security is provided at various layers of network and connectivity to the servers.
- Physical Security: Refers to security implemented through physical access controls.
FAQ 19. What are the Key Modules of CBS?
All key modules of banking such as:
-
- Back-office,
- Data Warehouse,
- Credit Card System,
- ATM Switch,
- Central Server,
- Mobile banking & Internet banking,
- Branch Banking
are all connected and related transactions are interfaced with the central server and are explained below:
-
- Back-office: The Back-office is the portion of a company made up of administration and support personnel, who are not client-facing. Back-office functions include settlements, clearances, record maintenance, regulatory compliance, accounting, and IT services. Back Office professionals may also work in areas like monitoring employees’ conversations and making sure they are not trading forbidden securities on their own accounts.
-
- Data Warehouse: Banking professionals use data warehouses to simplify and standardize the way they gather data – and finally get to one clear version of the truth. Data warehouses take care of the difficult data management – digesting large quantities of data and ensuring accuracy and make it easier for professionals to analyze data.
- Credit-Card System:Credit card system provides customer management, credit card management, account management, customer information management and general ledger functions; provides the online transaction authorization and service of the bank card in each transaction channel of the issuing bank; Support in the payment application;
- Automated Teller Machines (ATM):An Automated Teller Machine (ATM) is an electronic banking outlet that allows customers to complete basic transactions without the aid of a branch representative or teller. Anyone with a credit card or debit card can access most ATMs. ATMs are convenient, allowing consumers to perform quick, self-serve transactions from everyday banking like deposits and withdrawals to more complex transactions like bill payments and transfers.
- Central Server: At start, it used to take at least a day for a transaction to get reflected in the real account because each branch had their local servers, and the data from the server in each branch was sent in a batch to the servers in the data center only at the end of the day (EOD). But now-a-days; most banks use core banking applications to support their operations creating a Centralized Online Real-time Exchange (or Environment) (CORE). This means that all the bank’s branches access applications from centralized data centers/servers, therefore, any deposits made in any branch are reflected immediately and customer can withdraw money from any other branch throughout the world.
- Mobile Banking & Internet Banking:Mobile Banking and Internet banking are two sides of the same coin. The screens have changes, the sizes have become smaller and banking has become simpler. Mobile banking is a much latest entrant into the digital world of banking.
-
-
- Internet Banking also known as Online Banking, is an electronic payment system that enables customers of a bank or other financial institution to conduct a range of financial transactions through the financial institution’s website.
- Mobile Banking is a service provided by a bank or other financial that allows its customers to conduct financial institution that allows its customers to conduct financial transactions remotely using a mobile device such as a Smartphone or tablet.
- Phone Banking: It is a functionality through which customers can execute many of the banking transactional services through Contact Centre of a bank over phone, without the need to visit a bank branch or ATM. Registration of Mobile number in account is one of the basic perquisite to avail Phone Banking.
-
-
- Branch Banking:CBS are the bank’s centralized systems that are responsible for ensuring seamless workflow by automating the frontend and backend processes within a bank. CBS enables single-view of customer data across all branches in a bank and thus facilitate information across the delivery channels. The branch confines itself to the following key functions:
-
-
- Creating manual documents capturing data required for input into software;
- Internal authorization;
- Initiating Beginning-of-Day (BOD) operations;
- End-of-Day (EOD) operations; and
- Reviewing reports for control and error correction.
-
To conclude, CBS implementation has cut down time, working at the same time on dissimilar issues and escalating usefulness.
Also Read:
Reserve Bank of India (RBI) | Objectives, Establishment & Functions
Audit of Banks – Banking Operations, Auditing Framework & Audit of Advances
Disclaimer: The content/information published on the website is only for general information of the user and shall not be construed as legal advice. While the Taxmann has exercised reasonable efforts to ensure the veracity of information/content published, Taxmann shall be under no liability in any manner whatsoever for incorrect information, if any.
Taxmann Publications has a dedicated in-house Research & Editorial Team. This team consists of a team of Chartered Accountants, Company Secretaries, and Lawyers. This team works under the guidance and supervision of editor-in-chief Mr Rakesh Bhargava.
The Research and Editorial Team is responsible for developing reliable and accurate content for the readers. The team follows the six-sigma approach to achieve the benchmark of zero error in its publications and research platforms. The team ensures that the following publication guidelines are thoroughly followed while developing the content:
- The statutory material is obtained only from the authorized and reliable sources
- All the latest developments in the judicial and legislative fields are covered
- Prepare the analytical write-ups on current, controversial, and important issues to help the readers to understand the concept and its implications
- Every content published by Taxmann is complete, accurate and lucid
- All evidence-based statements are supported with proper reference to Section, Circular No., Notification No. or citations
- The golden rules of grammar, style and consistency are thoroughly followed
- Font and size that’s easy to read and remain consistent across all imprint and digital publications are applied