CBN clarifies IT standards roadmap for banks
WITH information technology (IT) taking centre stage in global businesses daily, the need for Nigerian banks to step up their IT architecture infrastructure for efficient service delivery has been stressed.
According to the Central Bank of Nigeria (CBN), which noted that IT has fundamentally transformed financial institutions in Nigeria resulting in the evolution of new business architectures and approaches to customer service, enterprise management and regulatory compliance, it however, posited that more investments in technology would make the banks globally competitive.
This was the submission of Head Shared Services, Central Bank of Nigeria (CBN), Chidi Umeano, to a cross section of senior IT, Audit and Control executives predominantly from the banking and IT sectors at the 60th edition of the Digital Jewels’ Information Value Chain Forum held in Lagos, at the weekend.
While making a presentation on “Demystifying the CBN IT Standards Blueprint”, Umeano disclosed that IT spend in the Nigerian financial services industry as a proportion of overall operating expenses was quite high and on the increase.
He however, stated that commensurate value had not been realised from the investments as a result of several challenges.
According to Umeano, these included complex, duplicate, non-standard and costly processes; non-standard systems and infrastructure; inefficiency of electronic information exchange and data integrity issues.
The CBN official noted that industry leverage of IT in Nigeria “lags global leading practices and is limiting banking operating efficiency, cost effectiveness, regulatory information and risk management practices.”
He explained that in order to address that gap and provide guidelines for application and utilisation of IT, industry IT standards were defined to articulate and provide a point of reference for the utilisation of IT.
Umeano said that prior to the drive by CBN on IT standards, there were no defined IT standards driving interoperability, information exchange, enterprise architecture, and system integration, among others in the industry. The implications were high cost of integration as banks’ IT infrastructure could not interact with each other or other relevant third parties without the implementation of dedicated interfaces.
“Thus banks are forced to maintain different interfaces to different service providers thereby increasing cost of service, while interoperability and automation to drive straight through processing cannot be achieved leading to islands of automation but no integration,” he lamented.
He further said that quality and maturity of IT could not be ascertained having no reference point to benchmark, while there is poor customer experience in the use of bank’s IT infrastructure due to absence of a minimum IT standards driving governance, service management, and infrastructure and ad-hoc implementation of CBN regulatory policies and plans around IT.
Umeano however pointed out the benefits of IT standards to the industry which included increased up-time/availability of banks leading to increased cost savings, establishment of a reference point for objective assessment of the IT function leading to improved IT performance measurement; improved data integrity and electronic information exchange; increased productivity of staff due to interoperability of IT systems; business continuity/recovery and reduced risk of prolonged downtimes and improved data security assurance to customers leading to increased customer confidence.
He said that Nigeria was not the only country where the Central Bank had to enforce or drive certain IT Standards within its local industry. Other countries involved are Australia, Bahamas, Brazil, China, Croatia, Malaysia and the United Kingdom.
Managing Director/Chief Executive Officer of Digital Jewels Limited, Adedoyin Odunfa, who presented: “An Industry Status Report”, provided a categorisation of the CBN standards blue print, indicating standards were certifiable, those yet to be and others that were merely frameworks to which an organisation could not be accredited.
She also provided a cross-referencing of standards to indicate those closely associated and provided guidance on preferred routes to attain certification to multiple standards. For organisations who have more than two management systems in place, she recommended an integrated approach though the PAS 99, the world’s first specification for integrated management systems.
According to her, it streamlined operational activities, aligned all common standard requirements and cut the cost of separate audits and administration. Its benefits included less duplication, lower operating costs, simplification and more easily updated.
Odunfa said that the global best practice standard certification status for Nigeria as at last month, shows that 23 companies were certified with PCIDSS while five others were in progress. For Information Security Management System (ISO 27001), 20 companies were certified, with another 15 in progress. For Business Continuity Management System (ISO 22301), four companies were certified and another three were in progress.
Five companies were certified with ISO 20000 (IT Service Management) while two were in the process. For ITIL (IT Infrastructure Library), two companies had evidence of full implementation while one was in the process. No company had evidence of a full implementation of COBIT 5 (Control Objectives for Information and Related Technology) but two were in the process.
However, within the banking sector specifically, for ISO 27001, nine were certified while another five were in progress; ISO 22301 (two and four respectively), ISO 20000 (one and two respectively), ITIL (one fully implemented, one in progress) and COBIT 5 (none fully implemented but one in progress).
No comments yet