Naveenkumar Neelamgan, AVP, Baroda Global Shared Services explains how this tech subsidiary of Bank of Baroda has emerged as a profit center.
What are your roles and responsibilities as IT Head & CISO at Baroda Shared Services?
I head the overall IT across pan India. Baroda Shared services is hundred 100% percent subsidiary of Bank of Baroda. We manage entire back office of Bank of Baroda. In BGSS, we have five presence in India in Vadodara, Mumbai, Bangalore, Ahmedabad. We have a larger shared services phase, centralized the operation running out of Ahmedabad, more than 3000+ staffs are working with us. I manage the IT segment, IT infrastructure and then cyber information security. I play combination of both the road. BGSS, is a new born baby. We have started our journey two years back. We have our dedicated data center in Gandhinagar, one in Mumbai and another in Vadodara.
What are the business synergies of BGSS with Bank of Baroda? Is it a profit centre or a cost centre?
We have been closely working with the bank staff. We work on a 70:30 ratio. We have centralized operations. Intial level of work like checker, maker will be carried on from the BGSS. Anything like decision-making, anything in approval part, it goes to bank officers. So any entry level, the quality part, let’s say for account opening, working the data, checking the customer KYC, before the account gets created for the approval part will normally goes to a bank officers. So BGSS and Bank of Baroda are working together. As in, when it gets completed from our side, it will be put across to bank officer for approval.
Ultimately it is a profit center. Why I’m telling it a profit center because in place of a one bank officers, the cost of the our resources are much more cheaper. Normally we work for 48 hours to 50 hours on a weekly basis. Definitely, it is a profit center.
How does BGSS determine the technology choices?
Typically following the bank Baroda process, anything and everything in terms of technology or cybersecurity we adhere to Bank of Baroda templates. We have a separate IT team, so I would be interacting with the CISO and CTO from the bank side. We have our separate policy, however, if that is any change in content or anything needs to be changed in the existing policy then definitely will approach my counterpart, which is in BKC from Bank of Baroda. Once I will get the approval, it will be changed and then it will be rolled out, implemented in the system.
How are roles of CIO & CISO aligned at Bank of Baroda?
As mentioned, BGSS is a newborn baby. We just started three years before so we don’t have any dedicated CIO since I play a combined role in BGSS. So we have 15-20 staffs across each locations. So predominantly from BGSS starts leveraging the bank network. I would say 95% we are using, Bank of Baroda resources and technology. Remaining 5% we have our own system and technology.
How did you improve the overall security posture at Bank of Baroda?
We have a very robust technology in place right now. Along with that, we have a separate portfolio called operation risk assessment. We normally on every month or quarterly, we have an audit assessment report and we do audit assessment. We have a very tightened security, right from entering the door. We have our access control, our biometric is integrated with the HRMS system. We make sure that the moment staff login, it’ll be prompt to authentication.
We have blocked everything, none of the staffs are having any single access. We complete the control on the system.
We have a separate department of operation risk management. They normally pick the random report, security assessment on every monthly, on every quarter, they will pick the report and they will come back to us.
We have our, everything like email content monitoring system, we have our cybersecurity SIM systems in place. None of the data will go out of the network. We have a data leakage prevention on all the laptop and then if anyone try to misuse the data, so we have the system, we will get the notification and be able to prevent than resolve. If anyone would like to misuse it, for example, if anyone tried to access the pen drive, we’ll get alert. Likewise, if anyone wants to use the mobile for the charging from the system, it’s been getting the alert. We have a very stringent the protocol since part of the banking. So everything is restricted here. If there’s any lagging, we have our different team who will always do the checks on every month, every quarter, they will come back to us with the observations on basis of which we’ll take the collective measure.