Security Policy to govern the protection of information assets. In addition, as per regulatory requirements, the Bank has put in place an up to date Incident Management and Cyber Crisis Management Plan to deal with incidents and cyber crises. There is also a policy governing the acceptable usage of information and system assets and policy to ensure continuity of business operations in the event of a disaster.
Given the dynamic nature of risks that the Bank faces, the Bank periodically assesses the risks and develops strategies to ensure that risks are mitigated to an acceptable level. Being technology-oriented, most of the risks are technological in nature and thus the Bank investsheavilyinsecuritytechnologies.TheBankcarries out a range of security assessments throughout the year. A 24x7 Cyber Security Operations Centre has been established to detect and contain security anomalies. This Cyber SOC is also responsible to actively monitor emerging threats based on intelligence gathering. The Bank has developed a comprehensive awareness program wherein employees are trained during on- boarding, periodic phishing simulations are carried out and awareness mailers are broadcasted to both employees and customers.
During the year, the Bank won the coveted award from IBA as the “Best IT risk Management and Cyber Security Initiative” for the third year in succession.
13.1.6. business continuity
The Business Continuity Management Policy (BCMP) of the Bank provides guidance for handling emergency situations and to reasonably ensure continuous and reliable delivery of key products and services to customers in the event of a significant business disruption, while maintaining confidence levels of its shareholders and satisfy relevant compliance requirements. The plans and procedures are in line with the guidelines issued by the RBI in this regard and are subject to regular review. The branches across regions are equipped with call-tree chart and FAQ to provide continuous customer service in case of disruption like cyclone Fani, floods, riots bringing internet service down, etc.
the effectiveness of the Bank’s Business Continuity process is realized in times of crisis as most recently during the Corona pandemic. With the onset of the pandemic, the Bank constituted a committee both at the Board and Management level. The Management team meets at frequent intervals to assess the emerging situation and decide on measures that have to be taken. This is disseminated at a granular level through its regional committees. It is significant to record that the Bank continued to offer banking services from all its branches through the pandemic, though footfall was low. Each branch has a mapped BCP branch and all employees have backups identified in the BCp branches. This has ensured that essential services have continued to be offered even if some staff members are affected.
The Board Committee is kept advised at weekly intervals and provides the required direction both in terms of strategy and personnel management. The Bank had documented its Business Impact Assessment (BIA) for critical corporate office functions, but these are being enhanced taking into account the newer processes and products being offered and to also include an Impact Assessment of its IT Applications.
13.1.7. Procurement
the procurement activity in the Bank assumes significant importance as it involves procurement of assets for the purpose of building internal efficiencies and building better infrastructure for ensuring effective customer service. The Bank has in place a Board approved procurement policy which defines the guidelines, procedures and responsibilities for various purchases/ expenses related to procurement and provides a framework to ensure that the purchased products/ services conform to specified requirements. the Bank is in the process of establishing a dedicated centralized procurement team for greater efficiency and stronger negotiation. The Bank has on boarded the required personnel for the same.
The Procurement policy is being revised and is being updated in accordance with the new Procurement department and roles. It has also been strengthened where the Bank deemed it to be necessary to ensure an apt guideline. The Procurement Standard Operating Procedure (SOP) stands updated and it has become more robust giving clear insight of the complete process and clear demarcation of roles and responsibilities allowing the process to be taken to the next level.
In this era of automation, there are a few projects which are being steered during HY 2020-21 and ones planned for the second half of this financial year. these projects are expected to improve the efficiency and efficacy of the purchase process at the Bank level and will also aid in better tracking of requirements, inculcate environment friendly practices and a shorter Turnaround Time (TAT).
The second phase of automation is expected to lead to better contract management. All contracts are vetted by the Legal department within the Bank before execution and all service agreements are accompanied by Non- DisclosureAgreements/Clauses.
13.1.8. capital charge assessment
Although RBI has not mandated SFBs to maintain capital charge for Operational Risk, the Bank has adopted Basic Indicator Approach (BIA) for measuring the capital requirements for Operational risk as applicable to Scheduled Commercial Banks. The Bank has computed its Operational Risk Capital Charge at 15% of the average of gross income for the past three completed years of operation.
 130 | AnnuAl RepoRt 2019-20