The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 1 to 4.
AI in the Banking and Finance Industry in India
https://cis-india.org/internet-governance/blog/ai-in-banking-and-finance
<b>This is a draft report that seeks to map the present state of use of AI in the banking and financial sector in India. </b>
<p>This draft report was prepared by Saman Goudarzi, Elonnai Hickok and Amber Sinha. It was edited by Shyam Ponappa. Mapping was done by Shweta Mohandas. Pranav M Bidare, Sidharth Ray, and Aayush Rathi provided research assistance in preparing this report.</p>
<hr />
<h2>Executive Summary</h2>
<p style="text-align: justify;">In the last couple of years, the finance and banking sectors in India have increasingly deployed and implemented AI technologies. Such technologies are being implemented for front-end and back end processes – offering solutions for both financial and business management operations. At the moment, the AI landscape appears to be overwhelmingly populated by natural language processing and natural language generation technologies culminating in numerous chatbot initiatives by various banking and financial actors. Arguably more significant – but less documented – is the usage of said technologies for financial decision making on a variety of issues including, credit-scoring, transactions, wealth and risk management, and fraud detection. These trends are largely facilitated by technology service companies – both large-scale firms and startups – that either work with established banking and financial institutions to deploy AI technologies or develop and offer their own financial services directly to consumers.</p>
<p style="text-align: justify;">This draft report seeks to map the present state of use of AI in the banking and financial sector in India. In doing so, it explores:</p>
<ul>
<li>Uses: What is the present use of AI in banking and finance? What is the narrative and discourse around AI and banking/finance in India?</li>
<li>Actors: Who are the key stakeholders involved in the development, implementation and regulation of AI in the banking/finance sector?</li>
<li>Impact: What is the potential and existing impact of AI in the banking and finance sectors?</li>
<li>Regulation: What are the challenges faced in policy making around AI in the banking and finance sectors?</li></ul>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;">The draft report first offers an overview of the ways in which AI is being used in the sector. This is followed by an examination of existing challenges to the adoption of AI and the significant legal and ethical concerns that need to be considered in light of these trends. Lastly, the draft report draws attention to a number of key government actions and initiatives surrounding AI related to the banking and finance industry, discusses challenges to the adoption and implementation of AI and articulates recommendations towards addressing the same. </p>
<p>Download the draft report <a href="https://cis-india.org/internet-governance/files/ai-in-banking-and-finance" class="internal-link" title="AI in Banking and Finance">here</a></p>
<p>19th June Update: This case study has been modified to remove interview quotes, which are in the process of being confirmed. The link above is the latest draft of the report.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/ai-in-banking-and-finance'>https://cis-india.org/internet-governance/blog/ai-in-banking-and-finance</a>
</p>
No publisherSaman Goudarzi, Elonnai Hickok and Amber SinhaBankingInternet Governance2018-06-19T11:48:39ZBlog Entry50p and Digital Payments Masterclass Learning - CIS
https://cis-india.org/internet-governance/50p-and-digital-payments-masterclass-learning-cis
<b>Sunil Abraham, Saikat Dutta and Udbhav Tiwari from the CIS team attended 50p on the 24 and 25 of January 2017 in Bangalore, India. We had the following learnings from the event, which will shape our work in the digital finance and payments space in the future. </b>
<p style="text-align: justify;" dir="ltr">Sunil Abraham, Saikat Dutta and Udbhav Tiwari from the CIS team attended 50p on the 24 and 25 of January 2017 in Bangalore, India. We had the following learnings from the event, which will shape our work in the digital finance and payments space in the future.</p>
<p style="text-align: justify;" dir="ltr"> </p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Historical Developments of Digital Payments Regulation in India - The historical development of the digital payments ecosystem in India, starting with mobile/SMS banking around 2004, focusing mostly on high-end consumers. The widely varying implementations across banks led to the RBI taking an active regulatory approach, beginning with the introduction of compulsory two factor authentication in the form of mandatory PIN usage for credit and debit cards. This move helped secure “card not present” (CNP) transactions, which in turn allowed the e commerce, online streaming services and other digital services to rapidly gain customers. This serves as an example of how simple, targeted and uniformly imposed regulations can help secure widely used digital payment modes, securing customers while expanding opportunities for businesses. The Watal Committee report has also stressed on how the the industry and consumers alike, in the medium term, will benefit from focused sectoral regulation for the FinTech industry.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Expansion in the Modern Digital Payments Industry - The digital payments industry has expanded from having three main stakeholders (banks, card issuing agencies and customers) in mid 2000s to over eight distinct entities who take part in the same payments chain. These include Digital Wallet Providers, Payment Gateways, Payment Processors, Ticketing or Payment Service Providers Billers, all of which are operate with millions of transactions per day. This not only increases the potential attack surface for possible attempts at compromising them but also governance under traditional banking regulations difficult for the regulatory authority. The introduction of BBPS (Bharat Bill Pay System) to integrate the thousands of local utility bill payment system in India, into one centrally administered programme, is just one example of the vast amounts of data being generated (and integrated) by the digital payments industry. Therefore, the need for unique FinTech regulations and standards (maybe even a regulator) to handle the rapidly expanding and critical industry is quite strong in the booming space in India.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<ol start="3"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">UPI - The Unified Payments Interface (UPI) is a set of standards that allow for a single application to connect to and control multiple bank accounts (of participating banks), allowing users to use several banking services such as funds transfer (P2P), merchant payments, etc. Initially launched in August, 2016 with support from 16 banks and is gaining rapid acceptance among users, businesses and payment providers alike. While built on the same technological underpinnings as the IMPS system, the UPI standard allows for a wide variety of data, including credit scores, Aadhaar numbers and geographical location to be transmitted. While the standard itself seems reasonably secure, its diverse and closed source implementation allow for the usual closed source development risks of security and unresolved bugs. It is stipulated to become the most widely used digital transaction protocol in India and the backbone of the FinTech industry due to its interoperability and regulatory acceptance. A set of security guidelines and practices that allow for a uniform, secure and auditable implementation of the UPI standard as well as its operational usage will aid in faster and more secure development of the standard while simultaneously protecting consumer interest.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<ol start="4"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Need for Consumer Advocacy - The need for educating consumers about the technical operations of the digital payments industry, best practices to maximise user facing security and strategies for effective dispute redressal were tagged as key focus areas by various groups. The inadequacy of the Consumer Protection Act to deal with the labyrinth of digital payments and the relative lack of liability and breach notification laws (especially in the non-banking finance companies sector) have lead to bargaining power in consumer contracts to fall in the favour of the digital payments industry. While initiatives such as Cashless Consumer are attempting to rectify this, sustained and well planned initiatives implemented in a diverse and multi-lingual manner will be needed to keep up with the rapid pace of expansion in the industry and is burgeoning user base. Incidental benefits of such programmes (an increase in the demand for data protection and privacy aware practices) will also serve to further consumer interest in a manner that will have a positive impact outside the FinTech industry.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<p><span id="docs-internal-guid-a0d03bdc-abb4-587e-0c9f-186a5b07117c"></span></p>
<ol start="5"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">USSD - The recent push towards USSD based banking, which allows banking transactions to be carried using feature phones, has led to various concerns regarding its security, reliability and implementation. The varying levels of GSM encryption in the providers in India, the lack of open standards (such as HTTPS for Internet Banking) that allow consumers to verify security and the rapid but untested implementation by most banks have led to some players raising doubts about the possibility of exploitation of the particularly vulnerable section of users that will use USSD banking. The need for a detailed investigation into current practices, open and auditable standards unique to USSD banking in India and regulations that mandate a minimum level of compliance was expressed by multiple stakeholders.</p>
</li></ol>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/50p-and-digital-payments-masterclass-learning-cis'>https://cis-india.org/internet-governance/50p-and-digital-payments-masterclass-learning-cis</a>
</p>
No publisherUdbhav TiwariFinancial TechnologyDigital PaymentBankingBitcoinDigital MoneyCyber Security2017-06-15T12:29:52ZBlog EntryRBI Directions on Account Aggregators
https://cis-india.org/internet-governance/blog/rbi-directions-on-account-aggregators
<b>The Reserve Bank of India's (RBI) Directions for account aggregator services in India seem to lay great emphasis on data security by allowing only direct access between institutions and do away with data scraping techniques.</b>
<p style="text-align: justify; ">These days’ people have access to various financial services and manage their finances in a diverse manner while dealing with a large number of financial service providers, each providing one or more services that the user may need such as banking, credit card services, investment services, etc. This multiplicity of financial service providers could make it inconvenient for the users to keep track of their finances since all the information cannot be provided at the same place. This problem is sought to be solved by the account aggregators by providing all the financial data of the user at a single place. Account aggregation is the consolidation of online financial account information (e.g., from banks, credit card companies, etc.) for online retrieval at one site. In a typical arrangement, an intermediary (e.g., a portal) agrees with a third party service provider to provide the service to consumers, the intermediary would then generally privately label the service and offer consumers access to it at the intermediary’s website.<a href="#_ftn1" name="_ftnref1">[1]</a> There are two major ways in which account aggregation takes place, (i) <i>direct access</i>: wherein the account aggregator gets direct access to the data of the user residing in the computer system of the financial service provider; and (ii) <i>scraping</i>: where the user provides the account aggregator the username and password for its account in the different financial service providers and the account aggregator scrapes the information off the website/portal of the different financial service providers.</p>
<p style="text-align: justify; ">Since account aggregation involves the use and exchange of financial information there could be a number of potential risks associated with it such as (i) loss of passwords; (ii) frauds; (iii) security breaches at the account aggregator, etc. It is for this reason that on the advice of the Financial Stability and Development Council,<a href="#_ftn2" name="_ftnref2">[2]</a> the Reserve Bank of India (“<b>RBI</b>”) felt the need to regulate this sector and on September 2, 2016 issued the Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016 to provide a framework for the registration and operation of Account Aggregators in India (the “<b>Directions</b>”). The Directions provide that no company shall be allowed to undertake the business of account aggregators without being registered with the RBI as an NBFC-Account Aggregator. The Directions also specify the conditions that have to be fulfilled for consideration of an entity as an Account Aggregator such as:</p>
<ol style="text-align: justify; ">
<li>the company should have a net owned fund of not less than rupees two crore, or such higher amount as the Bank may specify;</li>
<li>the company should have the necessary resources and wherewithal to offer account aggregator services;</li>
<li>the company should have adequate capital structure to undertake the business of an account aggregator;</li>
<li>the promoters of the company should be fit and proper individuals;</li>
<li>the general character of the management or proposed management of the company should not be prejudicial to the public interest;</li>
<li>the company should have a plan for a robust Information Technology system;</li>
<li>the company should not have a leverage ratio of more than seven;</li>
<li>the public interest should be served by the grant of certificate of registration; and</li>
<li>Any other condition that made be specified by the Bank from time to time.<a href="#_ftn3" name="_ftnref3">[3]</a></li>
</ol>
<p style="text-align: justify; ">The Direction further talk about the responsibilities of the Account Aggregators and specify that the account aggregators shall have the duties such as: (a) Providing services to a customer based on the customer’s explicit consent; (b) Ensuring that the provision of services is backed by appropriate agreements/ authorisations between the Account Aggregator, the customer and the financial information providers; (c) Ensuring proper customer identification; (d) Sharing the financial information only with the customer or any other financial information user specifically authorized by the customer; (e) Having a Citizen's Charter explicitly guaranteeing protection of the rights of a customer.<a href="#_ftn4" name="_ftnref4">[4]</a></p>
<p style="text-align: justify; ">The Account Aggregators are also prohibited from indulging in certain activities such as: (a) Support transactions by customers; (b) Undertaking any other business other than the business of account aggregator; (c) Keeping or “residing” with itself the financial information of the customer accessed by it; (d) Using the services of a third party for undertaking its business activities; (e) Accessing user authentication credentials of customers; (f) Disclosing or parting with any information that it may come to acquire from/ on behalf of a customer without the explicit consent of the customer.<a href="#_ftn5" name="_ftnref5">[5]</a> The fact that there is a prohibition on the information accessed from actually residing with the Account Aggregator will ensure greater security and protection of the information.</p>
<p style="text-align: justify; "><b>Consent Framework</b></p>
<p style="text-align: justify; ">The Directions specify that the function of obtaining, submitting and managing the customer’s consent should be performed strictly in accordance with the Directions and that no information shall be retrieved, shared or transferred without the explicit consent of the customer.<a href="#_ftn6" name="_ftnref6">[6]</a> The consent is to be taken in a standardized artefact, which can also be obtained in electronic form,<a href="#_ftn7" name="_ftnref7">[7]</a> and shall contain details as to (i) the identity of the customer and optional contact information; (ii) the nature of the financial information requested; (iii) purpose of collecting the information; (iv) the identity of the recipients of the information, if any; (v) URL or other address to which notification needs to be sent every time the consent artefact is used to access information; (vi) Consent creation date, expiry date, identity and signature/ digital signature of the Account Aggregator; and (vii) any other attribute as may be prescribed by the RBI.<a href="#_ftn8" name="_ftnref8">[8]</a> The account aggregator is required to inform the customer of all the necessary attributes to be contained in the consent artefact as well as the customer’s right to file complaints with the relevant authorities.<a href="#_ftn9" name="_ftnref9">[9]</a> The customers shall also be provided an option to revoke consent to obtain information that is rendered accessible by a consent artefact, including the ability to revoke consent to obtain parts of such information.<a href="#_ftn10" name="_ftnref10">[10]</a></p>
<p style="text-align: justify; ">Comments: While the Directions have specific provisions regarding how the financial data shall be dealt with, it is pertinent to note that the actual consent artefact also has personal information and it is not clear whether Account Aggregators are allowed disclose that information to third parties are not.</p>
<p style="text-align: justify; "><b>Disclosure and sharing of financial information</b></p>
<p style="text-align: justify; ">Financial information providers such as banks, mutual funds, etc. are allowed to share information with account aggregators only upon being presented with a valid consent artifact and also have the responsibility to verify the consent as well as the credentials of the account aggregator.<a href="#_ftn11" name="_ftnref11">[11]</a> Once the verification is done, the financial information provider shall digitally sign the financial information and transmit the same to the Account Aggregator in a secure manner in real time, as per the terms of the consent.<a href="#_ftn12" name="_ftnref12">[12]</a> In order to ensure smooth flow of data, the Directions also impose an obligation on financial information providers to:</p>
<ul style="text-align: justify; ">
<li>implement interfaces that will allow an Account Aggregator to submit consent artefacts, and authenticate each other, and enable secure flow of financial information;</li>
<li>adopt means to verify the consent including digital signatures;</li>
<li>implement means to digitally sign the financial information; and</li>
<li>maintain a log of all information sharing requests and the actions performed pursuant to such requests, and submit the same to the Account Aggregator.<a href="#_ftn13" name="_ftnref13">[13]</a></li>
</ul>
<p style="text-align: justify; ">Comments: The Directions provide that the Account Aggregator will not support any transactions by the customers and this seems to suggest that in case of any mistakes in the information the customer would have to approach the financial information provider and not the Account Aggregator.</p>
<p style="text-align: justify; "><b>Use of Information</b></p>
<p style="text-align: justify; ">The Directions provide that in cases where financial information has been provided by a financial information provider to an Account Aggregator for transferring the same to a financial information user with the explicit consent of the customer, the Account Aggregator shall transfer the same in a secure manner in accordance with the terms of the consent artefact only after verifying the identity of the financial information user.<a href="#_ftn14" name="_ftnref14">[14]</a> Such information, as well as information which may be provided for transferring to the customer, shall not be used or disclosed by the Account Aggregator or the Financial Information user except as specified in the consent artefact.<a href="#_ftn15" name="_ftnref15">[15]</a></p>
<p style="text-align: justify; "><b>Data Security</b></p>
<p style="text-align: justify; ">The Directions specify that the business of an Account Aggregator will be entirely Information Technology (IT) driven and they are required to adopt <b>required IT framework</b> and interfaces to ensure secure data flows from the financial information providers to their own systems and onwards to the financial information users.<a href="#_ftn16" name="_ftnref16">[16]</a> This technology should also be scalable to cover any other financial information or financial information providers as may be specified by the RBI in the future.<a href="#_ftn17" name="_ftnref17">[17]</a> The IT systems should also have adequate safeguards to ensure they are protected against unauthorised access, alteration, destruction, disclosure or dissemination of records and data.<a href="#_ftn18" name="_ftnref18">[18]</a> Information System Audit of the internal systems and processes should be in place and be conducted at least once in two years by CISA certified external auditors whose report is to be submitted to the RBI.<a href="#_ftn19" name="_ftnref19">[19]</a> The Account Aggregators are prohibited from asking for or storing customer credentials (like passwords, PINs, private keys) which may be used for authenticating customers to the financial information providers and their access to customer’s information will be based only on consent-based authorisation (for scraping).<a href="#_ftn20" name="_ftnref20">[20]</a></p>
<p style="text-align: justify; "><b>Grievance Redressal</b></p>
<p style="text-align: justify; ">The Directions require the Account Aggregator to put in place a policy for handling/ disposal of customer grievances/ complaints, which shall be approved by its Board and also have a dedicated set-up to address customer grievances/ complaints which shall be handled and addressed in the manner prescribed in the policy.<a href="#_ftn21" name="_ftnref21">[21]</a> The Account Aggregator also has to display the name and details of the Grievance Redressal Officer on its website as well as place of business.<a href="#_ftn22" name="_ftnref22">[22]</a></p>
<p style="text-align: justify; "><b>Supervision</b></p>
<p style="text-align: justify; ">The Directions require the Account Aggregators to put in place various internal checks and balances to ensure that the business of the Account Aggregator does not violate any laws or regulations such as constitution of an Audit Committee, a Nomination Committee to ensure the “fit and proper” status of its Directors, a Risk Management Committee and establishment of a robust and well documented risk management framework.<a href="#_ftn23" name="_ftnref23">[23]</a> The Risk Management Committee is required to (a) give due consideration to factors such as reputation, customer confidence, consequential impact and legal implications, with regard to investment in controls and security measures for computer systems, networks, data centres, operations and backup facilities; and b) have oversight of technology risks and ensure that the organisation’s IT function is capable of supporting its business strategies and objectives.<a href="#_ftn24" name="_ftnref24">[24]</a> Further the RBI also has the power to inspect any Account Aggregator at any time.<a href="#_ftn25" name="_ftnref25">[25]</a></p>
<p style="text-align: justify; "><b>Penalties</b></p>
<p style="text-align: justify; ">The Directions themselves do not provide for any penalties for non compliance, however since the Directions are issued under Section 45JA of the Reserve Bank of India Act, 1934 (“<b>RBI Act</b>”), this means that any contravention of these directions will be punishable under Section 58B of the RBI Act which provides for an imprisonment of upto 3 years as well as a fine for any contravention of such directions.</p>
<p style="text-align: justify; "><b>Conclusion</b></p>
<p style="text-align: justify; ">The Directions by the RBI provide a number of regulations and checks on Account Aggregators with the view to ensure safety of customer financial data. These Directions appear to be quite trendsetting in the sense that in most other jurisdictions such as the United States or even Europe there are no specific regulations governing Account Aggregators but their activities are mainly being governed under existing privacy or consumer protection legislations.<a href="#_ftn26" name="_ftnref26">[26]</a></p>
<p style="text-align: justify; ">The entire regulatory regime for Account Aggregators seems to suggest that the RBI wants Account Aggregators to be like funnels to channel information from various platforms right to the customer (or financial information user) and it does not want to take a chance with the information actually residing with the Account Aggregators. Further, by prohibiting Account Aggregators from accessing user authentication credentials, the RBI is trying to eliminate the possibility of this information being leaked or stolen. Although this may make it more onerous for Account Aggregators to provide their services, it is a great step to ensure the safety and security of customer data.</p>
<p style="text-align: justify; ">In recent months the RBI has been trying to actively engage with the various new products being introduced in the financial sector owing to various technological advancements, be it the circular informing the public about the risks of virtual currencies including Bitcoin, the consultation paper on P2P lending platforms or these current guidelines on Account Aggregators. These recent actions of the RBI seem to suggest that the RBI is well aware of various technological advancements in the financial sector and is keeping a keen eye on these technologies and products, but appears to be taking a cautious and weighted approach regarding how to deal with them.</p>
<hr />
<p style="text-align: justify; "><a href="#_ftnref1" name="_ftn1">[1]</a> Ann S. Spiotto, <i>Financial Account Aggregation: The Liability Perspective</i>, Fordham Journal of Corporate & Financial Law, 2006, Volume 8, Issue 2, Article 6, available at <a href="http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1181&context=jcfl">http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1181&context=jcfl</a></p>
<p style="text-align: justify; "><a href="#_ftnref2" name="_ftn2">[2]</a> <a href="https://rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=34345">https://rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=34345</a></p>
<p style="text-align: justify; "><a href="#_ftnref3" name="_ftn3">[3]</a> Clause 4.2.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref4" name="_ftn4">[4]</a> Clause 5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref5" name="_ftn5">[5]</a> Clause 5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref6" name="_ftn6">[6]</a> Clauses 6.1 and 6.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref7" name="_ftn7">[7]</a> Clause 6.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref8" name="_ftn8">[8]</a> Clause 6.3 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref9" name="_ftn9">[9]</a> Clause 6.5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref10" name="_ftn10">[10]</a> Clause 6.6 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref11" name="_ftn11">[11]</a> Clauses 7.1 and 7.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref12" name="_ftn12">[12]</a> Clauses 7.3 and 7.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref13" name="_ftn13">[13]</a> Clause 7.5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref14" name="_ftn14">[14]</a> Clause 7.6.1 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref15" name="_ftn15">[15]</a> Clause 7.6.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref16" name="_ftn16">[16]</a> Clause 9(a) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref17" name="_ftn17">[17]</a> Clause 9(c) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref18" name="_ftn18">[18]</a> Clause 9(d) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref19" name="_ftn19">[19]</a> Clause 9(f) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref20" name="_ftn20">[20]</a> Clause 9(b) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref21" name="_ftn21">[21]</a> Clauses 10.1 and 10.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref22" name="_ftn22">[22]</a> Clause 10.3 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref23" name="_ftn23">[23]</a> Clauses 12.2, 12.3 and 12.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref24" name="_ftn24">[24]</a> Clause 12.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref25" name="_ftn25">[25]</a> Clause 15 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref26" name="_ftn26">[26]</a> <a href="http://www.canadiancybersecuritylaw.com/2016/07/german-regulator-finds-banks-data-rules-impede-non-bank-competitors/">http://www.canadiancybersecuritylaw.com/2016/07/german-regulator-finds-banks-data-rules-impede-non-bank-competitors/</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/rbi-directions-on-account-aggregators'>https://cis-india.org/internet-governance/blog/rbi-directions-on-account-aggregators</a>
</p>
No publisherVipul Kharbanda and Elonnai HickokBankingFeaturedInternet GovernancePrivacy2016-10-21T15:25:01ZBlog EntryBanking Policy Guide
https://cis-india.org/internet-governance/blog/banking-policy-guide
<b>To gain a practical perspective on the existing banking practices and policies in India in this project, an empirical study of five separate and diverse banks has been conducted. The forms, policy documents, and other relevant and available documents of these banks have been analysed in this project.</b>
<p style="text-align: justify; ">These documents were obtained from the websites of the respective banks, and wherever they were lacking, from the branches of the banks themselves. Attempts were made to obtain any information required for the project that was not available on the website or in the forms from the officers of the respective banks.</p>
<p style="text-align: justify; ">The State Banks of India (hereinafter ‘SBI’), Central Bank of India (hereinafter ‘CBI’), ICICI Bank (hereinafter ‘ICICI’), IndusInd Bank (hereinafter ‘IndusInd’) and Standard Chartered Bank (hereinafter ‘SCB’) are the banks chosen for this project. As mentioned, these banks have been chosen to ensure a diverse sample pool. SBI is an Indian public multinational bank, CBI is an Indian public bank and it is not multinational, ICICI is an Indian private and multinational bank, IndusInd is an Indian private bank which isn’t multinational, and SCB is a British bank operating in India.</p>
<p style="text-align: justify; ">The forms and other documents of each of the banks have been compared against a template of twenty nine questions created from the nine principles given in <a class="external-link" href="http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf">Justice A.P. Shah Group of Experts’ Report on Privacy</a>.</p>
<p style="text-align: justify; ">The two services provided by these banks that have been analysed are Opening an Account and Taking out a Personal Loan. This comparison has been done keeping in mind the obligations of the banks under the Master Circular and the KYC Norms detailed in it, Code of Conduct, and the Rules under Section 43A of the IT Act. Attempts have been made to clarify the basis of the response as much as possible. An analysis of the obligations of the banks is present below, along with an explanation of the relevance of various parts of the two services that are analysed.</p>
<hr />
<p style="text-align: justify; ">Click to download:</p>
<ol>
<li><a href="https://cis-india.org/internet-governance/blog/banking-policy-guide.pdf" class="internal-link">Banking Policy Guide</a></li>
<li><a href="https://cis-india.org/internet-governance/blog/banking-policy-guide.xlsx" class="internal-link">Banking Practices</a></li>
</ol>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/banking-policy-guide'>https://cis-india.org/internet-governance/blog/banking-policy-guide</a>
</p>
No publisherKartik ChawlaBankingFeaturedInternet GovernancePrivacy2015-01-22T14:54:57ZBlog Entry