This topic covers how the day-to-day work in a bank branch is actually done using the Core Banking Solution (CBS) software. It’s about the practical side of using the technology we discussed in the last topic.
The CBS Environment: Key Concepts
The CBS environment is built on a few core principles that change how banking operations are conducted.
1. Centralised Data and Real-Time Updates
- All data is stored in one central server.
- Every transaction, whether done at a branch, ATM, or via mobile banking, is updated in the central database instantly.
- This means the bank has a single, up-to-the-minute view of every customer’s account.
2. The Customer ID (CIF ID)
- In a CBS, every customer is identified by a unique number, usually called the Customer Identification File (CIF) ID.
- All accounts of a single customer (savings, fixed deposits, loans) are linked to this one Customer ID.
- This provides a 360-degree view of the customer’s relationship with the bank.
3. The Maker-Checker Concept
- This is a critical operational control and security feature within the CBS. It’s also known as the Four-Eyes Principle.
- What it is: For every transaction or data entry, two different individuals are required to complete it.
- The Maker: The first user who enters the transaction data.
- The Checker: A second, more senior user who verifies and authorises the transaction entered by the maker.
- Purpose: To prevent unauthorised transactions and reduce the risk of clerical errors.
- Example: A junior cashier (Maker) enters the details for a high-value RTGS transfer. The transaction is saved but not processed. The branch manager (Checker) then logs in, verifies the details, and authorises the transaction, only after which the money is sent.
Key Banking Operations in a CBS Environment
1. Account Opening
- The customer’s details are first entered to create a unique Customer ID.
- Once the Customer ID is created, different types of accounts (Savings, Current, FD) can be opened and linked to it.
2. Transaction Processing
- Every transaction, whether a cash deposit, withdrawal, or fund transfer, is posted in the system in real-time.
- The CBS automatically calculates interest, deducts charges, and updates the account balance instantly.
3. End of Day (EOD) and Beginning of Day (BOD)
- EOD: At the end of the business day, branches run an End of Day (EOD) process in the CBS.
- This process consolidates all the transactions for the day, generates reports, and prepares the system for the next day.
- BOD: The Beginning of Day (BOD) process is run the next morning to start a new business day.
4. Data Centre and Disaster Recovery Centre
- Data Centre (DC): This is the central, highly secure location where the bank’s main servers and databases are housed. All CBS operations run from here.
- Disaster Recovery Centre (DRC): This is a backup site, located in a different geographical location from the main Data Centre.
- If a disaster (like a fire or earthquake) affects the main Data Centre, the bank can switch its operations to the DRC to ensure that banking services continue without interruption. This is a key part of the bank’s Business Continuity Plan (BCP).
A Business Continuity Plan (BCP) is a comprehensive plan that outlines the procedures a bank will follow to ensure that its critical business functions can continue to operate during and after a disaster or an unexpected disruption.
- Simple Meaning: It’s the bank’s “Plan B” or emergency plan.
- Main Goal: To minimize the impact of a disaster on the bank’s operations, customers, and reputation.
Key Components of a BCP in a CBS Environment
The BCP for a modern bank is heavily focused on its IT infrastructure.
1. Data Centre (DC)
The primary site where the bank’s central servers, databases, and other critical IT equipment are located. All the bank’s daily operations run from the DC.
- Feature: It is a highly secure, state-of-the-art facility.
2. Disaster Recovery Centre (DRC)
A backup site that mirrors the critical functions of the primary Data Centre.
- Location: The DRC is located in a different seismic zone or geographical area from the DC to ensure that a single disaster (like an earthquake or flood) cannot affect both sites.
- Purpose: If the main Data Centre fails, the bank can switch its operations to the DRC to continue its business.
3. Key BCP Metrics
These two terms define how quickly and effectively a bank must recover.
| Metric | Recovery Point Objective (RPO) | Recovery Time Objective (RTO) |
| What it is | The maximum acceptable amount of data loss measured in time. | The maximum acceptable amount of downtime after a disaster. |
| Simple Meaning | It answers the question: “How much data can we afford to lose?” | It answers the question: “How quickly must we be back up and running?” |
| Example | If a bank’s RPO is 15 minutes, it means it cannot lose more than 15 minutes worth of transaction data. Data must be backed up at least every 15 minutes. | If a bank’s RTO is 2 hours, it means all critical operations must be restored at the DRC within 2 hours of the disaster. |
How a BCP Works: A Real-Life Example
- Scenario: A major fire breaks out at the bank’s primary Data Centre (DC) in Mumbai, causing a complete shutdown of all systems.
- BCP Activation:
- The bank immediately declares a disaster and activates its BCP.
- The IT team initiates the “Failover” process. This means switching all banking operations from the failed DC in Mumbai to the Disaster Recovery Centre (DRC), which might be located in a safe place like Hyderabad.
- Because the bank’s data was being continuously replicated (copied) to the DRC, very little data is lost (meeting the RPO).
- Within a couple of hours (meeting the RTO), the DRC becomes the new live site.
- Result: The bank’s core banking system, ATMs, and online services are back up and running. Customers can continue their transactions with minimal disruption.
Key RBI Guidelines for BCP
1. Board-Approved Policy
- Every bank must have a BCP policy that is approved by its Board of Directors.
- The board is responsible for the overall oversight of the BCP.
2. Data Centre (DC) and Disaster Recovery Centre (DRC)
- Banks are required to have a primary Data Centre (DC) and a Disaster Recovery Centre (DRC).
- The DRC must be located in a different seismic zone from the DC to avoid a single disaster affecting both sites.
- The infrastructure (hardware, software, networking) at the DRC should be equivalent to the DC to ensure it can handle the full operational load.
3. Recovery Objectives (RTO and RPO)
- The RBI has set specific recovery time targets that banks must meet.
- Recovery Time Objective (RTO): For critical systems, the RTO should be a maximum of 2 to 4 hours. This means the bank must restore its critical services at the DRC within this timeframe.
- Recovery Point Objective (RPO): The RPO should be 15 minutes or less. This means the bank cannot afford to lose more than 15 minutes of transaction data.
4. Regular Drills and Testing
- Banks cannot just have a BCP on paper; they must test it regularly.
- They are required to conduct quarterly drills by switching their operations from the DC to the DRC.
- At least once a year, they must conduct a full-scale drill by running all operations from the DRC for a few days to ensure its readiness.
5. Communication Strategy
- The BCP must include a clear communication plan to inform customers, regulators (like the RBI), and other stakeholders during a disruption.
Summary of RBI Guidelines
| Guideline | RBI Mandate |
| BCP Policy | Must be approved by the bank’s Board of Directors. |
| DR Location | Must be in a different seismic zone from the DC. |
| RTO (Downtime) | Maximum of 2-4 hours for critical systems. |
| RPO (Data Loss) | Maximum of 15 minutes. |
| Testing | Quarterly drills are mandatory. |
Summary
Operating in a CBS environment means working with a centralized, real-time system. The unique Customer ID is the foundation for all customer relationships. Daily operations are governed by strict security protocols like the Maker-Checker concept to prevent errors and fraud. Key processes like EOD are automated to ensure data integrity. The entire system is supported by a robust infrastructure of a primary Data Centre (DC) and a backup Disaster Recovery Centre (DRC) to guarantee uninterrupted service.
Quick Revision Points
- CBS Environment: Centralized and Real-Time.
- Customer ID (CIF): The unique identifier for each customer. Provides a 360-degree view.
- Maker-Checker: The Four-Eyes Principle. A security process where one person enters and a second person authorizes a transaction.
- EOD/BOD: Automated processes to close and open the business day.
- Data Centre (DC): The main location of the central servers.
- Disaster Recovery Centre (DRC): The backup site for business continuity.