Digital India: Disruptions –

Security, New Technology &

Our State of Readiness
September 2017
 Digital India | Disruptions – Security, New Technology & Our State of Readiness

Contents
Foreword 05
Introduction 06
Banking and Financial Services: Powering services
for mainstream adoption and balancing security of data 08
Digital disruption: Trends, exponential
technologies and challenges 16
Evolving Role of Regulator in Digital India 26
Glossary 30
Additional References 32
Acknowledgements 33

03
Digital India | Disruptions – Security, New Technology & Our State of Readiness

04

Foreword
The banking model is being unbundled
with the range of service providers
widening, technologies making service
offerings more personalized and
on demand, and customers making
informed decisions, leveraging advances
in data science. Players are using agile
processes, so that products and services
can get to markets sooner and be
adjusted along the path. “Mutualization”
is a case in point. The evolving regulatory
and market landscape is requiring
companies to gradually realign their
operating model to protect margins.
Industry efforts to rationalize costs
through down-sizing, outsourcing
and automation have not yielded the
savings and improvement in service
quality that was originally envisaged.
Mutualization, or the use of common
standards and/or market infrastructure,
is enabling non-core activities to be
packaged and provided as a service
to market participants. It is allowing
financial institutions to share costs,
boost efficiency in the back & middle
office and restore focus on core business
activities. It has applications in optimizing
collaterals, movement of securities, KYC
record management, and is already
showing significant results in reducing
KYC/AML costs.
Incumbent players have up their ante
and are embracing these changes, as
well as emerging competition. They are
seeking to convert banking consumers
who use digital touch-points to brand
loyalists, as also to widen their user
base. All sectors with large connect to
customers, leverage disruptive tools
when doing financial settlements with
their customer base. Due to ecosystem
Digital India | Disruptions – Security, New Technology & Our State of Readiness
partnerships forged by service providers •• Protect the People – Avoid
across sectors, customers are exposed departmental silos and allow uniform
to a host of additional choices offered by information distribution
the partners. Use of data to deliver the
•• Place your Customer First – Fulfilling
right customer experience, leveraging
customers should be the priority
innovations to make offerings simplistic
and to give the customer complete •• Avoid status quo – Try new ideas in
control are the new guiding principles solving old industry issues
for service providers. Some firms are
•• Focus on Value – Revenue should
choosing to bridge gaps in internal
always be the key driver for any idea
capabilities and adopt a more holistic and
value-based approach by understanding •• Make design thinking the way of work
that all these applications are not always
•• Acquire capabilities to catalyse the
a panacea. Organizations will have to
culture
make choices, that include trade-offs.
They will need a vision of their future, •• Balance the risk approach – encourage
the applications of these in the context controlled risks in right circumstances,
of their overall strategy, culture and while remaining cautious when
structure. They have to evaluate the key engaging in high-risk activities
considerations in implementing changes
and aligning them with their ambitions. We hope you find this report useful in
rethinking your value propositions to win
At an ecosystem level, development in over tomorrow's demanding customers.
banking infrastructure and implementing
regulations that are receptive to
innovations and data requirements are
also required.
We are not there yet and have a lot to
learn from other players and markets
where this is being/has been done
well. Moving to a future state where
financial services make our lives better
requires heavy investment in emerging Kalpesh J. Mehta
technologies, skillsets, risk management.
To leverage disruptions players across
sectors must:
•• Think Exponential – Set bold goals and
allow failures
•• Execute Agile – Allow ideas with short
iterative sprints with empowered teams
05
Digital India | Disruptions – Security, New Technology & Our State of Readiness

Introduction
The confluence of technology, new initiatives
powering banking such as FinTech, data security, and
a progressive regulatory environment, are offering
radically new possibilities to achieve the Government’s
vision of a Digital India.

Our state of readiness - is far from ideal, as a serious

divide exists between the unserved and the served.
For financial services to make our lives better, there
are costs to be borne, but the end-goal is desirable.

Insights gleaned by us from our experience in the

industry have been reflected in this Point of View, as
we put the spotlight on the key factors that can help
achieve the vision of a progressive, responsible, and
digitally powered India.

06
Digital India | Disruptions – Security, New Technology & Our State of Readiness

07
Digital India | Disruptions – Security, New Technology & Our State of Readiness

Banking and Financial

Services: Powering services
for mainstream adoption and
balancing security of data
Introduction The vision for a Digital India requires
The financial ecosystem in India is immense interoperability between
undergoing a transformation. Trends that data, mediums, identity systems, bank
are taking root cause in financial services accounts. Leveraging Jan Dhan, Aadhaar
and emerging business models, are and Mobile (JAM trinity), for beneficiary
bringing a larger no. of people under the enrolment has been the logical next step
financial inclusion umbrella. These are in the rollout of financial services.
changing financial services delivery, and a
new financial system is emerging.

Aadhaar Pradhan Mantri Jan-Dhan Mobile Telephony

A centralized database in India
was a long standing issue. This
changed with Aadhaar, a 12-digit
biometric based unique-identity
number, issued to 1,144 Mn1
Indians (86.7% saturation)
as of August, 2017. Aadhaar
has emerged as an important
instrument in payments and in
the delivery of citizen services.
While Aadhaar has been used to
identify beneficiaries, it’s seeding
in bank accounts is not 100%.
Yojana (PMJDY) Mobile Phone penetration
Jan-Dhan Accounts were opened in India stood at 1,170 Mn3
to increase banking penetration subscribers as of March 2017.
in India and mandated at least
one basic banking account per
household. The scheme has
295 Mn2 beneficiaries as of
August 2017.

1
UIDAI portal, https://uidai.gov.in/images/StateWiseAge_AadhaarSat_24082017.pdf
2
PMJDY portal, https://www.pmjdy.gov.in/account
3
TRAI portal, http://www.trai.gov.in/sites/default/files/PR_No.37of2017_English.pdf

08

Aadhaar can have concrete impact
in beneficiary identification and
authentication; Jan Dhan accounts
seeded with Aadhaar can be used for
direct transfer into bank accounts,
reducing the dependence on cash and
related inefficiencies such as leakages;
mobile technology can be used for
information dissemination and as a
medium to conduct transactions. With
Aadhaar penetration high, Jan Dhan
Aadhaar enabled PDS – (Cashless
AePDS) being mobile phone agnostic,
is well-placed to take advantage of this
discrete identity network and target the
masses. E-Wallets are gaining popularity
due to the user’s growing comfort with
wallets. Mobile wallets are being used
for a variety of purposes with JAM trinity
and average transaction sizes for wallets
have been on a rise. Data sources and
Electronic KYC (EKYC) can do massive
back end enrolment of beneficiaries,
with people receiving credits directly
into their wallets. Other developments
in Financial Services such as Unified
Payments Interface, offering ease of use
by facilitating instant transfer of funds
to a virtual address using smartphones;
differentiated banks such as Payments
Banks, many of which possess existing
large customer bases; India-Stack,
bringing parity among players via its
open Application Programming Interface
(API) policy for five key programs; and
FinTech start-ups upending traditional
delivery models; are all set to transform
the delivery of financial services in India.
4
Payment and Settlement Systems in India: Vision-2018, Reserve Bank of India, June 2016 : https://rbi.
org.in/Scripts/PublicationVisionDocuments.aspx?Id=842
Digital India | Disruptions – Security, New Technology & Our State of Readiness
Penetrating and serving the
underserved segments & businesses
With improved prospects of tapping into
new the underserved/userved, there
is a strong business case for building
the financial services architecture at
the back-end, in a way that it is running
seamlessly.
i. Payments eco-system heft to
increase accessibility, availability,
interoperability and security in
payments
For building an eco-system of electronic
payments by reducing paper based
instruments, the Reserve Bank of India
(RBI) vision 2018 4 to develop Payments
and Settlement Systems in India focuses
on “Coverage”, “Convenience”,
“Confidence”, “Convergence”, and
“Cost”. To this end, strategic initiatives
to be undertaken by participants in the
payments industry include:
1. Responsive Regulation
2. Robust Infrastructure
3. Effective Supervision
4. Customer Centricity
These initiatives are expected to result
in a decreased use of paper based
instruments, increased users of
mobile banking, growth in
acceptance infrastructure,
increased use of Aadhaar based
payments, as well as growth
in other modes of electronic
payments.
09
Digital India | Disruptions – Security, New Technology & Our State of Readiness
1 Responsive
Regulation 2 Robust
Infrastructure
A Regulatory framework that allows for
enhanced coverage, interoperability in
payments, along with convenience and
security for end users. Some tenets of
such a framework include:
•• Framing new policies and reviewing
existing policies, to orient them with
new innovations.
•• Setting up Payments System Advisory
Council (PSAC) for industry and
Government representatives to
strengthen the consultative process.
Recommendations of the Watal
1 Responsive
Regulation 2 Robust
Infrastructure
There is an urgent need to simplify and
accelerate payments penetration in
India. Lack of sufficient IT infrastructure
and end to end digitization is leading to
challenges in driving digital payments. For
greater proliferation of digital payments,
the entire supply chain must be digitized.
To increase accessibility, availability,
interoperability and security of payments
systems, RBI has recommended:
•• Facilitating faster payments services. A
host of options have been introduced
in the market including multi device
solutions, all options on one device
e.g. a multi functionality POS, and a
more lightweight -software based
solution. While introduction of Point
of sale terminal (POS), mobile point
of sale terminal (mPOS), Near field
communication (NFC) based, Aadhaar
enabled, Mobile wallets (m-wallets),
other pre-paid instruments, Immediate
Payment Service (IMPS), National
Electronic Funds Transfer (NEFT/EFT),
Unified Payments Interface (UPI)/
Bharat Interface for Money (Bhim),
Bharat QR, Bharat Bill Payments System
5
Committee on Digital Payments: Medium Term Recommendations to Strengthen Digital Payments
Ecosystem, Ministry of Finance, GOI, December 2016 : http://mof.gov.in/reports/watal_report271216.pdf
10
3 Effective
Supervision 4 Customer
Centricity
Committee under Ratan P. Watal5 to
promote digital payments in India,
also emphasized the need for setting
up a separate payments regulator and
improving acceptance infrastructure in
India.
•• Amendments to Payment and
Settlement Systems (PSS) Act, 2007, to
ensure better governance.
•• Strengthen Financial Stability by
identifying legal entities in financial
transactions and taking steps to settle
transactions in central bank money, to
avoid credit and liquidity risks.
3 Effective
Supervision 4 Customer
Centricity
(BBPS), and online marketplaces, will
likely induce electronic payments
activity in a diverse and vast country
like India where all modes are welcome,
these options now need to be
stabilized to create trust in the minds of
participants. Payments also need to be
made scale-able for mass adoption to
become the norm. In response to this,
mobile based payment solutions are
recommended to service providers. The
back end of banking systems must be
adapted to accept any payment volume,
allowing products to scale. More
frequent settlement cycles for NEFT,
is one such recommendation to help
achieve this.
•• Improving accessibility by way of
improved acceptance infrastructure.
Significant growth in acceptance
infrastructure is seen as a primary
outcome of RBI’s vision 2018. Key
lacunae in acceptance infrastructure
are, it is currently skewed in favor
of issuers, with the issuer banks (of
POS terminals) getting majority of
Merchant Discount Rate (MDR) and
 Digital India | Disruptions – Security, New Technology & Our State of Readiness

merchant acquirers have to invest from traditional acquiring banks (as

in POS terminals, aside from paying POS aggregates the multiple solutions).
high interchange fee. As a result,
•• Promoting inter-operability across
banks issuing POS terminals are many.
providers – UPI aims at allowing
Merchant acquiring banks, on the other
customers this convenience of
hand are few in numbers. Banks are still
using payment instruments across
grappling with on-boarding merchants
service providers. Toll collection and
to penetrate for financial inclusion.
Mass Rapid Transit payments to be
Remedies that can bring merchants
made electronic in an interoperable
on board include, low cost options for
environment are also to be prioritized.
smaller merchants, merchant training
and support, using National Payments •• Enhancing safety in payments to
Corporation of India (NPCI) innovations cement customer relationships
such as Bharat QR (non-hardware
•• Eliminating paper flow in Cheque
based model). More options in the
clearing systems and complete
market imply the Merchant acquiring
migration to CTS-2010 Standards
business will see intense competition

1 Responsive
Regulation 2 Robust
Infrastructure 3 Effective
Supervision 4 Customer
Centricity

The RBI proposes: •• Strengthening the reporting framework

and monitoring fraud occurring in
•• Testing the resilience of the payments
various payment systems
and settlements infrastructure
including Financial Market •• Analyzing data emerging out of and
Infrastructures (FMIs) and System Wide publishing reports on payment systems
Important Payment Systems (SWIPS) in
the country

•• Designing the oversight framework for

new and existing payment systems, to
make the payment infrastructure more
resilient

1 Responsive
Regulation 2 Robust
Infrastructure 3 Effective
Supervision 4 Customer
Centricity

Payment options that offer customers •• Customer education and training about
& merchant’s convenience, build trust, electronic banking, fees, terms
are frictionless, put in place adequate
•• Protecting consumer interest by limiting
customer redressal mechanisms, and
his liabilities and managing risk of fraud
create awareness and education among
customers, will give the customer holistic •• Positive confirmation messages to
control over their payments experience. remitter in Real Time Gross Settlement
(RTGS), similar to NEFT
Some key tenets include:
•• Conducting customer surveys to
•• Necessary guidelines and trainings
gauge changes in payment choices of
to strengthen customer grievance
customers
redressal

11
Digital India | Disruptions – Security, New Technology & Our State of Readiness

ii. Drawing lessons from a framework •• PSD2 facilitates customer

such as European Central Bank’s convenience and protection.
(ECB’s) “Payments Service Directive 2” It mandates strong customer
(PSD2) for India authentication. Payment
PSD2 requires Banks to open their service providers are also
data infrastructure to third parties, by required to set up incident
adopting APIs to enable them to provide management procedures.
improved products and services to
•• In order to provide
customers. With PSD2 the European
consumers with convenient
Union (EU) has the chance to create an
and easy-to-use services
“EU digital single market”.
within a complex market,
PSD2 aims to ensure the efficient and
ECB6 and European Banking
regulated exchange of information
Authority (EBA) worked closely to
between players.
emphasize standards on strong
customer authentication and secure
India is on a similar growth trajectory as
communication to promote safety and
the EU in electronic payments i.e. has
efficiency of electronic payments in
diversity in banking practices, variance
the Euro. Payments Service Directive 1
in technologies adopted across the
(PSD1) has been in place since November
country, and is looking at achieving Pan
2007 and coordinates supervisory and
Indian implementation of a frictionless
oversight approaches to ensure safety
Payments system. With RBI’s Vision 2018,
and focus on consumer protection and
PSD2 creates implications for the path
rights of service providers and users.
that can be taken on home turf. Some
As the market for payments underwent
takeaways for India:
changes thereafter, the EU institutions
proposed aligning the EU and national •• By opening up their APIs, customer
legislations with the increasing no. of information that was earlier restricted
players (smaller payment companies to Banks, will now be available to a
and FinTech companies), and activities wider set of industry participants (with
of the payments industry. PSD2 was customer consensus), encouraging
put in place. PSD2 is a set of new rules greater competition, more innovation,
to protect consumers when they pay and a greater likelihood of achieving the
online and changes the “territorial” and inclusion objective.
“currency” scope of PSD1.
•• By capping interchange fee, PSD2
reduces the overall cost of a card
•• It makes cross-border payments transaction, gives a boost to digital
safer, as also increasing Pan-Europe transactions, and reduces dependence
participation in the Payments industry. on cash.
For instance, it ensures consumer
•• Seeing a consolidated customer bank
protection, even if the service provider
portfolio (across various banks), in one
is located outside the European
screen, application of analytics to real
Economic Area (EEA), or the transaction
time data monitoring allows improved
is in non EEA currencies.
advice under PSD2.
•• It promotes innovative online
payments, mobile payments, as also
increasing participation from non-
banks (increased competition).

6
The ECB cooperates with the EBA to improve the security of electronic payments in
Europe, European Central Bank, February 2017: https://www.ecb.europa.eu/paym/pol/
shared/pdf/20170223_ECBcoopEBAimprsecelpaym.pdf

12

iii. Ensuring security of sensitive data
leveraged for Digital Financial Services
(DFS), while also facilitating its use
Engagement models of the future are
riding on the back of huge amounts
of emerging Data, as we move rapidly
to digitization. Although data is a
competitive resource (access to data will
lead to more products, opportunities
to cross-sell to better drive customer
engagement, greater competition, lower
cost innovations) and has a lot of scope,
data breaches are on the rise. These
breaches will likely grow as sophisticated
threat vectors emerge and attack severity
Some important considerations towards ensuring data security are:
Evolving Infrastructure
Security infrastructure needs to
keep evolving, as the focus on threat
prevention increases
Data-Ownership
Customer expectations on defining
ownership of data are evolving
iv. If DFS needs to grow exponentially,
it’s pricing needs to be appropriate
The Government’s vision of a Digital
India entails DFS be made available to
all. If DFS is to become mainstream, we
cannot ignore the ever-present “pricing”
question. Pricing DFS needs to be correct
to drive uptake, spurring the need for
the right pricing models. India, by virtue
of it’s price-sensitive character, calls for
Digital India | Disruptions – Security, New Technology & Our State of Readiness
increases. Ensuring data security and
protecting consumer interests is critical
for keeping in-tact reputational risk of
service providers, while also mining
new revenue streams. There is an
urgent need for security protocols to
minimize breaches. We need to raise the
bar on security methods by increasing
our defenses and reducing attacks.
Companies that are generating insights
using data, while have the promise of
efficiencies, their success will depend on
their ability to offer/leverage solutions
which can encrypt and secure data.
Analytics for fraud detection Customer Awareness
DFS will have potential for misuse, but A part of ensuring security is creating
analytics can be leveraged to avoid awareness among users
frauds
Cost of Security
Data Security isn’t free and needs
to be factored into the cost of a
digital transaction. Digital audits and
forensics must claim a larger share of
digital spend and become a CFO level
agenda
customization of products and prices,
else it risks low accessibility of DFS. The
product mix selected by customers
will largely be impacted by pricing. For
instance, due to the costs associated with
card based payments, a push toward
mobile phone based payments was done
on the back of IMPS.
13
Digital India | Disruptions – Security, New Technology & Our State of Readiness

Amidst these developments, can growth be inclusive and percolate to the lowest
segments?

Few illustrative digital applications across the spectrum

Improved prospects for Credit Decisioning

Traditional lending methods are data across ecosystem partners), and

unable to serve people with limited
credit data i.e. credit score/history,
especially underbanked individuals. Low
penetration of retail and Micro-Small
and Medium Enterprises (MSME) credit
is causing a huge credit gap in the MSME
segment. This lacunae is being looked at
as an opportunity by new-age lenders,
given the applications of vast amounts
of emerging data and the exponential
benefits in analyzing it in a digital
environment. Customer insights are
paving the way for “data driven” revenue
models, in the face of unsustainable
“transaction-only” revenue models. Data
helps tapping into customer behaviors.
By drawing out unique patterns from
micro data, adding data-points (service
providers are also linking customer
the application of technologies, lenders
can increase the quality of the loan
being disbursed, and reduce costs of
disbursing these loans (efficient customer
acquisition, approval, servicing).
Alternate lenders, including Person to
Person (P2P) platforms, credit scoring
platforms, and marketplace platforms
are being able to address credit needs of
underserved segments by harvesting rich
customer data, using analytics to detect
key patterns from these data sources,
building credit profiles of customers in
minutes and, providing actionable credit
decisioning. By making more accurate
risk predictions based on data and
technologies, loan approvals are likely to
be quick, in real-time, and at a fraction of
the current costs.

14
 Digital India | Disruptions – Security, New Technology & Our State of Readiness

Direct Benefit Transfers (DBT)

Cashless payment in DBT is likely to:

1 4
Incentivize merchants to deliver better quality of Beneficiaries have a wider choice of goods and
goods sold in the open market, at market prices unused amounts can be carried over

2 5
The right amount of entitlement that is to be Leakages in the transfer of subsidies are
credited to a beneficiary can be identified eliminated (due to end to end digitization of the
supply chain)

3 6
Subsidies that were earlier being transferred Beneficiaries can avoid the hassle of physically
to the same beneficiary repeatedly, will now be withdrawing cash, the subsidy amounts will be
transferred only once used for the intended purpose only

Payment Banks (PBs)

Due to their dependence on, and need
to generate “transaction based income”,
PBs are being forced to come up with
innovative methods to be inclusive,
e.g. focus on biometric authentication
to bring down the cost of customer
acquisition, forge partnerships with
Banks, FinTech companies to expand
product offerings, and use Aadhaar for
payments (using a smartphone with in-
built biometric scanner).

Conclusive Remarks customer demands. Market participants

An interoperable platform by way of
JAM trinity, other developments such
as UPI, use of analytics in lending
have been adequately leveraged by
providers of financial services, for
greater proliferation. Upcoming releases
of products and services by service
providers will be largely keeping with
that focus on data security and invest
in improved infrastructure are likely to
dominate the agenda. PSD2 has some
key takeaways in the Indian context and
to that end, the regulator is an important
catalyst driving change, and in taking
financial services to the lowest segments.

15
Digital India | Disruptions – Security, New Technology & Our State of Readiness
Digital disruption:
Trends, exponential
technologies and challenges
Introduction
We are in the era of digital disruption
wherein constant change is the new
normal. Adapting to increasingly digital
market environments and taking
advantage of digital technologies to
improve business are important goals
for nearly every contemporary business.
The rate of technology change and its
convergence is accelerating exponentially,
thereby making it difficult for excecutives
to understand its implications to
their industry and organizations. The
digital interventions of social, mobile,
analytics, big data and cloud technologies
are laying the foundation for any
tranformation today. When these are
Figure 1: Emerging Future Scenario
Web
Digital Bank
Cloud
Mobile
Remote Healthcare
Social
Analytics
Blockchain
16
combined with exponetial technologies
like robotics, cognitive computing,
internet of things, blockchain, drones,
3D priniting and autonomous vehicles,
the impact is profound. This will lead
to emergence of multiple disruptive
scenarios adding pressure on business
leaders to understand their implications
and respond quickly. Some of these
future scenarios include digital banks,
P2P lending, remote healthcare, robo-
advisory, digital citizen and many more as
illustrated in Figure 1:
Ecosystem
P2P Lending
Robo-advisory
Digital Citizen
Cognitive
Systems
RPA
Digital disruption and exponential
technologies are blurring the lines from
an industry perspective, with leading
practices and learnings from one industry
being applied to other industries. In
India, the financial sector has been at the
fore front of leading the way in terms of
digital adoption, however, other sectors
like healthcare, manufacturing and
government are catching up fast. In this
chapter we will explore how organisations
are reinventing themselves through
innovative business models, achieving
growth & profitability, and bringing
in efficiencies in their operations, by
tapping into some of these exponential
technologies.
3D
Printing
Drones
Internet of
Things
Open
APIs
Digital Intervention
Exponential Technology
Disruptive Future Scenario

Blockchain
Blockchain is being widely debated
and has become the new buzz word
for multiple industries, especially
banking. Banks across the country have
successfully initiated collaboration
with specialized firms (FinTech) and/
or consulting firms, to build proof-of-
concepts and explore various potential
use-cases. This implies how seriously
banks are considering blockchain
technology and how eager they are to
understand the ways this technology can
help reinvent business models or address
some of their pain points.
In the recent past, aggregators like Uber
and AirBnB have disrupted mainstream
businesses by redefining business
models. Blockchain has a potential to
disrupt these disruptors since it removes
the need of intermediaries in doing
business.
Figure 2: Potential use cases for blockchain7
Use Case
Smart Identity
Cross Border
Payments
Vendor Financing
Customer Loyalty
Program
Time consuming, Intermediary fee,
Syndicated Loans
manual
7
https://www2.deloitte.com/in/en/pages/strategy/articles/blockchain-in-banking.html
Digital India | Disruptions – Security, New Technology & Our State of Readiness
Banks are continuously exploring
new ways to perform transactions
faster, for enhanced customer service,
while ensuring cost efficiency in their
operations, and assuring transparency
to their customers and the regulators.
For this, blockchain potentially provides
a solution for banks as it inherently helps
eliminate intermediaries, maintains
an immutable log of transactions, and
also facilitates real-time execution of
transactions. This could potentially
optimise the TAT for banking
transactions, reduce costs of manual
work, and enhance customer experience.
Like any other industry, choosing the
right ‘use case’ is the key for banks to
leverage the full value of blockchain.
Current Pain Point Blockchain Solution
Time consuming, manual, insecure, Automated, Less compliance errors,
fragmented & broken real-time, secure & self-managed
Quick, cheap, data rich,
Time Consuming, high cost, non- frictionless, immutable,
transparent transparent
Manual, Time consuming, lack of trust Automated, real-time, immutable
Standardized reward tokens,
Lack of interoperability, Delayed
Instant gratification & real time
gratification & limited redemption
tracking
Faster syndicate formation,
automated, quick
17
Digital India | Disruptions – Security, New Technology & Our State of Readiness

A leading private sector bank in India has
implemented a multi-nodal blockchain
transaction to fully digitize vendor
financing for a consumer electrical
equipment manufacturing company.
The implementation has been done on a
blockchain-based smart contract written
by a FinTech start-up. The solution also
leverages IBM Watson Conversation, a
cloud-based cognitive service, to enhance
the digital experience of partners,
corporate clients and developers.
Kotak Mahindra Bank has partnered
with Deloitte to enable end to end trade
financing for one of its clients by utilizing
blockchain technology, thereby reducing
the time taken for a letter of credit (LC)
to few hours from 20 to 30 days. It not
only eliminates data duplication, but
also integrates data to a central cloud-
based access system for participants in a
transaction.
Though blockchain is a powerful solution,
it is still in its exploratory stage and
comes with its own set of challenges
which include:
1. Non – clarity around regulatory status:
Few of the blockchain use cases
involve usage of cryptocurrency.
Such transactions require changes in
regulations from government bodies
like RBI. While regulators are required
to drive adoption of blockchain, they
also need to be part of a blockchain
network to get visibility from a
regulatory compliance perspective.
Hong Kong Securities and Futures
Commission is working with member
banks and technology providers to
test online ledgers to record and settle
securities and futures transactions.
2. Integration procedure and change
adoption: Blockchain applications
offer solutions that require significant
overhaul of existing systems. In order
to make the switch, companies must
strategize the transition.
3. Cost: Blockchain offers tremendous
savings in transaction costs and time,
but the initial cost of investment in the
technology might be high.
Though the potential of blockchain is
widely claimed to be at par with early
commercial Internet, it is important
that firms understand the key features
of the technology and how it can solve
current business issues. Companies need
to identify opportunities, determine
feasibility and impact, and test proof of
concepts. This will involve answering a
series of fundamental questions related
to the dynamics of transactions and
regulations underlying the transaction.
Lastly, due to lack of any precedence,
firms will have to opt for a trial-and-error
approach, either through internal trials or
partnering with a specialized firm.

18
 Digital India | Disruptions – Security, New Technology & Our State of Readiness

Robotic Process Automation (RPA)
According to World Economic Forum
report titled Future of Jobs, more than
5 mn jobs will be lost to Automation,
Robotics and Artificial Intelligence by
2020 across the globe, and 2/3rd of these
will be in the office and administrative
sectors. The global RPA market is
expected to experience a 60% CAGR
through 20208.

Figure 3: Robotic Process Automation market evolution9

Within 10 Years
Projected 2020
~$ 5B
ITA RPA Market
Dependence on
Global Horizontal
Category Machine
Learning Platforms
Today
Current Golbal IT Widespread
$ 800M Cognitive
RPA Market
Augmentation
Early Capable and Automation
Stage RPA
Early Cognitive
Solutions
Stage Legend
Deployed
BPM RPA
Systems Industrial Revolution
2st Industrial 3st Industrial
1 Industrial
st
Early Stage Technology
Revolution Revolution
Revolution
Mature Technology
1700s
Future Event

RPA tools evolved quietly over the last
decade, but have now reached a level
of maturity where process automation
is possible at a significant scale. In
most organizations, there are many
routine processes performed manually
that lack the scale or value to warrant
automation via IT Transformation, but for
which macros and other such desktop
automation tools are too limited to
effectively address the issues. RPA can
fill this gap by reducing the ‘minimum
viable scale’ of process automation as
compared to its traditional counterparts.
Organizations using RPA solutions
typically achieve operational efficiencies,
improved quality, cost reduction,
decreased cycle times and improved
throughput. Automated processes
provide flexibility to change quickly,
ability to scale-up exponentially and
produce valuable audit trails for
regulatory compliances10. With improved
accuracy, operations can now be carried
out round the clock. It results in improved
employee morale as employees are freed
from mundane jobs and redeployed for
value creation.
Digitization of white collar jobs via
robotic and cognitive automation, and
advances in data science have sparked
a mini revolution of sorts. RPA when
applied at the right scale, can be truly
transformative for organizations however
it is important to identify the right
candidates for automation, clearly define
the success criteria and build a business
case with expected ROI articulated. It
is important to drill down to various
attributes while identifying a process for
automation and analyse them from ease
of implementation vs. benefits point of
view.

8
http://www.transparencymarketresearch.com/pressrelease/it-robotic-automation-industry.htm
9
https://www.km.deloitteresources.com/sites/live/crossfunctional/_layouts/DTTS.DR.KAMDocumentForms/KAMDisplay.aspx?List=26eeb191-7a3b-4609-9f91-
b8fa5fc169f0&ID=844856
10
https://www2.deloitte.com/in/en/pages/finance-transformation/articles/robotics-cognitive-influencing-finance.html

19
Digital India | Disruptions – Security, New Technology & Our State of Readiness

A leading private bank in India Cognitive Computing

implemented RPA across 200 processes
across the organization, including Retail
Banking Operations, Agri-Business,
Trade & Forex, Treasury and Human
Resources Management, among others.
Today, robots are processing over 10
lakh transactions daily, bringing in
unparalleled operational efficiency,
higher accuracy, and a massive reduction
in processing time for customer
services11.
Another large bank deployed a full
Robotics Process Automation (RPA)
implementation using 100 robots running
18 processes to handle more than 85,000
requests each week. The output capacity
delivered by the robots was equivalent to
roughly 230 Full-time equivalents (FTE)
delivered at 30% of the cost of recruiting
more staff. Additionally, two of the top
five quality fails were eliminated following
the introduction of robots.
Today, cognitive technologies working
alongside the existing ERP systems and
robotics can upend operational finance
and bring about unprecedented speed,
agility, and transparency to processes.
Examples of cognitive technologies
include computer vision, machine
learning, natural language processing,
speech recognition, and robotics.
This technology provides significant
advantages such as cognitive automation,
cognitive insights and cognitive
engagement.
Cognitive Computing is “a self-learning
system that uses data mining, pattern
recognition, and natural language
processing to mimic the way the human
brain works. The goal of cognitive
computing is to create automated IT
systems that are capable of solving
problems without requiring human
assistance”12.

Figure 4 : Cognitive Systems mimic and learn like humans

Learn and Apply Context

Improve and Interact •• Continually learn and
improve performance based
on feedback
•• Discern an expression’s
Identify Recognize and meaning based on contextual
Semantics Understand cues
•• Draw relationships between
unrelated concepts to make
sense of a situation
•• Leverage handwriting, voice
Reason and
Make Decisions and image recognition to
Process Data
ingest and process data

https://www2.deloitte.com/content/dam/Deloitte/in/Documents/finance-transformation/in-ft-crunch-time-future-of-finance-in-digital-world-noexp.pdf
11

https://www.ibm.com/think/marketing/things-you-can-do-with-cognitive-computing-right-now/
12

20

Natural Language Processing (NLP) is
extensively being tested in generation of
Flash Profit & Loss Reports, Profitability
Analysis, R&D Spends, Sales/Margin
Reports, Credit Reporting, FP&A and
related areas. NLP can present contextual
narratives for these, which give the
consumer easy to digest and actionable
insights. Natural Language Generation
(NLG) includes significant analysis,
inferences, and generating meaningful
insights for the user.
Machine learning is increasingly being
used for internal audit, with a Cognitive
BOT in the audit team, the auditors
can analyse an entire set of accounting
journals. Machine learning can aid in the
Financial Planning & Analysis functions.
The key aspect of planning is to obtain an
accurate understanding and prediction of
sales volumes. Machine learning has the
potential to improve various processes
such as Powerful Trend Analysis, Forecast
Accuracy, Dynamic Forecasting and
Interactive self-service. Tools have been
developed that use machine learning
technology to scan electronic papers,
automatically identify and extract key
accounting information from a wide
range of documents such as contracts,
policies, agreements, purchase orders,
sales orders, commercial invoices, etc.
A major challenge faced in
implementation of Cognitive technologies
is the cross-disciplinary support required
to develop and manage the technological
and analytics platform. New skills, as
well as technology patterns are required
in the Finance organization. Cost of
implementation for full-scale roll out to
gain potential ROI from cloud computing
is also a major concern for companies.
There are also significant legal and
privacy concerns while dealing with data
that people perceive as personal13.
A leading financial services group in Asia
collaborated with Kasisto, to launch a
virtual assistant for Digibank, its “mobile
only bank” in India. Its conversational
13
http://www.kmworld.com/Articles/Editorial/Features/Cognitive-Computing---Part-3--Challenges-and-lessons-in-cognitive-computing-116517.aspx
14
http://kasisto.com/ai-driven-virtual-assistant-from-kasisto-powers-indias-first-mobile-only-bank/
15
https://www.km.deloitteresources.com/sites/live/consulting/KAM%20Documents/All%20Consulting/KMIP-4273044/2016_Robo%20Advisory%20Insights_
final.pdf
Digital India | Disruptions – Security, New Technology & Our State of Readiness
AI platform powers customizable
virtual assistants that enable banks to
engage with their customers. Digibank
customers can open an account quickly
and effortlessly using just their Aadhaar,
at any of the partner-network of cafes
across India. Now it is extending the same
services for MSME segments14.
Deloitte has deployed a cognitive
automation solution to automate
extraction and analysis of structured and
unstructured data stored in disparate
systems. It is capable of ingesting
documents in various formats via a web
interface and rapidly processing them
centrally. It provides clients with relevant
insights on large amounts of information
to make informed decisions.
Automated Wealth Management – The
service sends the customer a mix of pre-
defined investment products based on
an individual risk assessment. There are
standardized algorithms that monitor the
portfolio allocation on an ongoing basis.
Thus, based on the license that the Robo-
Advisor works on, reallocation is done on
a monthly or annual basis15.
Open APIs
APIs have grown drastically over the last
few years. While the ability to connect
to digital resources using APIs is not a
new feature, the emergence of digital
platforms, mobile computing, lower cost
of data storage, automation has just
transformed the way information can be
made available and exchanged, leading to
faster evolution of the API ecosystem.
Banks have also realized they need to
move beyond products and reinvent
themselves by helping customers
make informed decisions. Through
APIs, banks now have the potential to
create an ecosystem of value added
services and emerge as “banks of the
future”. By 2020, it is projected that
50% of B2B collaboration would happen
through APIs.
21
Digital India | Disruptions – Security, New Technology & Our State of Readiness
In a quest to create this ecosystem,
banking platforms are evolving from a
closed to open banking model which
involved shared use of bank products,
Figure 5: Evolution on Open Banking
Shift
Bank
Customer, Client, Bank
Product Data
Closed Banking
Limited data sharing,
Monolithic business model
This ecosystem will allow customers to
make personalised comparisons between
accounts at different providers. This will
help them choose which account would
be best for them. It will also allow banks
to provide better offers on products.
Opening up this data to third parties
would clearly level the playing field.
Moreover, armed with customer banking
data, both banks and third parties could
ultimately offer new propositions such
as money-management and budgeting
tools. Open banking, therefore, could
lead to customers performing all their
banking activities at different banks,
using a third-party application that
22
services, functions and data with 3rd
parties to add additional value and create
new business models.
Retail
Customers Aggregators
Bank Wallets
Govt. Utility
Open Ecosystem
Bi-directional data sharing
Disturbed business model
Banking as a platform
provide data-enabled tools to help them
manage and optimise their finances.
Open APIs give banks in India
an opportunity to increase their
geographical boundaries, create value
added services and monetize their
business assets by partnering with
FinTech companies, NBFCs, payment
banks and retailers. In November 2016,
Citibank launched an API developer hub,
which expanded developer access to APIs
across several categories. Wells Fargo
also expanded access to APIs, but it is
invitation-only at this point in time.
 Digital India | Disruptions – Security, New Technology & Our State of Readiness

The BHIM app. also leverages this API
ecosystem wherein it is a one stop shop
for all the UPI based payments. If one has
signed up for UPI-based payments on
their bank account, which is also linked
to the mobile phone number, the BHIM
app. can be used to carry out digital
transactions.
Data privacy regulations have been quite
stringent in some of the countries and
factoring them in APIs becomes quite
challenging. In India, “right to privacy”
is becoming a prominent ask by citizens
and the government is taking a serious
look at it. The regulation and laws around
data privacy are still evolving, and hence
the API frameworks need to be designed
in such a way that they keep pace with
changes without compromising on
flexibility and agility.
Think Big, Start Small and Scale Fast
It is highly challenging to keep up with
the changes wrought by exponential
technologies. Some of these technologies
might seem like a buzz word at the
moment, however, they are here to
stay and it is a matter of time before
they become part of the mainstream.
Organisations that have adapted the
digital and exponential technologies
are rapidly disrupting the traditional
businesses. The key characteristics that
set these organisations and business
leaders apart are:
•• Ability to create value through
ecosystem, network, and platform
based business models
•• By being multi-modal i.e. ability to
manage different velocities of change
within your organization

•• Inculcating a culture of innovation

By providing their APIs to third parties,
imbibing the principles of fail-fast and
banks are exposed to a greater risk of
learn-fast
cyberattacks and can no longer hide
their critical applications behind firewalls.
By embracing exponential and digital
On the other hand, banks will have
technologies, organization will not only
difficulty in maintaining their own strict
achieve growth, operational efficiencies
security requirements. Banks will still be
and customer centricity, but also stay
responsible for customer data ownership
ahead of the competition. This is the
which makes them liable for third party
right time for business leaders and
failures as well.
organisation to identify opportunities
and invest in innovation that can benefit
Although, open APIs give a plethora of
from the exponential technologies.
opportunities to banks to change their
value propositions, banks will need to
use customer data in innovative and
more individually tailored propositions.
Adapting to a digital marketplace also
requires more than simply upgrading
IT architectures and embracing new
technologies. To succeed, banks will
need to reshape their organisational
structures and cultures to a significant
extent. Innovation will need to be
placed at the very heart of the business,
and be encouraged at all levels of the
organisation. In addition to addressing
these issues, banks will also face the
cultural challenge of working within an
ecosystem with FinTech companies and
other tech-enabled firms.

23
Digital India | Disruptions – Security, New Technology & Our State of Readiness

24
Digital India | Disruptions – Security, New Technology & Our State of Readiness

25
Digital India | Disruptions – Security, New Technology & Our State of Readiness

Evolving Role of Regulator

in Digital India
Introduction
The Banking and Financial Services
Industry (BFSI) has been witnessing vast
disruptions, as detailed in the previous
section. Emerging technologies such as
Blockchain, Robotic Process Automation,
Cognitive Computing, Cloud based
Technologies, Biometric etc., have
increased cyber security risks across the
banking industry.
Further, the emergence of FinTech
entities, including prepaid instrument
providers, Payment Solution providers,
Digital Lending companies, Account
Aggregators, Data Analytics solution
providers, Social Network based payment
service providers, Telecom companies
providing integrated payment solutions
etc., has seen a wide spread increase in
the recent past.
These entities today collect significant
amount of customer’s personal sensitive
data at various stages, as mentioned
below:

Various stages for collecting customers personal data

Customer On-
Personal identity information at the time of customer on-boarding
boarding

E-KYC exercise Biometric details as a part of e-KYC exercise

Transaction
Holds records of customer’s transaction history, spending pattern and habits
history

Execution of
Collects various other information on a day to day basis for executing transactions
transactions

Accordingly, it is imperative for the
financial institutions to ensure protection
of customer’s personal data and use
it as per the customer’s consent. The
entities also need to ensure adherence to
extant laws and regulations issued by the
Government and the Banking Regulator,
Reserve Bank of India.
While the financial services space
has a larger impact considering the
sensitiveness of customer data that
is collected, in the current scenario,
industries such as telecom, healthcare,
social networking etc., also collect /
have possession of customer's personal
data. Similarly, various Government and
quasi Government agencies also collect
personal data for the purpose of various
social welfare schemes. Accordingly, it is
critical for these entities as well, to ensure
the protection of sensitive customer data.
Current Statutory and Regulatory
Environment on Data Governance in
BFSI
Statutory Laws enacted by the
Government of India
While there is no separate act currently
on Data Privacy and Data Protection, India
has enacted the Information Technology
Act, 2000 under which the rules on
“Information Technology (Reasonable
security practices and procedures and
sensitive personal data or information)
Rules, 2011” have been issued16
The provision requires a body corporate
who 'receives, possesses, stores, deals,
or handles' any ‘sensitive personal data’
to implement and maintain ‘reasonable
security practices’, failing which they are
held liable to compensate those affected.
Majorly, the rules require that the body
corporates collecting sensitive personal

16
Website of Ministry of Electronics and Information Technology, http://meity.gov.in/cyber-security
26

information of customers shall disclose
to their customers, that information is
being collected and for what purpose the
same will be used. Obtaining consent of
the provider of information is a critical
requirement of the rules. Further it also
requires that the body corporates must
implement reasonable security practices
to ensure protection of data collected
from their customers.
Regulations issued by the Reserve Bank
of India
RBI had, in 2011, formed a working group
on Information Security, Electronic
Banking, Technology Risk Management
and Cyber Frauds, and based on the
recommendations of the committee,
has issued guidelines on nine broad
areas across IT Governance, Information
Security, IS Audit, IT Operations, IT
Services Outsourcing, Cyber Fraud,
Business Continuity Planning, Customer
Awareness programmes and Legal
aspects.17
The guidelines require that each Bank
shall have a Board approved information
security policy. Among other things,
they require that Banks shall classify the
information based on their sensitivity
and criticality, and accordingly implement
appropriate security measures to ensure
protection of such information.
Further, RBI has also issued guidelines on
the Cyber Security Framework in Banks
in 2016, which emphasises on a Board
Approved Cyber Security Policy and
Cyber Crisis Management Plan covering
Detection, Response, Recovery and
Containment.18
RBI has also issued guidelines to Non
Banking Finance Companies (NBFC) on the
Information Technology and Information
Security Framework.
Currently, there are no defined guidelines
issued by the RBI to FinTech Entities such
as payment service providers, prepaid
17
https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=6366&Mode=0
18
https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=10435&Mode=0
19
http://meity.gov.in/writereaddata/files/MeitY_constitution_Expert_Committee_31.07.2017.pdf
20
http://meity.gov.in/draft-rules-security-prepaid-payment-instruments-under-provisions-it-act-2000
Digital India | Disruptions – Security, New Technology & Our State of Readiness
instrument service providers on Data
Protection, Information Security or the
Cyber Security framework.
Recent Steps by the Government /
Regulators
Government of India, has on 31 July 2017,
constituted a Committee to deliberate on
the data protection framework for India
and submit a report on the same by 30
September 2017. The committee shall
look at aspects such as data sovereignty,
data retention, and responsibilities of
the Government, companies as well as
individuals while handling third party
data. The Committee shall make specific
suggestions for consideration of the
Central Government on principles to be
considered for data protection in India,
and suggest a draft data protection bill.19
Further, under the provisions of
Information Technology Act 2000, the
Government has also issued draft rules
for the Security of Prepaid Payment
Instruments in March 2017, which
emphasise on the following key aspects:20
•• Protection of personal information
•• Contractual arrangements to
ensure that merchants handling any
authentication data have security
measures in place to protect personal
information.
•• Customer identification and
authentication, both at the time of issue
of Prepaid Instrument (PPI), and at the
time PPI is accessed by customer, or
when a payment is initiated.
The Government of India plans to enact
a separate law on Data Protection and
Data Privacy by the end of 2017, which
is expected to create a robust legal
framework.
While the Reserve Bank of India, has
issued guidelines on information security
and cyber security for Banks, such a
regulation is not available currently for
other FinTech entities. However, the RBI
27
Digital India | Disruptions – Security, New Technology & Our State of Readiness

has recently issued draft guidelines for states and territories. California alone
prepaid instrument service providers, has more than 25 state privacy and data
which among other things, seek to security laws.
address the following:
In addition, the large range of
•• Adequate information and data security
companies regulated by the Federal
infrastructure
Trade Commission (FTC) are subject to
•• Security operations centre
enforcement if they engage in materially
•• Vendor risk management
unfair or deceptive trade practices. The
•• Data loss prevention
FTC has used this authority to pursue
companies that fail to implement
Comparative Regulatory Environment
reasonable minimal data security
in other Geographies
measures, fail to live up to promises in
European Union
privacy policies, or frustrate consumer
EU superseded the Data Protection
choices about processing or disclosure of
Directive with the General Data Protection
personal data.23
Regulation (GDPR) in 2016 and the same
Regulation will be enforceable from 2018.
Asia
The Regulation will be applied to all 28
Japan introduced a separate central
of the European Union members. Data
legislation for protection of data as the Act
processors will be held under the law
on the Protection of Personal Information
which would include individuals, as well as
(APPI).24 The Act took partial effect in
companies processing bulky data.21
2016 and has been enforceable from
May 30, 2017. The law defines the scope
In common with the rest of the European
of the legislation and states on whom
Union, the United Kingdom will adopt
the law is applicable under Article 2-4 of
the General Data Protection Regulation
the APPI. As per the Act, it is applicable
(GDPR) from May 2018. When the United
to four entities - state institutions, local
Kingdom leaves the European Union,
public bodies, independent administrative
it will be free to adopt its own data
agencies, and an entity not having over
protection laws.
5,000 individuals’ personal information
for more than six months. Similar to the
In Germany, the main legal source of data
EU law, consent of a data subject forms
protection is the Federal Data Protection
the essence of the legislation, and has
Act (BDSG). Additionally, each German
been stated as mandatory in case of
state has a data protection law of its own.
transmitting data to a third party, or for
In principle, the data protection acts of
any use beyond communication purposes.
the individual states intend to protect
personal data from processing and use by
China has recently passed a Cyber
public authorities of the states, whereas
Security Law in November 2016, which
the BDSG intends to protect personal
will come into force from June 2017. The
data from processing and use by federal
new law, introduces a range of new rules
public authorities and private bodies.22
relating to networks and online activities
in the People’s Republic of China,
United States
including enhanced data protection/
The United States has about 20 sector
security obligations.25
specific or medium-specific national
privacy or data security laws, and
Singapore enacted the Personal Data
hundreds of such laws among its 50
Protection Act 2012 on 15 October
2012. The Act has extraterritorial

21
http://www.eugdpr.org/
22
https://www.gesetze-im-internet.de/englisch_bdsg/
23
https://www.ftc.gov/
24
https://www.ppc.go.jp/en/
25
http://thediplomat.com/2017/06/chinas-cybersecurity-law-what-you-need-to-know/
28

effect and so applies to organisations
collecting personal data from individuals
in Singapore, whether or not the
organisation itself has a presence
in Singapore. The data protection
obligations under the Act do not apply to
the public sector, as separate rules apply
to the public sector.
An analysis of the above indicates that
many countries have recently updated /
enacted laws on data protection and data
privacy and the emphasis seems to be
on obtaining consent of the customer on
collection and utilization of sensitive data,
and establishing a reasonable security
framework to ensure protection of such
data collected from customers.
Conclusive Remarks
Recent amendments to the Information
Technology Act 2000, formation of a
committee by the government of India to
deliberate on data protection framework,
RBI’s guidelines on cyber security
framework for Banks are steps in the right
direction to enhance the legal / regulatory
framework on Data Protection.
Hon’ble Supreme Court of India has on
24 Aug 2017, held that right to privacy is
a Fundamental Right and it is protected
under Article 21 of the Constitution of
India. This judgment is expected to have
a significant impact on the proposed legal
framework on Data Privacy and Data
Protection.
Next steps may include enactment of laws
on Data Protection, covering the entire
landscape of Government Agencies,
Banks and Financial Service Providers,
FinTech Entities, Telecom, Healthcare,
Social Networking and Communication
Applications, integrated with Payment
Services, among others.
The following may be the next steps in
the right direction, to enhance the data
protection framework:
•• Enhancing the regulatory framework on
cyber security and data protection for
Payment Service Providers as envisaged
under the draft regulations issued
Digital India | Disruptions – Security, New Technology & Our State of Readiness
•• Regulatory framework on cyber security
and data protection at par for Banks,
NBFC’s and other FinTech Entities
While enactment of laws and regulations
would be the way forward, the success
or failure of such implementation may
depend on the following aspects:
•• India, being a country with a large
population, is one of the most diverse
countries across socio – cultural factors,
and in its demography. Accordingly,
any central law should consider the
impact of such diversity on successful
implementation.
•• The central government and various
state governments / their agencies have
been collecting personal data of citizens
on various occasions for multiple
purposes, either for social welfare
schemes (pension schemes, subsidies,
scholarships etc.), or for creating
databases for various purposes (voter
database, income tax permanent
account number, Aadhaar database
etc.,). Therefore any legal framework
that will be created should address the
potential risks emanating from such
welfare programmes and protecting the
personal information of citizens.
•• Usage of internet and digital based
payments has witnessed a wide
spread increase recently due to the
penetration of mobile networks into
rural India and the encouragement
provided by the government / Banks for
increased usage of digital payments.
Hence, creating awareness among the
citizens, particularly in rural India, on
the risks of sharing sensitive personal
data and making them aware of their
rights pertaining to protection of data
shared, will be the key to the successful
implementation of any legal framework.
29
Digital India | Disruptions – Security, New Technology & Our State of Readiness

Glossary
AePDS Aadhaar enabled PDS

APPI Act on Protection of Personal Information

API Application Programming Interface

BDSG Bundesdatenschutzgesetz (Federal Data Protection Act, Germany)

BPPS Bharat Bill Payments System

BFSI Banking and Financial Services Industry

BHIM Bharat Interface for Money

B2B Business to Business

CFO Chief Financial Officer

CAGR Compound Annual Growth Rate

DFS Digital Financial Services

DBT Direct Benefit Transfers

EKYC Electronic KYC

EBA European Banking Authority

ECB European Central Bank

EEA European Economic Area

EU European Union

FMIs Financial Market Infrastructures

FTC Federal Trade Commission

FTE Full Time Equivalents

GDPR General Data Protection Regulation

IMPS Immediate Payment Service

IS Information Security

IT Information Technology

JAM Trinity Jan Dhan, Aadhaar and Mobile

KYC Know Your Customer

LC Letter of Credit

M-Wallets Mobile wallets

MDR Merchant Discount Rate

MSME Micro-Small and Medium Enterprises

M-Wallets Mobile Wallets

30
 Digital India | Disruptions – Security, New Technology & Our State of Readiness

MPOS Mobile Point of sale terminal

NBFC Non-Banking Finance Company

NEFT National Electronic Funds Transfer

NLG Natural Language Generation

NLP Natural Language Processing

NPCI National Payments Corporation of India

NFC Near Field Communication

NBFC Non-Banking Finance Company

PSS Payment and Settlement Systems

PBs Payment Banks

PSD1 Payments Service Directive 1

PSD2 Payments Service Directive 2

PSAC Payments System Advisory Council

PRC People’s Republic of China

P2P Person to Person

POS Point of sale terminal

PMJDY Pradhan Mantri Jan-Dhan Yojana

PPI Pre-Paid instruments

RTGS Real Time Gross Settlement

RBI Reserve Bank of India

RPA Robotic Process Automation

SWIPS System Wide Important Payment Systems

TAT Turn Around Time

UPI Unified Payments Interface

31
Digital India | Disruptions – Security, New Technology & Our State of Readiness

Additional References
1. https://www.automationanywhere.com
2. https://www.uipath.com/automate/robotic-process-automation
3. https://www2.deloitte.com/content/dam/Deloitte/ch/Documents/manufacturing/ch-en-manufacturing-industry-4-0-24102014.pdf
4. https://dupress.deloitte.com/dup-us-en/deloitte-review/issue-16/cognitive-technologies-business-applications.html
5. https://www2.deloitte.com/in/en/pages/strategy/articles/future-of-banking.html
6. https://www2.deloitte.com/us/en/pages/deloitte-analytics/solutions/cognitive-analytics.html
7. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/process-and-operations/us-sdt-process-automation.pdf

32
 Digital India | Disruptions – Security, New Technology & Our State of Readiness

Acknowledgements
Kalpesh J. Mehta

Monish Shah

Ashvin Vellody

Himanish Chaudhuri

We would also like to acknowledge the contribution of

Bhaskar Tondale, Mayank Rausaria, Rabani Gupta, Rami Reddy

Deloitte Touche Tohmatsu India LLP

For further information you may write to us at :
[email protected]

33
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK
private company limited by guarantee (“DTTL”), its network of member firms,
and their related entities. DTTL and each of its member firms are legally
separate and independent entities. DTTL (also referred to as “Deloitte Global”)
does not provide services to clients. Please see www.deloitte.com/about for a
more detailed description of DTTL and its member firms.

This material is prepared by Deloitte Touche Tohmatsu India LLP (DTTILLP).

This material (including any information contained in it) is intended to provide
general information on a particular subject(s) and is not an exhaustive
treatment of such subject(s) or a substitute to obtaining professional
services or advice. This material may contain information sourced from
publicly available information or other third party sources. DTTILLP does
not independently verify any such sources and is not responsible for any
loss whatsoever caused due to reliance placed on information sourced
from such sources. None of DTTILLP, Deloitte Touche Tohmatsu Limited, its
member firms, or their related entities (collectively, the “Deloitte Network”)
is, by means of this material, rendering any kind of investment, legal or other
professional advice or services. You should seek specific advice of the relevant
professional(s) for these kind of services. This material or information is not
intended to be relied upon as the sole basis for any decision which may affect
you or your business. Before making any decision or taking any action that
might affect your personal finances or business, you should consult a qualified
professional adviser.

No entity in the Deloitte Network shall be responsible for any loss whatsoever
sustained by any person or entity by reason of access to, use of or reliance on,
this material. By using this material or any information contained in it, the user
accepts this entire notice and terms of use.

©2017 Deloitte Touche Tohmatsu India LLP. Member of Deloitte Touche

Tohmatsu Limited