www.edulounge.

in

CA Inter

EIS
NUGGETS
CHAPTER 5 CA Chandan Patni
CORE BANKING SYSTEMS
 To buy our awesome e-lectures
www.edulounge.in

Subscribe to our YouTube Get access to notes, charts Follow CA Chandan Patni on
channel for revision lectures and other amazing content Instagram.
& regular updates. on our Telegram channel.
 i) Custody of large volumes of monetary items

ii) Large volume of transactions

1) Features of Banking Business iii) Wide network of branches

iv) Increased possibility of fraud

i) Acceptance of Deposits

ii) Granting of Advances

Banking Business - Basics
iii) Collection

iv) Remittances

v) Clearing

2) Activities/ Services of Banks single receiver of funds

ECS Credit
vi) ECS
single account to be debited
ECS Debit

vii) Credit Cards

viii) Debit Cards

ix) Letter of Credit & Guarantee

set of basic software components that

manage the services provided by a bank to
its customers
Meaning

i) Finacle

ii) FinnOne

iii) Flexcube
Examples
iv) BaNCS

v) BankMate

i) Online real time processing

ii) Transactions are posted immediately

iii) All databases are updated simultaneously

iv) Centralised Operations

v) Opening of new accounts

Features
vi) Managing deposits & withdrawals

vii) Processing payments

viii) CRM activitites

ix) Maintaining records of all bank's transactions.

facilitates information flow; improves

speed + accuracy of decision making
i) Information Flow

target customers with right offers at the

right time using right channel
ii) Customer Centric
Key aspects in-built in CBS
ensures compliance
iii) Regulatory Compliance

lowers costs through faster processing,

Core Banking Systems increased accuracy
iv) Resource Optimization

as per strategic + Business objectives

i) Planning

Top Level Management/ BoD must approve

ii) Approval

Right solution should be selected

considering the objectives and needs
iii) Selection

Appropriate controls should be in place

iv) Design & develop or Procure

Extensive Testing + Data migration

Stages of Development & Implementation v) Testing

vi) Implementation

vii) Maintenance

viii) Support

ix) Updation

Internal + external
x) Audit

settlements, clearances, record

maintenance, accounting, compliance etc.
i) Back Office

Manage + Analyze data

ii) Data Warehouse

Customer Management, Credit card

management, account management
iii) Credit Card System

Self Service ( Deposits/ Withdrawals)

Key Modules of CBS iv) ATM

v) Internet Banking

vi) Mobile Banking

vii) Phone Banking

viii) Branch Banking

hosts the core banking application

Powerful + Robust

i) Application Server Receives data, performs operations &

updates central database

CBS application residing in the application

server must be the latest version.

contains entire data of the bank

accessed by Application Server, ATM

Server, Internet Banking Application Server
etc.

ii) Database Server Secured

No unauthorised changes

Maintenance
Technology Behind CBS details of ATM account holders (but not PIN)
iii) ATM Channel Server

stores the name and password of internet

banking customers + details about branch
to which the customer belongs.
iv) Internet Banking Channel Server

authenticates the customer with the login

details stored in IBCS
v) Internet Banking Application Server

vi) Web Server

allows clients to make indirect network

connection to other network services.
vii) Proxy Server

viii) Anti- Virus Software Server

Process 
i) Current & Savings Accounts (CASA)
Risks & Controls

Process
ii) Credit Cards
Risks & Controls

Process
iii) Loans & Trade Finance
Risks & Controls

Risks & Controls for Core Process

Banking Processes iv) Mortgage Loans/ Property Loans
Risks & Controls

v) Internet Banking Process Process

Dealing room operations

1) Front Office

Core Areas 2) Middle Office

3) Back Office
vi) Treasury Process
Process

Risks & Controls

loss to bank due to inadequate/ failed

Internal Process, people, systems
CA Chandan Patni i) Operational Risk People, Processing, Legal Risk

asset/ loan becomes irrecoverable

ii) Credit Risk
Core Banking loss in bank's trading book
iii) Market Risk
Systems
earnings decline due to changes in business
environment
iv) Strategic Risk
Risks
exposure to legal penalties, fines etc.
v) Compliance Risk

Data Ownership

Multiple Interfaces

Authorization Procedures

vi) IT Risk User Identity Management & authentication prcodeures

Response Time

Change Management

Incident Handling

i) Maker - checker Process

ii) Job Rotation

iii) Fixed Powers (financial + administration)

Internal Controls in Bank Branches iv) Periodic Confirmation to Controlling

Authority

v) Periodic Balancing of Books

vi) Dual Custody

i) Record of Log-ins & log outs

Controls ii) Access is available on specified days & stipulated hours only.

iii) Access rights should be on a need to do basis

iv) User time out is prescribed.

v) Need for supervisory password - to open ledgers after

end-of-the-day process
IT Controls
vi) Need of supervisory password - for processing
transactions in a dormant account

vii) Need for supervisory password - to reactivate

dormant accounts

viii) System check - amount to be withdrawn is within

Risks & Controls related to CBS drawing power

Back up

Job Scheduling & Processing

Monitoring of Applications & supporting

Sub Process
servers

SLA

User Training

backup + storage of data should be done

I) Data Centre & Network Operations periodically as per policy
System Failure

Off Site + Securely Stored

Unavailability of Back up

SLAs with software vendors + Top

Management should monitor compliance
with SLA
No technical Support
Risk & Controls
Help Desk function should exist
User queries - unresolved

Input Controls must be in place +

Inaccurate/ Incomplete recording of Exceptions should be reviewed
transactions

Access rights to be given as per job roles

Invalid items may be recorded

Policies, Procedures, Practices

User Security

Application Security

Sub Process Database Security

Operating System Security

Network Security

Physical Security
Risks & Controls in certain Areas
ii) Information Security Policies must be established with
management approval
Lack of Management Direction

Physical + Logical controls must be

implemented
Lack of CIA

Unique User ID + no Sharing

User accountability is not established

Risk & Controls Passwords + biometric access

Unauthorised Access

Log + Review thereof

Undetected Security Breaches

Regular reviews of Network Security

Virus, Worms

Environmental Controls
Environmental Threats

i) Configuration

ii) Masters
Gateways of Application Software
iii) Transactions

iv) Reports

should be automatically calculated by CBS

iii) Application Software Interest is wrongly computed

charges to be levied as per facilities availed

by customer
Failure to levy charges

should be as per RBI & Bank policies

Inappropriate levy of charges

Risk & Controls reversal should be approved + no reversal

Inappropriate reversal of Charges
in excess of original amount

CBS should be configured to perform

Incorrect classification & provisioning of classification as per RBI guidelines
NPA's

Unauthorised changes in configuration/ Access to only authorised persons

settings

1) The banking Regulation Act, 1949

2) Negotiable Instruments Act, 1881

i) Monetary Authority (formulates, implements & monitors monetary policy)

3) RBI Act, 1934 Key Functions of RBI ii) Regulator & Supervisor of the financial system

iii) Issuer of Currency

process by which proceeds of the crime (

dirty money) is concealed & layered
through multiple banking transactions, so
that they appear to come from a legitimate
source (clean money)
Meaning of Money Laundering

puts the "dirty money" into the legitimate

financial system.
i) Placement

conceals the source of the money through a

series of transactions.
ii) Layering
Stages of Money Laundering
the money is returned to the criminal from
what seem to be legitimate sources. The
criminal proceeds are now fully integrated
into the financial system and can be used
4) Prevention of Money Laundering Act, 2002
for any purpose.
iii) Integration

Sec 12 - Every Banking Company or

Financial Intermediary or Institution to
maintain records

Sec 13 - Powers of Directors to impose fine

Sec 63 - Punishment for false information

or failure to give information

Regulatory & Compliance Sec 70 - Offences by Companies

Requirements i) Legal recognition to e-mails

ii) Legal recognition to e-commerce

iii) Legal recognition to Digital Signature

Advantages of Cyber Laws iv) Entry into business of issuing Digital

Signatures

v) Facilitates e-governance

vi) Addresses important issues of Security

provides a list of items that are to be

treated as "sensitive personal data",

information relating to passwords, credit/

debit cards information, biometric
information (such as DNA, fingerprints,
Rule 3 voice patterns, etc. that are used for
authentication purposes), physical,
physiological and mental health condition,
etc

Body corporate shall obtain consent in

writing through letter or Fax or email from
the provider of the sensitive personal data
regarding purpose of usage, before
collection of such information.
Rule 5

Sensitive Personal Information Disclosure of sensitive personal data or

information by body corporate to any third
party shall require prior permission from the
provider of such information.
Rule 6

provides that whenever a corporate body possesses or

deals with any sensitive personal data or information, and is
negligent in maintaining a reasonable security to protect
such data or information, which thereby causes wrongful
5) Information Technology Amendment Act, 2008
loss or wrongful gain to any person, then such body
corporate shall be liable to pay damages to the person(s) so
affected.
Sec 43A

Penalty & Compensation for damage to

Sec 43
Computer & Computer System

Sec 65 Tampering with computer source code

Sec 66 Damage to computer & computer system

Punishment for dishonestly receiving stolen

Sec 66B computer resource or communication
Offences device.

Sec 66C Punishment for identity theft

Sec 66D Punishment for cheating by personation

Sec 66E Punishment for violation of Privacy

any type of illegal activity that takes place

via digital means.
Meaning

i) Fraud (manipulation of input, output or throughput)

ii) Forgery (changing images or data stored)

as per UN's Manual on Prevention & Control iii) Deliberate Damage (virus or bombs)
Classification
of computer related crimes
iv) Unauthorised Access (Hacking)
Cyber Crimes
v) Unauthorised Reproduction (Piracy)

i) Harassment via fake profile on social media

ii) Email account hacking

iii) Credit Card Fraud

iv) Phishing
Common Scenarios
v) Online sale of illegal articles

vi) Child Pornography

vii) Source Code Theft

 Customer KYC documents
approaches RM handed over to CASA account along with
or applies online Credit/ Risk Team other facilities are provided

CASA Process
RM requests Credit Team verifies
for KYC documents, assess credit
documents worthiness & updates
facilities in customers account

Risks & Controls

Risk 4 Control 4

Access rights to authorise customer master

1 Customer Master in CBS - not as per KYC
should be restricted.

should be automatically caluculated as per

2 Inaccurate Interest/ Charge
defined rules

should be automatically generated based

3 Inaccurate accounting enteries
on the facilities taken by the customer.

4 Unauthorised approval of transactions SoD

 Customer KYC documents
approaches RM handed over to
or applies online Credit/ Risk Team Credit Card is dispatched

Issuance of Credit Card

RM requests Credit Team verifies
for KYC documents, assess credit
documents worthiness, issues a credit
limit & allots a card

If transaction is
Customer will swipe Acquirer sends validated, the acquirer
the card on POS request to Issuer authrorises and POS
machine to authorise will process it

Sale Authorization
POS will send Approval/denial is Receipt is
authentication sent through generated & sale
to Acquirer Bank Intermediary is completed

Issuer substracts
Merchant stores all day's Interchange fees,
authorised sales in a transfers balance to
batch and sends it to Acquirer through Card
Acquirer Network Card Holder is billed

Clearing & Settlement

Acquirer request Acquirer substracts

payment from discount fees & pays
Issuer through the balance to Merchant
Card Network

Risks & Controls

Risk Control

Credit offered must be in line with credit

1 Credit Line setup not as per Bank's Policy
risk policy

Credit Line in CBS is not as per sanctioned Access rights to authorise credit limits must
2
limit be restricted.

Transaction can not be made if aggregate

3 Credit Line setup can be breached
outstanding exceeds the sanctioned limit.

Access rights to authorise customer master

4 Customer Master - not as per KYC
should be restricted.

5 Inaccurate Interest/ Charge is calculated should be automatically calculated

 Customer
approaches Customer Disbursement
RM or RM submits Loan Credit Team verifies Team verifies
may documents + documents, assess credit PDC & creates
approach KYC + worthiness, issues a customer
potential Financials + sanction letter to the accounts in the
customers Projected etc. customer system

Loans & Trade Finance

RM requests RM hands over If customer agrees with Disbursement Team
for KYC the documents the sanction letter, disburses the loan
documents to Credit/ Risk credit team prepared amount
Team PDC.

Risks & Controls

Risk Control

Credit offered must be in line with credit

1 Credit Line setup not as per Bank's Policy
risk policy

Credit Line in CBS is not as per sanctioned Access rights to authorise credit limits must
2
limit be restricted.

Transaction can not be made if aggregate

3 Credit Line setup can be breached
outstanding exceeds the sanctioned limit.

Access rights to authorise customer master

4 Customer Master - not as per PDC
should be restricted.

5 Inaccurate Interest/ Charge is calculated should be automatically calculated

What our students say !
Deep Agarwal
Guwahati
Thank you so much sir for our
constant support and guidance.
Loved the way you taught and
encouraged in the class. I was
always weak in theory but the
way you made us understand
the concepts and also how to
read theory subjects was just
super amazing. Now my fear of
theory subjects has gone down
considerably. Thank you so
much sir.
To buy our awesome lectures, visit
Neina Devi
Guwahati
Dear Sir,
I want to say thank you to you
for helping me clear my CA Inter
Group 2. I got 62 marks in ITSM.
I was not able to clear the group
only because of this paper and
in my Nov 17 attempt I got 32 in
ITSM. You helped me a lot in
clearing the group. Thank you
once again sir.
www.edulounge.in
or call +91 94351 41741
www.edulounge.in
Sowmyaa
Chennai
Hello sir!
Auditing classes were too good
with a lot of practical
examples...the notes that you
made us to write would help a
lot during exam times...we
gained a good understanding of
the subject..Thanks a lot Sir 😊