Why banks should fortify their core foundation

Reported by: |Updated: May 5, 2020

Himanish Chaudhuri
Partner, Deloitte India

With the spread of COVID-19, governments have mandated lockdowns and social distancing, thereby creating a paradigm shift in the working environment of banks, from a traditional office space towards an agile, responsive and dynamic mode of operating. Banking services are essential services that need to be operational despite the given times.

While banks have continued to function on a day-to-day basis, various concerns and limitations have been surfacing across various domains. It is therefore critical to look at a few of them, to effectively plan for the future, in both a tactical and strategic manner.


While technology driven companies have managed to effectively function on an offsite-working model, several financial institutions are grappling with the disruptive impact of the pandemic on their operating model, as services are offered to customers on a real time basis, round the clock.

Due to the surge in demand to work remotely, there has been undue pressure on the technology resources of the banks, to enable employees to work from home. Virtual desktop infrastructure set-up, enablement of VPNs, increasing network bandwidths, and procurement of additional laptops to accommodate remote working, have been the key immediate focus areas for technology resources.

At the users’ end, challenges have been noted with regard to speed and connectivity, with several users connecting to their respective networks through dongles, hotspot networks, and Wi-Fi, amongst other modes.

While banks and financial institutions have invoked their existing business continuity plans (BCP), the current situation calls for a more adaptive and reactive BCP. Banks have invoked their BCPs for critical functions and that has helped them in keeping their branches and critical operations active. However, for areas such as support functions, IT vendors, auditors and on-going projects, the efforts to achieve seamless integration with the prevailing situation are still continuously evolving and they are working towards building a dynamic BCP.


Protection of data is undoubtedly the most important focus factor across all banks and financial institutions, with the migration to work from home requiring utilisation of data outside the secure networks, through remote devices and open networks.

Based on the extent of the current situation, banks shall be required to significantly augment their monitoring/ fraud prevention tools, for detection of unauthorised movement of data. Policies around data transfer between the bank and external vendors/partners of the bank need to be strengthened to cater to scenarios as prevalent today.

Banks also need to consider investments in data analytics and insight generation tools for real time analysis on business and to monitor risk trends.


The rise of COVID-19 has prompted several banks to enforce work from home. However, banking is an essential service and needs to be operational, leading to significant impact on the front-, middle-, and back-office operations.

For teams that have functioned only at office premises or on the shop floor, they face the challenge of transitioning to remote working. For example, the workload of front-end functions have significantly reduced, however on the other end of the spectrum, the impact on client servicing has significantly increased.

Assistance to existing clientele, quick response in implementing measures to combat the lockdown, while ensuring effective communication with their customers, and re-establishment of contact/ customer service centers are areas of focus.

Another area which has been impacted are third party vendors and their talent who were working on banks’ premises. Changeover to move data to the vendor is a risk that needs to be evaluated by all banks.

Todays’ environment demands the need for remote working. However, once the novelty has worn off, stress of its challenges will become more apparent, with the lack of boundaries, undefined roles and responsibilities, and social isolation, amongst others.  Additionally, banks and financial institutions have limited work from home / flexi work policies and have not conducted rehearsals of such scenarios for a steep learning curve from the workforce to adapt.

The inadequate knowhow and competencies to migrate to collaborative tools is also a key factor in the effective migration to the offsite working model in banks. These collaborative tools enable easier distribution of work, exchange of information and monitoring, and supervision of tasks, and it is imperative that there is adequate training and enablement provided to employees to ensure that they effectively migrate to these collaborative tools and platforms.

Banks are paving the way to increase involvement of employees and upkeep employee morale in these uncertain times, through cross-functional trainings, virtual fitness schedules, and employee initiatives to assuage the increasing concerns with relation of remote working.

Adaptive methods to deal with on-boarding of new hires, exits of existing employees are also areas that need to be looked into by banks, to facilitate smooth transitions, in and out of a bank.


With the latest RBI relief packages, it is now crucial that banks adhere to ensure adequate implementation and due compliance and make the necessary tweaks within their systems and processes to accommodate the necessary changes.

Changes in the process and systems shall impact operational effectiveness, thereby increasing operational risk. For example, the three-month moratorium period for repayment of loans shall require change in computation logics, change in asset classification, modifications to the customer statement of accounts, etc. Adequate tracking, testing, and collaboration with vendors needs to be done, to incorporate such changes.

Credit risk emanating from the projected downturn in business needs to be considered given that the disbursements and repayments are delayed. Additionally, potential stress due to delayed payments shall also impact NPA and provisioning ratios post the moratorium.

Vulnerabilities in cyber risk have not been adequately envisaged until lately by banks and financial institutions. Additional load on VPNs, absence of back VPNs, RAS and load servers, older home routers with outdated software, movement of data through external drives are all incumbent cyber risks that need to be controlled and monitored.

There has been a rise in cyber-crimes, and ransomwares, for example, a ransomware called “Coronavirus”, steals and encrypts data, whereas another newer ransomware, “CovidLock”, locks victim’s phones.

Risk sensing appetite was also not prevalent across banks, to assess scenarios on predictive forecasts of global markets. Testing of scenario analyses / stress testing for extreme situations needs to be adopted on an ongoing basis.

Another key aspect to be considered is the continuing risk given the uncertainty around the situation. Banks need to continuously innovate and experiment with various technologies and working models to ensure seamless remote working.

In conclusion, the current situation is evolving on a daily basis and the banking industry has shown remarkable resilience to keep its branches and channels operational to help the common man and its institutional client. The impact and extent was not envisaged due to the unprecedented nature of this event, and the rapid escalation we have witnessed over the past six weeks. It’s imperative that banks need to forecast and think ahead to strengthen their core foundation to adjust to the new normal that will emerge in the coming months.

The banking sector has always had a history of resilience and will certainly get past these un-precedent times, with improved technologies and a more adaptive operating model focussing on long term sustainable and strategic measures.

– Himanish Chaudhuri is partner, Deloitte India.