Professional Documents
Culture Documents
List of Graphs 7
List of Table 7
Chapter 1 16
Introduction
Chapter 2 32
Banking Opportunities and
Challenges in the Industry 4.0 Era
Chapter 3 58
Blueprint for Digital Transformation
in Banking
Glossary 159
Bibliography 163
BI Business Intelligence
HR Human Resources
IP Internet Protocol
PwC PricewaterhouseCoopers
TI Information Technology
UK United Kingdom
Foreword
Executive Head of Banking Supervision
HERU KRISTIYANA
WHAT ASPECTS This Blueprint covers the aspects of people, process, and
ARE REGULATED technology that focus on 5 (five) main elements which will provide
IN THE digitalization policies for banking: the implementation of data,
BLUEPRINT? technology, risk management, collaboration, and institutional
arrangement within the banking industry. The five factors
are strategic measures in urging banks to create product
innovations and financial services that are able to meet the
expectations of consumers and maintain a customer-centric
orientation.
01
INTRODUCTION
Banks need to utilize big data properly. In the past several years,
data availability has increased double on average every year.
The volume of data in 2020 was predicted to be approximately
40,000 exabytes. Big data needs to be better utilized by Banks
to improve the quality of their products and services. Using big
data is the most effective way to obtain and analyze customers’
behavior, including potential customers. The utilization of big
data will also enable Banks to detect anomaly or suspicious
behavior, determine the cause of issues and failures, and
take swift and corrective actions to fix in order to increase
effectiveness and efficiency.
Rigid, non-modular outdated tech stack with Agile digital stack with high scalability
low scalability enabled by microservices and
open-platform architecture
Difficult to integrate third-party players
Ability to plug and play new functionalities
Functionalities divided in silos, with manual
processes and poor data management
Data-driven business models with simple,
automated processespartners (open
platform)
THE COVID-19 The Covid-19 pandemic has accelerated the digital transformation in
PANDEMIC banking. The pandemic has caused society to adapt to digitalization,
ENCOURAGED especially with the limitation of physical activities. People are forced
THE to perform their economic transactions through digital platforms.
ACCELERATION Similarly, people are also compelled to perform their financial
OF BANKING transactions digitally.
DIGITALIZATION Amid these conditions, the public will undoubtedly expect effective,
efficient, and secure digital banking services. As a result, Banks
will have to accelerate the enhancement of their digital services to
retain their customers.
Graph 1
Progression of Number of Commercial Bank Branch Offices Unit
34,000
Commercial Banks’
number of Branches.
33,000
32,953
32,739 32,720 32,000
32,276
31,847 31,609 31,000
31,127
30,733 30,000
29,945
29,661 29,000
28,000
2012 2013 2014 2015 2016 2017 2018 2019 2020 Jun-21
Graph 2
in Billion Rp
The Value of Electronic 250,000
Money Transactions
2011-2020 (in Billion Rp) 204,909.17
200,000
145,165.47
150,000
100,000
47,198.62
50,000
12,375.47
981.3 1,971.55 2,907.43 3,319.56 5,283.02 7,063.69
0
2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
Graph 3
The use of Digital Banking Service during Covid-19
Digital Banking Use
during Covid-19 Cardless Transaction 15%
CONTEXT FOR Banking is the vein of the national economy. Banks determine the
OJK POLICY flow of money as the source of funding for economic activities.
Therefore, sound and stable Banks are the main foundation to
promote economic growth and improve the welfare of the people.
Leadership and Change Quality and Information Technology Synergy & Collaboration
Management Quantity of HR Infrastructure Among All Stakeholders
Figure 5
Discussion with stakeholder Mapping of Digital Maturity
The Development Phases Assessment for Banks
of the Blueprint for Focus Group Discussion with the
Banking Industries and Perform assessment on the
Digital Transformation in Associations to get input level of digitalization of the
Banking banking industry
Networking Event
Finalization of the Blueprint
Discussion with information
technology service providers to Finalization of the narration of
gain perspectives regarding the Blueprint for Digital
digital banking Transformation in Banking
International Standards
Study on The International standards in the field of
Information Technology (COBIT 2019,
Future
TOGAF, NIST, ISO27001, CGAP)
of Banking
Regulation in various jurisdictions
Development Principles
for the Blueprint Harmonization of
Balance: Innovation and Policies/Regulation of
prudent, safe and sound
Relevant Authorities
banking
(e.g.: Bank Indonesia, BSSN)
Technology neutral
DISRUPTIVE TECHNOLOGY
Banking in 2030:
How will banks evolve?
Lending
Mobile wallets
Marketplace
Branches Retail
Trading Bank
Investment
Social
Transactions
Stored Mobile
value Customer payments
eMoney
Ticketing Savings
Crowd funding
Payments
Other services
TRULY INDIVIDUALIZED
CUSTOMER-CENTERED BANKING
Figure 7 The Development Process of the Blueprint for Digital Transformation in Banking
02
BANKING
OPPORTUNITIES
AND
CHALLENGES IN
THE INDUSTRY
4.0 ERA
“ “The shift to a
hyperconnected world
presents a formidable
opportunity—but also
risks and challenges.”
(Herve Tourpe,
Chief Digital Advisor,
International Monetary Fund)
The industry 4.0 era encouraged the acceleration for digital
digitalization and automation banking. On the other hand, a
on every line in the banking digital transformation in the
business process transforming industry 4.0 era will also bring
the future business model of a number of challenges and
banking into a digital business risks for banks which needs to
model that offers customers be anticipated and mitigated
many innovation and efficiency. for the Digital Transformation
The Digital Transformation in in Banking to provide optimum
Banking process in Indonesia benefits in increasing business
is supported by the nation’s efficiency and productivity.
sizeable digital potential
which will be able to drive
Chapter 2 Banking Opportunities and Challenges in the Industry 4.0 Era
Filipina Singapura
30%
6% 19%
-24% 22
7,1 7,5 7 12 9
2 28
2015 2019 2020 2025 2015 2019 2020 2025
Thailand Vietnam
25% 29%
7%
53 16% 52
16 18 12 14
6 3
2015 2019 2020 2025 2015 2019 2020 2025
Figure 9
Internet Usage Rate in Internet Users
Indonesia
202,6 Million
vs. Population
73,7%
Internet Users
+15,5%
January 2021 vs. January 2020
+27 Million
Source: We Are Social dan Hootsuite (2021)
CUSTOMER Based on the research by Bain, Google, and Temasek (2019), most
GROWTH Indonesians do not have a bank account (unbanked) and have
POTENTIAL limited access to financial services (underbanked), with the total
amounting to 92 million people and 47 million people, respectively.
These figures are the biggest within the ASEAN region. Whereas
the number of people who have Bank accounts (banked) has only
amounted to 42 million people. With generation Z, Millennials, and
X dominating the demographic structure of Indonesia, preferring
the comforts of online transactions through digital platforms,
the increasingly widening discrepancy between the banked and
underbanked/unbanked now presents a promising demograph
for Banks to shift their marketing strategy from conventional to
digital.
Figure 10 Philippines
Vietnam Singapore
The Composition 15M
15M 3M
of Unbanked, 7M 2M 7M
Underbanked, and 49M 49M
Banked groups in The
ASEAN Region
Thailand
20M Indonesia
25M
42M
10M
47M
92M
Malaysia
10M
9M
3M
Figure 12
Level of Mobile Apps Jan Use of Mobile Apps by Category
Usage in Indonesia 2020 Percentage of Internet Users Aged 16 to 64 Who
Report Using Each Type of Mobile App Each Month
DIGITAL The push from digital potential and digital behavior has directly
TRANSACTION affected the rising digital transaction trend, reflected by the
uptrend in e-commerce, digital banking, and electronic money
transactions in the past few years. It proves that the shift from
offline transaction to online transaction had begun even before
the Covid-19 pandemic. The increase in digital transactions is
also apparent in the downtrend in the number of bank branches.
As of June 2021, the number of Commercial Bank branches was
recorded to be 29,661. A decrease compared to 5 (five) years ago
with 32,276 branches in 2017.
Billion
205.5 5
200,000,000
4
150,000,000
105.6 3
2 100,000,000
42.2
1 50,000,000
0 0
2017 2018 2019 2020 2015 2016 2017 2018 2019 2020
Gambar 13
Figure 9 Rangkuman
SummaryKasus Kebocoran
of Data BreachData selamaBetween
Cases Tahun 2020-2021
2020-2021
Tokopedia Bhinneka.com
As many as 91 million user data and BPJS Kesehatan A group of hackers under the name
more than seven million merchant The breach of the 279 million data ShinyHunters claim to have sold 1.2
data were said to be available for of residents that were hacked million data of Bhinneka.com users.
sale on the dark web. The Tokopedia from the BPJS kesehatan website. ShinyHunters were said to have sold
user data being sold covers gender, The leaked resident data are sold the 1.2 million Bhinneka.com users for
location, username, the full name of to the Raid Forums online the price of US$ 1200 or around Rp
users, email addresses, mobile included identification number 17.8 million in May 2020.
phone numbers, and passwords. (NIK), mobile phone number, email,
address, and salary
130,6
68,1
15
3
10,3
Box 2.
Bό
LESSONS
LEARNED
FROM THE
FAILURE
OF DIGITAL
BANKS IN
THE UNITED
KINGDOM
Monzo
THE RISKS OF Technology was created to assist and facilitate daily activities.
ARTIFICIAL Artificial intelligence is predicted to be the key technology of the
INTELLIGENCE future that will replace humans’ role. Artificial intelligence works
TECHNOLOGY by combining a number of specific data, repetitive processing,
MISUSE and smart algorithm to enable the artificial intelligence software
to automatically learn the patterns or features that exist within
the data. Even though artificial intelligence is expected to bring
significant benefits, the debate about the risk of artificial intelligence
is still taking place.
Figure 15 The Risk of Source: McKinsey (2019) and European Parliament Researches Services (2021)
Artificial Intelligence
Utilization
Graph 6
Cyber Attacks by Law Enforcement
Industry 2020
Government
Transportation
Telecommunication
Finance
The parties who suffered from these attacks are mostly Banks, with
77% of the total occurrences, 20% are customers, and the rest are
other parties at 3%. Realized losses that inflict General Commercial
Banks are reported to amount to Rp246.5 billion, a potential loss of
Rp208.5 billion, with a recovery value of Rp302.5 billion. The realized
b. The Bank does not have adequate financial ability to pay its
dues.
Figure 16 Interconnected
Building Blocks to Build
Scalable
a Digital Business
Model
Custo
Cent mer htful
Delig nce
Prod ric rie
uct Expe
LOW DIGITAL Banking customers’ digital finance literacy level is one of the
FINANCE factors that encourage cyber crimes—referring to data from
LITERACY the Directorate of Cybercrimes Bareskrim Polri, between
January-September 2020, as many as 2,259 complaints from the
public were reported on cybercrime. Eighteen complaints were
electronic system hacking, 649 for online fraud, 39 for data or
identity theft, and 71 for data manipulation (CISSREc, 2020). The
report shows that online fraud is the one most frequently filed
for, demonstrating people’s low understanding of the risks in
The low literacy of digital finance can cause even more digital
crimes. Many cybercrimes happened due to the lack of customer
understanding of the digital information management process
and the lack of understanding from the customer about cyber
security for their digital assets. This can indirectly impact the
reputation of Banks, especially with regards to the level of
security of banking services at Digital Banks. Because of this,
banks are expected to be the main driver of customer digital
finance literacy.
317
142 95
784 862
1.567 1.185
1.844
Kalimantan
Sumatra Sumatera
Papua & Maluku
5 185
951 1.211
Figure 17 Source: The Palapa Ring Project by The Ministry of Communication and Informatics
Information Technology (2020)
Infrastructure
Distribution Map
SUPPORTIVE Not only from banks, but regulators also face challenges in
REGULATION keeping regulations up to date to accommodate the industrial
FRAMEWORK developments of the industry 4.0 era. Regulators will have to
quickly create policies that can encourage the development
of digital-based services. It is done by updating policies and
regulations relevant to products and institutions in implementing
information technology to support the acceleration of the Digital
Transformation in Banking.
03
BLUEPRINT
FOR DIGITAL
TRANSFORMATION
IN BANKING
(Charles Darwin)
Chapter 3 Blueprint for Digital Transformation in Banking
Institutional
Data Technology Risk Management Collaboration Arrangements
Data Protection IT Governance IT Risk Management Platform Sharing Finance & Investment
Customer
DATA
2. The principle of legal certainty states the legal basis for data
protection and all aspects which support its implementations
that have received legal recognition both inside and outside the
court.
a. Consent, which means the data subject has given the consent to
process personal data for one or more specific purposes.
Fairness means that the Bank must not misuse personal data
or collect, store and process data in a way that deceives or
misleads individuals to harm a person.
Principle 2 Purpose limitation means that personal data must be collected for
a clear, explicit, and legitimate purpose and not further processed in
LIMITATION OF any way that is inconsistent with that purpose.
PURPOSE
Storage
Purpose
Limitation
Limitation
7 Principles of
Data Collection
and Processing
Accountability
DATA In data transfer, there are aspects that banks need to consider,
TRANSFER namely the rules for the type of data transferred, the parties
involved in data transfer, and data transfer arrangement.
DATA TYPE The types of data in banking are classified into 4 (four) types
of data categories: customer-provided data, transaction data,
value-added customer data, and aggregated data.
Customer- Transaction
Provided Data Data
Examples Examples
Personal address and Records of deposits, transfers
customer contact details; and other transactions made by
information about the customers (such as direct
financial situation when transactions with merchants),
opening an account or account balances, interest
applying for a loan and earned or charged; other costs
information for the purpose of incurred by the customer.
making payments such as a
list of payees.
Value-Added Aggregated
Provided Data Data
Examples Examples
Revenue/asset data; Average account balance by
customer identity verification zip code or income quintile, or
checks; credit reporting data; average small business
credit score; data about overdraft size by industry
customers that have been segment.
collected and all customer
accounts; customer behavior
data.
Figure 22
Aspects in Data Obligation of
Transfer Means of parties in
data data
transfer transfer
agreement Data
Data Customer protection
transfer data impact
agreement security assessment
Data Customer
transfer in rights in
emergency data
situations transfer
DATA TRANSFER Cooperation between banks and third parties that cause data
AGREEMENT transfer to occur must be stated in a data transfer agreement.
Data transfer agreement - must contain at least the following:
4. Data to be transferred;
5. The lawful basis used is the legal basis of the parties to transfer
data;
CUSTOMER DATA Banks must take security measures to protect the transferred
SECURITY customer information. Banks need to ensure that the transferred
customer information will still be protected according to security
standards by the recipient of the data. To do this, the recipient of
the data needs to:
8. The Bank is not responsible for the actions taken by the data
recipients.
DATA PROTECTION DPIA is a process that needs to be carried out by the Bank to
IMPACT identify and minimize risks related to data protection from a project
ASSESSMENT implemented by the Bank. Banks must carry out DPIA if the data
(DPIA) collection and processing process carried out by the Bank can to
carry a high risk to customers. Conditions that require the Bank to
perform DPIA:
CUSTOMER Customers involved in data transfer have the right to the following:
RIGHTS IN DATA
TRANSFER 1. the right to access the personal data that is transferred;
DATA TRANSFER In an emergency, the Bank may transfer data with other parties as
IN EMERGENCY needed and proportionally. Examples of emergencies include natural
SITUATIONS disasters, terrorist attacks, the Covid-19 pandemic, or other urgent
needs to protect national security.
Figure 23
Principles of Data Integrity Transparency Stewardship
Governance
Checks-and
Auditability Accountability
-Balances
Change
Standardization
Management
Figure 24
Data Governance: A Business Strategy
Implementation of Data
Governance
People Process Technology
Data Architecture
Data Modeling and Design
Data Storage and Operations
Metadata Management
Data Protection and Information
Security
Data Integration and Interoperability
Document and Content Management
Reference and Master Data
Management
Data Warehousing, Business
Intelligence (BI) and Analytics
Metadata Management
STRATEGIC LEVEL At the strategic level, the owner and user of data is the Board
of Directors. The Board of Directors must formulate a data
strategy, review key events related to data governance, and take
full responsibility for data governance, including managing the
roles and responsibilities of each section (data ownership and
stewardship) for data governance. The Board of Directors shall
determine and authorize the designated departments to lead and
be responsible for the data governance system, oversee the data
management operating mechanism, and appoint the appropriate
Chief Data Officer (CDO). CDOs are expected to have a balanced
mix of technical knowledge, analytical skills, expertise in legal and
regulatory matters as well as business competencies.
DATA QUALITY The availability of reliable and accurate data for business
analysis and risk reporting, including accountability and data
tracking, is one of the data governance goals. Reliable and
dependable data is valuable. In other words, the data needs to be
of high quality. In managing data, Banks need to pay attention to
8 (eight) sets of data quality dimensions as follows:
BANK PROVIDER
CLOUD
TECHNOLOGY
Figure 26
Principles of Governance
System 01 03
02
Provide Dynamic
Holistic
Stakeholder Governance
Approach
Value System
04 05 06
Governance Tailored to End-to-End
Distinct from Enterprise Governance
Management Needs System
05 Ensure that all stakeholders have been identified and involved in the
information technology governance system and that performance,
STAKEHOLDERS
quality measurement, and information technology performance
INVOLVEMENT
reporting are carried out transparently, with stakeholder approval
regarding the objectives and measurement metrics as well as any
necessary corrective actions.
2-K Manage all projects that have been initiated by the company
in accordance with the company strategy and in a coordinated
MANAGING manner based on a standard project management approach
PROJECTS including initiating, planning, controlling and executing projects,
as well as closing with a post-implementation review.
3-C Identify and classify problems and its root causes, provide
timely resolution to prevent recurring incidents and provide
MANAGING recommendations for improvement.
PROBLEMS
EDM01 -
Ensured
Governance EDM02 - EDM03 - EDM04 - EDM05 -
Framework Ensured Ensured Ensured Ensured
Setting Benefits Risk Resource Stakeholder
and Delivery Optimization Optimization Engagement
Maintenance
AP001 -
AP003 - AP005 - AP006 - AP007 -
Managed AP002 - AP004 -
Managed Managed Managed Managed
I&T Managed Managed
Enterprise Portfolio Budget Human
Management Strategy Innovation MEA01 -
Architecture and Costs Resources
Framework Managed
Performance
and
AP009 - Conformance
AP007 - AP010 - AP011 - AP012 - AP013 - AP014 -
Managed Monitoring
Managed Managed Managed Managed Managed Managed
Relationships Service Vendors Quality Risk Security Data
Agreements
MEA02 -
Managed
System
BAI02 - BAI03 - BAI04 - BAI05 - BAI07 - of Internal
BAI01 - Managed BAI06 - Managed Control
Managed Managed Managed
Managed Solutions Managed IT Change
Requirements Availability and Organizational
Programs Identification IT Changes Acceptance and
Definition Capacity Change
and Build Transitioning
MEA03 -
Managed
Compliance
BAI08 - BAI09 - BAI10 - BAI11 - with
Managed Managed Managed Managed External
Knowledge Assets Configuration Projects Requirements
Figure 28
COBIT Components of
Governance System Processes
Services,
Infrastructure, Organizational
and Organizational
Structures
Applications Structures
Governance
System
People, Skills Principles,
and Policies,
Competencies Procedures
Culture, Ethics,
and Information
Behavior
DESIGN Design factors are factors that can influence the design of a
FACTORS corporate governance system and its position for success in the
use of information technology. Design factors are contained in a
combination of the following:
1. Enterprise Strategy
2. Enterprise Goals
3. Risk Profile
4. IT-related issues
5. Threat Landscape
6. Compliance requirements
7. Role of IT
8. Sourcing Model for IT
9. IT Implementation Methods
10. Technology Adoption Strategy
11. Enterprise Size
Sourcing IT Technology
Compliance Role of IT Model Implementation Adoption Enterprise
Requirements for IT Methods
Strategy Size
Future Factors
Figure 30
Key IT Solutions Concept
Principles of Information
Technology Architecture
Considering the organization’s IT infrastructure
Uniform technology
IT
Architecture Application of open standards
Principle
Duplication of critical components
Maximize reuse/sharing
Source: TOGAF (2018)
Figure 31
TOGAF Cycle
Preliminary
A.
Architecture
H. Vision
B.
Architecture
Business
Change
Architecture
Management
C.
G.
Requirements Information
Implementation
Management Systems
Governance
Architectures
F. D.
Migration Technology
Planning Architecture
E.
Opportunities
and Solutions
e. Determine the starting time and when the target for completion
of the organizational architecture planning is completed (When).
The stages that will be carried out in this phase are as follows:
Data architecture will identify all the data components used by the
application to produce the information the organization needs. The
steps for creating a data architecture include:
b. Application Architecture
iii. Create the modeling for the required applications and their
relationship to one another.
PHASE E - This phase is a gap analysis phase between the current and
OPPORTUNITIES future architecture. This phase will describe the results of the gap
AND SOLUTIONS
analysis starting from the business architecture to the technology
architecture and calculating the estimated cost of investment in the
organization.
PHASE F- In this phase, preparation and migration planning will be carried out
MIGRATION for the implementation of the new application architecture that was
PLANNING
built in the previous phase. The stages in this phase include:
EMERGING
TECHNOLOGY
AND
APPLICATIONS
er
dg
Qu
in
Le
ha
an
ed
kc
t
ut
um
oc
rib
Bl
Co
st
)/
m
Di
LT
pu
(D
tin
y
g
log
no
ch
Te
AR/ VR Biometrics
T)
(Io
s
ng
hi
fT
Cloud Computing
to
ne
er
5G
t
In
15 years Human
augmentation
10 years
Smart
robots Visual
Quantum assistants
computing 5 years
Machine
learning Artificial General
Intelligence
Autonomous Software defined
vehicles Augmented security
reality Deep
5G Learning
Drones
Cognitive
Augmented Serverless computing
Conversational Data
user interface PaaS
Discovery
Edge
Digital computing
twin
Virtual Connected
reality home
Cognitive
Volumetric expert
IoT
displays advisors
platform
Smart dust
Neuromorphic
5 years hardware Brain
4D computer
printing interface
Blockchain Nanotube
10 years electronics
15 years
Key Impact
Immersive experience Transformational
Artificial intelligence High
Digital platforms Moderate
RISK
MANAGEMENT
The utilization of information technology brings risks
for Banks. For example, some of the risks that usually
arise when using information technology are cyber-
attacks that can interfere with the performance
of information technology; cracker attacks that
can disrupt the system and even steal confidential
company data; errors and damages to supporting
systems such as power lines malfunctions; and many
more. For this reason, Banks need to effectively
implement information technology risk management
in order to mitigate these various risks. In line
with this, Banks also need to implement adequate
cybersecurity. In addition, Banks also need to
implement good outsourcing management in using
third parties to provide information technology.
a. Asset Identification
b. Threat Identification: Threat - Source Identification, Motivation
and Threat Actions
c. Vulnerability Identification
d. Control Analysis
e. Risk Assessment: Risk Identification and Measurement
f. Risk Acceptance Criteria
Banks must ensure the adequacy of identifying, measuring,
monitoring, and controlling the risks of using implemented
Information Technology.
1. identify risk
2. assess risk
3. reduce risk
4. develop a response plan
5. review risk management procedures (internal control system for
the use of information technology)
There are two processes involved in risk management: analytical
and predictive modeling from the data obtained.
People
Identify Managing IT
IT risk base risks through
enterprise risk implementing
posture and ds An processes and
appetite on o ar aly
b tic controls
sh s
Da
ITRM
Con diting
mod ictive
Framework g
au
ellin
tinu
Pred
ous
Converting Remote
auditing Treatment
IT risks into of IT related
returns and issues and
opportunities deficiencies
Monitoring Procedures
OUTSOURCING Banks can carry out outsourcing activities optimally while still
PRINCIPLE complying with the principles of prudence and adequate risk
management. The principle of information technology outsourcing
includes the following 8 (eight) elements:
ii. reputation
c. The agreement between the Bank and the service provider must
clearly define the type and scope of services provided by the
service provider and the rights and obligations of the service
provider, including if the service provider will sub-outsource any
material work.
Figure 35
Principles of Information 01 Governance
Technology Outsourcing
Principles of Information
Technology Outsourcing
Business Information
06 Continuity Plan
04 security
Monitoring
05 and Control
Key Activity Key Activity Key Activity Key Activity Key Activity Key Activity Key Activity Key Activity Key Activity
- Gather - Outsourching - Rollout - Blueprint - Competitive - Negotiation - Final Plans - Relationship - Next gen options
insight model/ mode - Strategic - Scorecard stages strategy - Transition - Reporting - Outcomes &
- Test - Target “rules” - Draft SLA - Evaluation - Negotiation team - Meetings lessons
expectations services - Program - Draft price team team - Managed Staff - Admin & - Knowledge
- Collect market identification - Skills model - Selection - Effective - Knowledge records refresh
intelligence - Profile - Communica- - Draft strategy & negotiations retention & - Risk manage- - Requirements
- Perform tions strategy contract criteria transfer ment refresh
opportunity - Business case - Relationship - Bid package - Transfers - Issues, - Options
analysis rules & base - Retained - Bid facilitation - Governance variations & - Business case
- Peer case organization - Evaluation Structures disputes & strategy
assessment - Feasibility & - Contract - Due diligence setup - Continuous
- Risk impact management - Engineering improvement
assessment analysis function - Acceptance - Evaluations
Veracity, not Appropriate Informed, not Well designed Best value Complete, Efficient Ongoing results Refreshed
ideology services speculative future state for money efficient mobilisation strategy
identified strategies contract
Phase 2 This phase is the stage when the Bank begins to conduct
selection and negotiations with the outsourcing service provider.
ENGAGE
This phase consists of 2 (two) stages, which are select and
negotiate.
Phase 3 This phase is the stage when the Bank and the selected
outsourcing service provider carry out the matters that
OPERATE
have been agreed according to the contract or cooperation
agreement. This phase consists of 2 (two) stages, which are
Transition and Manage.
Phase 4 This phase is the final stage when the Bank makes decisions on
outsourcing activities based on the results of the evaluation and
REGENERATE
performance appraisal of the outsourced work and updates the
outsourcing strategy that has been adapted to the evaluation
results. The stage in this phase is refresh, in which the Bank
renews the outsourcing strategy based on the evaluation results
of the previous outsourcing work.
3E 2
Resilience
INFORMATION
Implementation of Cyber SYSTEM STRATEGY Identification
Incident Response and
Recovery Identification Asset
Management, which are the
Planning & Preparation -
formulating plans for handling
1 analysis, assessment, and
IDEN classification of infrastructure,
and recovery RESI TIFICA
3D LIENCE GOVERNANCE 3A data, and information based
Establishing a Cyber Incident TION on criticality
Response Team
Periodic Vulnerability
Analysis of cyber incidents
Assessment to identify a
Procedures for recovery and Bank’s weakness and
mitigation efforts vulnerability risks
Escalation and reporting VIGILANCE PROTECTION
3C 3B
Vigilance
Vigilance Protection
Cyber Risk Analytics (monitoring and
detection of cyber events and system Implementation of a set of security
vulnerability performed periodically and 4 controls
continuously) Protection over the Bank’s
Detection of Suspicious Activities Internal Control System infrastructure and assets
(analysis of cyber information related to Protection and confidentiality of Data
the Bank and can affect business and Information
process and condition of the Bank’s IT) An internal control system over the
implementation of the Bank’s cyber Protection over access and users
Detection of cyber incident and analysis
security risk management system (identity data and governance, multi
of Security Operation Center threat and
function, which covers the business work factor authentication, administrative
vulnerability to perform threat
units and supporting work units, account)
monitoring, hunting, and security
compliance work units, risk management Secure coding and patch management
dashboard)
work unit and internal audit work unit.
COLLABORATION
Banking
Bill payment
Ride-hailing
Parcel delivery
Payments
Bank
Home
maintenance
Food delivery
Video streaming
Groceries
Laundry
Pharmacy
services Mobile data
Repair
services
Figure 39
Holding Company in the form of Bank
Sharing Service for
Bank Business Groups
i. Channeling Scheme
Through this scheme, Financial Services Institutions
(FSIs) are involved in the distribution and offering of Bank
products. FSI is also required to monitor customers.
Referral Scheme
This scheme allows FSI to provide data on prospective
customers to the Bank according to the approval of
prospective customers so that FSIs are not involved further
after the data is provided.
COOPERATION
Channeling Scheme
BANK 1 BANK 2 BANK 3
FSI is involved in distribution and product offerings
Referral Scheme
uc
ba tr
ta
se as
Infr Provision of Escrow/Cash Management
for Peer-to-peer Lending
Figure 40 Withdrawal of
Points to consider Access Following Authenticating
on Boarding the Consumer Security
in Implementing
Collaboration Access Data
to API Protection Liability
f. API User Contracts: API user contracts aim to re-map the risk
of customer loss arising from activities under the control of
the partner (for example, the partner may indemnify for any
customer losses incurred due to the partner’s service failure).
INSTITUTIONAL
ARRANGEMENTS
Changes that occur along with digital transformation need to be
followed by the readiness of bank institutional arrangements. The
institutional arrangements include, among others, financing and
investment, leadership, organizational design, digital culture, and
digital talent.
Figure 41
Financing needs and Clear and Prioritizing
technology investment Adequate High-value
commitment Sources of Investments
Financing Financing
and
Investment Rebalancing
Technology
Commitment Investments
to Finance and Tracking
Infrastructure Their
Business
Value
Figure 42
Digital Capacities and Digital Capabilities Leadership Capabilities
Leadership Capacities
Customer Experience Technology and Business
1. Customer Understanding
2. Experience Design
3. Customer Touch Points
Vision and Purpose
Office/Workspace Structure
Banks are allowed to The structure of the
only have 1 office organization is flat and
Banks are consists of teams of
encouraged to have employees with
banking services and Organization diverse/cross-field
facilities for expertise
Design
customers with
disabilities
Workforce
Enablement
Authority Bank’s transformation
Decentralization of into a Digital Bank
authority to the needs to change their
team workplace to a digital
workplace
WORKPLACE In running a full digital business model, the Bank can rely on
infrastructure in the form of advanced technology and software
in carrying out business operations, thereby reducing the need
for providing a physical office network to serve customers. For
this reason, Banks are allowed to have one physical office that
functions as a head office (principal/head office), while a branch
office is not required. The head office functions as a connecting
point between the Bank and all stakeholders, including as a
central hub in serving customer complaints and a customer
service center, as well as being a home base for management
and supporting operational units. The head office does not
provide the Bank’s products and services to customers because
the products and services are offered through applications that
are accessed digitally.
Brand &
Advocacy
Data Support,
Modelling Engagement
& Behavior & Retention
Core Experience
Capability Design
Research,
Strategy &
Stores, Development
Investment Compliance,
& Savings Delivery Legal &
Algos
Operations
Partner
Business
Bank
Banking
Credit Management
& Lending
4.0 & Operations
Internal
Systems
Business drivers
yee Inc
mplo rea
se
e
ed enc
e
Compilance d
rov eri Re
p ex p v
Im
en
ue
Technology
Re
ion
Pr
ity od
du
ent
tiv
and lent
uc
ec
ced
ret
recruitm nger ta
tiv
nn
ity
ope
Co
ent
rating
Stro
Co
t
lla
Coll
nec
cing
bor
abora
Con
Crowdsour
systems
ate
tion
Higher p veness
and effe
et
n
ati o
mark
Bus
rodu
G ov
cti
ni c
in e
ctiv
-to-
mu
ss
ern
Com
m
m unic at e
ap
ity
me
Co
ps
an
r ti
sk
ce
Me
Ri
i li t y
ste
ssa g
in g M ob
Inc
Fa
re
as
ed
ag
ion
il at
ity
an nov
d fl r in
exi ate
bilit
y Gre
Impro nce
ved customer experie
Figure 46
Seven Aspects of Digital
Culture
Customer Innovation
Centricity
Data-driven
Decision-
Agility and making
flexibility
Digital
Culture
Collaboration
Digital-First
Mindset
Open
Culture
Professional Level
CUSTOMER
Figure 48
Important Aspects in
Achieving
Customer-Centricity
Customer Customers
Customer Customer Customer Trust and with
Engagement Experience Insight Perception Disabilities
CUSTOMERS In the digital era, all things are connected to each other.
TRUST AND Therefore, the security aspect plays an important role in the
PERCEPTION development of digital banking. This has an effect on customer
trust and perception of digital banking services. The development
of internet technology that began in the 1990s has reduced the
opportunities for internet security breaches (Suh and Han, 2003).
Due to this reason, Banks need to pay attention to customer
trust and perception considering the importance of this in the
financial services industry. The study of Tham et al. (2017) in
Malaysia shows that in attracting Bank customers to use virtual
banking services, Banks need to strengthen the security and
reliability of their banking services. Similar results are shown
by Vejačka and Stofa (2017) that the security perceived by
customers is an important factor in building trust in the field of
electronic banking services that affects attitudes in using it.
Table 2 Example of Information and Communication Technology (ICT) solutions that can be applied to people with
disabilities according to the type of disability
- Text-to-speech rendition and - Closed and open captioning, - SMS, text messaging
speech/voice output subtitles for videos, TV - Synthesized voice output, text to
- Braille displays programming SMS, text speech functionality
- Screen and text magnification messaging - Use of virtual picture board and
- Voice recognition - Text Telephone or communication solutions
- Audio description of graphic Telecommunication Device for
and visual media the Deaf (TTY/TDD) which allow
- Electronic audio signage text messaging over the
- GPS-facilitated navigation phone line
- Optical character or image - Telecommunications Relay
recognition Services which allow text to speck
- Changing screen brightness, conversions through an operator
color contrast - Use of vibrations/text alerts
instead of audio alerts
Source: World Bank (2016): Bridging the Disability Divide through Digital Technologies
Figure 49
Digital Maturity
Customer
Assessment for Bank Engagement Data
Protection
Customer
Customer
Experience
Trust and
Data
Perception
Customer Transfer Data
Talent Insight Data Governance
Customer
Finance
Investment Technology
Emerging
Digital Technology and
Leadership
Maturity Application
Culture
Organizational Assessment Technology
Design for Bank Architecture
Institutional
Arrangements
IT Governance
Risk
Collaboration Management
Bank Platform
IT Risk
Cooperation Sharing
Management
Cybersecurity
Outsourcing
Glossary
Big Data Analytic Advanced analytical techniques for processing large and diverse
data sets, from structured, semi-structured and unstructured
data, obtained from various sources and sizes (terabytes to
zettabytes).
Bigtech A large company engaged in the IT sector that has expanded its
business to provide financial services, either directly or through
products that are similar to financial products.
Business Impact A tool to analyze how a risk event can affect the organization's
Analysis operational activities and identify what capabilities are needed to
manage those risk events.
Data Science Study disciplines that study how Big Data is processed.
Escrow Account A checking account at a Bank in the name of the Operator which
is a deposit and is used for certain purposes, namely the receipt
and disbursement of funds from and to users of information
technology-based money lending services.
Machine Learning A form of artificial intelligence that allows a system to learn from
data rather than from explicit programming processes.
Open Banking A system that provides users with a financial institution data
network through the use of an Application Programming
Interface (API).
Quantum Computing A tool for processing information using the principles of quantum
mechanics.
SIM Swap Fraud method by taking over someone's cellphone number (SIM
Card) by criminals and used as a means to hack someone's
banking account.
Bibliography
Jeník, Ivo, Mark Flaming, and Arisha Salman. 2020. “Inclusive Digital
Banking: Emerging Markets Case Studies.” Consultative Group to
Assist the Poor, World Bank, Washington DC.
Lee, Nicol Turner, Paul Resnick dan Genie Barton. 2019. “Algorithmic
bias detection and mitigation: Best practices and policies to reduce
consumer harms” The Brookings Institution. https://www.brookings.
edu/research/algorithmic-bias-detection-and-mitigation-best-
practices-and-policies-to-reduce-consumer-harms/.
Lim, Tristan, and Patrick Thng. 2021. “Outsourcing Life Cycle Model
for Financial Services in the FinTech Era.” Proceedings of the
International Conference on Industrial Engineering and Operations
Management, pp: 1–11.
Rasmus, Russ Blanchet Max McKinney Jeff. 2020. “The Race for
Digital Operations Transformation: The Time for Experimenting Is
Over.” Accenture, Dublin.
Suh, Bomil, and Ingoo Han. 2003. The Impact of Customer Trust
and Perception of Security Control on the Acceptance of Electronic
Commerce. International Journal of Electronic Commerce/ Spring,
vol. 7 No.3, pp: 135–161.
Wray, Pauline, Ian Loh, Yang Yu, Selin Suntay, Jason Han, and Alex
Walker. 2020. “Southeast Asia: Coming of the Digital Challenger
Banks,” Singapore Fintech Association, BCG, Expand, Finastra.
Editorial Team
COORDINATOR Anung Herlianto E.C. | Head of the Banking Research and Regulation
Department
WRITING TEAM Mohamad Miftah | Tony | Citra Christina | Elsa Ryan Ramdhani
| Muhammad Radhi | Nurani Pertiwi Ekaputri | Aulia Yuliyanti
Wulandari | Aninda Nusratina | Yenny Yorisca