Current Problem Statement
Over the years, banks have lost millions of dollars due to unplanned outages or downtime in services. This has also created a negative impact on banks’ reputation and brand image. In many cases, these services are managed by outsourced partners and banks have very little control over it.
What is BS11?
To address these pain point, Reserve Bank of New Zealand (RBNZ) has introduced BS11. It outlines the outsourcing policy for large banks in New Zealand whose net liability exceeds NZD10 billion. The policy should be implemented by the affected banks by 2022.
The main objectives of this policy are:
- Banks should be able to ensure uninterrupted liquidity, in the financial system to meet customer and regulatory requirements.
- Banks should be able to provide basic banking services to its customers without any disruption.
- Banks should be able to operate independently without affecting any service during a demerger or during an acquisition.
- Adequate measures to be taken by banks to address the failure without impacting its customers and carry on the business as usual.
- Adequate measures to be taken by banks so that no transactions are lost due to service outage.
Non-compliance Implications
- If the outsourcing agreement does not comply with the policy of BS11, Reserve Bank will enforce upon banks and their outsourcing partners to amend the agreement to achieve compliance.
- If a bank fail to achieve compliance, Reserve Bank may take action against the bank.
IT Impact
Below is the typical landscape of a bank. It includes various channels or systems of engagement through which the transaction or request would be received by the bank, systems of record for the various lines of businesses through which transactions are processed, and ancillary applications that support processing of transactions and provide additional support functions. Any failure would translate to potential disturbance to BAU, operational risks, and loss of data. Due to the regulation, the applications being outsourced would be impacted.
Also, various operations like Front Office, Back Office, and support functions would also be impacted if there is any disruption in the services or separation.
Proposed Mitigation Plan
- Backup Plan (BCP) and Disaster Recovery (DR) plan of the bank to be shared and reviewed by the Reserve Bank periodically.
- The contractual terms between the bank and the third party should include BS11 policies.
- Third-party providers to ensure that adequate measures have been taken for disaster recovery and to address outages or service disruptions.
- Ensure that any agreements with third parties do not hinder banks’ ability to fulfill the obligations of their customers.
- No objection to being obtained by banks from Reserve Bank before any contractual agreement with the third-party providers.
How HCLTech can Help
Banking Practice in HCLTech has a dedicated team of banking and regulatory specialists who help assist organizations and banks to comply with various regulations. The team provides bespoke solutions for disaster recovery and other specific needs. With a deep knowledge of BS11 and New Zealand Banking regulations, HCLTech is best placed to offer the following:
Integration Partner
- Deep understanding of the BS11 regulation and vast domain understanding of the banking application landscape
- Impact analysis of the integration touchpoints due to BS11 regulation and design a solution
- Create a blueprint of the proposed solution to set up design, value proposition, guidelines for the development of acceptance, operating model, technical infrastructure, governance, business model, planning for implementation, and future roadmap
- End-to-end Testing (functional system testing, functional System Integration testing, and non-functional testing)
Consulting Partner
- Understanding the current landscape of banks
- Suggest configuration of the new systems for new entities
- Suggest various data partition techniques to segregate entity-specific data
- Suggest techniques to clone the applications to create a new set of application for the new entity
- Suggest ways to harmonize the new cloned applications for incorporating a new set of rules and offerings pertaining to the new parent
- Suggest integration of cloned applications into the new parent
Application Development and Maintenance Partner
- Development of adapters to integrate different applications
- Documentation and execution of relevant test cases and test scenarios
- Development of various functional accelerators to expedite the analysis and testing phase
Infrastructure Partner
- Building new infrastructure in the new location
- Building additional failover systems that should resume the services in case of an outage on the primary server
- Building Robust Business Continuity and Disaster Recovery plans
- Creation of mirrored systems on a “Hot” standby basis
- Availability of recovery mirror disk and recovery backup disk for active and passive host at the same site (in case of primary host failure, those disks will be used as a source to database recovery on passive host)
Case Study
Case Study 1: With a large British Bank in 2009, it was mandated by European Commission that it had to sell a portion of the business to a new owner as the bank had become huge due to earlier acquisitions and mergers.
As a part of the program, HCLTech had helped in divestment, cloning, and harmonization of the applications to a new entity. HCLTech also helped the bank with system integration of the newly cloned products/applications of mortgage, treasury, finance, and document management and end-to-end testing.
Case Study 2: With a large Australian Bank, HCLTech has embarked a similar journey of analyzing the impact of a spinoff of the insurance business from the Wealth Management business. As part of the program, HCLTech undertook data partition and data migration of the insurance-specific data to a new database and performed end-to-end testing of the applications.
