JAIIB Paper 2 (PPB) Module C Unit 2: Operational Aspects Of CBS Environment (New Syllabus)
The IIBF has recently announced updates to the JAIIB Exam 2023, including changes to the syllabus and exam format. Candidates will now be required to complete four papers, with Paper 2 (Principles & Practices of Banking) covering Unit 2: Operational Aspects Of CBS Environment. This unit is particularly crucial for candidates, as it will significantly impact their performance in the exam.
To assist candidates in understanding the topic, we will provide all the necessary details related to Unit 2: Operational Aspects Of CBS Environment of JAIIB Paper 2 (PPB) Module C: Banking Technology. We strongly recommend that candidates refer to this article and utilize our Online Mock Test Series to enhance their understanding of Foreign Currency Accounts for Residents and other related aspects.
Candidates must comprehend each unit in the syllabus, including the Marketing unit, to excel in the JAIIB Certification Examination 2023 and establish a successful career in the banking sector. This unit is of great importance in the banking industry, and candidates must prepare thoroughly.
Core Banking Solutions
Core Banking Solutions (CBS) is a platform where Communication Technology and Information Technology merge to suit core banking needs.
Functions Performed by CBS
- Customer accounts management
- Office account management
- Loans disbursal and management
- Cash deposits and withdrawals
- Transactions management (online and History)
- Inward/Outward clearing process
- Calculation of Interest on Advances and deposits
- Charges/Fees Application
- Application of minimum balance charges, transaction charges, cheque book charges etc.
- Asset Classification and Income recognition, NPA Management
- Non-Performing Assets Management (NPA)
- Customer relationship management (CRM) activities
- Interfaces with payment systems, Regulators, Third-party service providers
- Interfaces with Alternate delivery channels
- Generation of Reports, multi-currency Balance sheets, P&L statements.
Flow Of Transactions in CBS
In any Core banking Solution, there are three types of Transactions:
Transactions made by Users at Branches, Customers through Alternate Delivery channels or Third Party trusted vendors are ultimately reflected in the Central Database of the Bank. The transaction workflows are different for different channels of Banking.
The branch user has to log in to the system with his user id and password along with biometric authentication at the CBS terminal. Customers log in through various delivery channels using their credentials.
Once the transaction hits the Central Data Base, the system will validate the transaction and debit or credit the particular account, and a message is sent back to the user at the Branch as to whether the transaction is complete or not.
The system validates the account number, balance in the account, the authority of the teller (Maker) who does the transaction, authority of the officer (Checker) who authorizes the transaction, and other validations parameterized at the product level if required to be done.
Apart from this, transactions also flow from various alternate delivery channels, Treasury systems etc., into the core banking system.
End Of Day (EOD) And Begin Of Day (BOD) Operations
Typical Operations in CBS during BOD and EOD:
- Begin of the day by Data Centre
- Transactions input and Authorisation by Branches
- Closure of Branch Operations by Branches
- End of Day Operations by Data Centre
- Reports Checking by Branches
- Back up Operations by Data Centre and Branches.
- Application of Interest and services charges – Data Centre
- Execution of standing instructions by data Centre
- Generate various reports, including Exceptional Reports
Begin Of Day (BOD) Operations
BOD process opens a new transaction day for the Bank. BOD depends on the EOD process for the previous working day. If the EOD is not completed for a day BOD can not be done. Days are always business days specified in Branch Calendars.
Following functions are carried in BOD operations:
- Starts a new day
- Time Deposit processing related to interest and maturity
- Standing instructions execution
- Value date processing of cheques Salary Processing
- Expiry of Overdraft Limits.
End Of Day (EOD) Operations
Most of the following activities are carried out at the Data Centre or Branch, depending on the architecture of the Core Banking Solution.
- Day-end activities carried out by the authorised personnel are properly documented and monitored through a checklist.
- Minimum balances are calculated.
- Products are calculated for the Current Account (Debit balances).
- Mandatory reports are generated.
- Fallback procedures activated
- Day end back up is taken
- Recording of entries in the Backup Register
- Recording in Log Books
- Filing of reports
- Shutting down of complete computer system
- The data back-ups taken are properly documented and kept in safe custody
- The Server Room is properly locked, and the keys are kept only with an authorised person
The following documents are generated:
- Access log
- Supplementary
- Audit Trail
- A transaction number is given for each transaction entered.
After business hours of the Bank, the following functions are performed:
- Supplementary Report is printed by either Branch Manager or System Administrators and filed.
- Cash Denomination Report is printed and filed.
- Vouchers are tallied and signed by either the Branch Manager or System Administrator.
Password Control
Basic Operational Controls in Core Banking operations include:
- Segregation of Duties
- Four Eye Principle/Maker Checker
- Rotation of Duties
- Ownership of systems for granting accesses rights.
Core banking solutions supports strong passwords access control mechanisms by enforcing the following controls in Password:
- Minimum length eight characters—the more characters, the better
- Should contain both uppercase and lowercase letters
- Must be a mixture of letters and numbers.
- The password must include at least one special character.
- Dictionary word avoided
- Prevent reusing of previous Password/s
- Enforce periodical password changes
- Passwords are disabled during the employees' leave of absence.
- For certain critical modules, enforce multi-user or multi-factor authentication
- Passwords are stored in the system in encrypted form only.
The operational staff should ensure the following practices to establish the integrity of the Password:
- All the employees and Users should maintain password secrecy in the system/s.
- The critical passwords for accepting sensitive jobs should be known only to the Branch Manager or System Administrator.
- The Operating System Password should be kept under Dual Control of Branch Manager and System Administrator. The Password should be protected in a sealed cover and opened in the presence of at least two persons. It should be changed at once on being opened.
Parameter/Master Files
- In a Parameter/Master File, all the relevant information related to a particular account should be fed and stored. The information may relate to the Rate of Interest to be applied, Penal Interest to be charged, Commission Rates, Operation Limits in case of loans, nature of account operation, single/jointly etc.
- It is important to check that the Parameter/Master File accessible to the operators should only be read only. Otherwise, it would invite undesirable modifications, which would lead to revenue leakage and misuse of funds. Whenever any alterations are to be made in the Parameter/Master File, printouts of the file before and after the changes should be taken and documented in the safe custody of the Branch
The Bank should ensure the following:
- Authorised personnel mark all the Bank Holidays into the software before the beginning of the Financial Year.
- Operation limits and authorisation levels are defined clearly for the operators and supervisors.
- The parameters for Interest and Bank Charges are defined in accordance with the applicable rates and guidelines. The file is updated as and when changes are announced.
- Parameter files are printed before and after changes are given effect and documented.
- The safe custody of the printouts should be ensured, and alterations are captured into the "Parameter Register".
Some important Master files for a core banking solution are.
- Master Data of Accounts
- General-purpose parameter files
- Account types and structure for the General Ledger
- Advances interest rates applicable for various schemes.
- Deposit interest rates applicable for various tenors
- List of holidays
- Authorization rights for exceptional transactions
- Types of users and their work classes.
Logical Access Control
To safeguard the assets and the computer system and to maintain data integrity, the following should be ensured:
- The security policy addresses specific capabilities of operating systems and ensure that the available security features are implemented.
- The Chief information security officer should ensure that available features have been implemented.
- Process for granting access levels.
- Users should have the minimum access level needed to do their job.
- Users' access should be restricted to specific applications, menus within applications, files, and Servers.
- File maintenance should be a separate access privilege.
- Maintenance should be restricted to a minimum number of persons, and it should be properly approved and reviewed.
- The password file should be encrypted.
- Methods to detect security violations.
- Access levels should be periodically reviewed by the internal auditor.
- Procedures to limit access to workstations after normal working hours.
- Modem access should be restricted.
- Modem passwords should be changed periodically
Operational Aspects Of Security Control In CBS
The key security control aspects in a computerised bank include:
- Ensure that authorised, accurate and complete data are made available for processing.
- Ensure that in case of interruption due to power, mechanical or processing failures, the system restarts without distorting the completion of the records.
- Ensure that the system prevents unauthorised amendments to the programmes.
- Ensure that the "access controls" assigned to the staff-working matches with the responsibilities, as per manual.
- Ensure the segregation of duties while granting system access to users and monitor user activities by reviewing Logs
- Ensure that changes made in the parameters or user levels are authenticated
- Ensure that charges calculated manually for accounts when a function is not regulated through parameters are properly accounted for and authorised.
- Ensure that all modules in the software are implemented.
- Ensure that the exceptional transaction reports are being authorised and verified regularly by the officials concerned.
- Ensure that the account master and balance cannot be modified/amended/altered except by the authorised personnel.
- Ensure that all the general ledger accounts codes authorised by Head Office exist in the system.
- Ensure that balance in general ledger tallies with the balance in the subsidiary book.
- Ensure that important passwords, like database administrator and branch manager's Passwords, are kept in a sealed cover with the branch manager so that in case of emergency and the absence of any of them, the passwords could be used to run the system properly.
- Ensure that the Bank takes daily and monthly backups. The backup media should be duly labelled, properly indexed and maintained under joint custody.
- Ideally, a daily backup should be taken in 6 sets, one for each weekday and 12 sets for each month. The backup Register should be maintained and updated.
- Ensure that the backup media is stored in a fireproof cabinet secured with lock and key and that the off-site backups are preserved for an emergency.
- Ensure that the anti-virus software of the latest version is installed in servers/PCs of branches.
- Ensure that security patches are applied to systems as and when released by the vendors/ developers.
- Ensure that access to the computer room is restricted to authorised persons
Role And Responsibilities Of The Bank Under CBS
To deal with the increasing incidences of cyber-attacks and misuse of the electronic payment system, the banks must introduce certain minimum checks and balances to minimise the impact of such attacks and to arrest/minimise the damage.
Bank must have:
- IT Policy
- Data processing and data interface under various systems.
- Data integrity and data security.
- Business Continuity Plans and Disaster Recovery Plans.
- Accounting manual and critical accounting entries and the processes and involvement of IT Controls over key aspects
- Documentation of Controls and various e-banking and internet banking products.
- Manual processing of key transactions.
- MIS reports being generated and the periodicity thereof.
- Hard copies being generated and the periodicity thereof.
- Process of generating information related to various disclosures in the financial statements and the involvement of the IT systems.
- Generation of major exceptional reports and the actionable.
- Major IT related issues faced and resolved/unresolved during the year, such as data/system corruption, system break-down, etc., having a bearing on the preparation and presentation of financial statements
- Significant observations of internal auditors, concurrent auditors, system auditors, RBI inspection and internal inspection, etc., related to computerised accounting and overall IT systems.
- Customer complaints related to errors in transactions
In order to ensure that the technology deployed to operate the payment system/s authorised is being operated in a safe, secure, sound and efficient manner and as per the process flow submitted by the Bank for which authorisation has been issued; banks are required to get a System Audit done by a firm of Chartered Accountants.
The scope of the System audit would include evaluation of the hardware structure, operating systems and critical applications, security and controls in place, including access controls on key applications, disaster recovery plans, training of personnel managing systems and applications, documentation, etc.
The system auditor must also comment on the deviations in the processes followed from the process flow submitted to RBI while seeking authorisation.
JAIIB PPB Module C Unit 2 Operational Aspects Of CBS Environment (Ambitious Baba) PDF
Discount Offer Available Visit : test.ambitiousbaba.com
No comments:
Post a Comment