CBN links improved financial services to IT adoption

Information Technology has fundamentally transformed financial institutions in Nigeria resulting in the evolution of new business architectures and approaches to customer service, enterprise management and regulatory compliance.

This was the submission of the Head, Shared Services, Central Bank of Nigeria, Chris Umeano, to a cross section of senior Information Technology, audit and control executives, predominantly from the banking and IT sectors, at the 60th edition of the Digital Jewels’ Information Value Chain Forum held in Lagos recently.

While making a presentation on ‘Demystifying the CBN IT Standards Blueprint’, Umeano said that IT spend in the Nigerian financial services industry as a proportion of overall operating expenses was quite high and on the increase.

He, however, stated that commensurate value had not been realised from the investments because of several challenges.

According to him, these included complex, duplicate, non-standard and costly processes; non-standard systems and infrastructure; inefficiency of electronic information exchange and data integrity issues.

The CBN officer noted that industry advantage of IT in Nigeria “lags behind global leading practices and is limiting banking operating efficiency, cost effectiveness, regulatory information and risk management practices.”

He explained that in order to address that gap and provide guidelines for application and utilisation of IT, industry IT standards were defined to articulate and provide a point of reference for the utilisation of IT.

Umeano said that prior to the drive by CBN on IT standards, there were no defined IT standards driving interoperability, information exchange, enterprise architecture, and system integration, among others in the industry.

The implications were high cost of integration as banks’ IT infrastructure could not interact with each other or other relevant third parties without the implementation of dedicated interfaces.

“Thus, banks are forced to maintain different interfaces to different service providers thereby increasing cost of service, while interoperability and automation to drive straight through processing cannot be achieved leading to islands of automation but no integration,” he stated.

He further said that quality and maturity of IT could not be ascertained having no reference point to benchmark, while there was poor customer experience in the use of bank’s IT infrastructure due to absence of a minimum IT standards driving governance, service management, and infrastructure and ad-hoc implementation of CBN regulatory policies and plans around IT.

Umeano however pointed out the benefits of IT standards to the industry, which included increased up-time/availability of banks leading to increased cost savings, establishment of a reference point for objective assessment of the IT function leading to improved IT performance measurement, and improved data integrity and electronic information exchange.

The others, he said, “are increased efficiency and productivity of staff due to interoperability of IT systems, business continuity/recovery, reduced risk of prolonged downtimes, and improved data security assurance to customers leading to increased customer confidence.”

He said that Nigeria was not the only country where the Central Bank had to enforce or drive certain IT standards within its local industry. Other countries involved are Australia, Bahamas, Brazil, China, Croatia, Malaysia and the United Kingdom.

The Managing Director and Chief Executive Officer of Digital Jewels Limited, Adedoyin Odunfa, who presented ‘An Industry Status Report’, provided a categorisation of the CBN standards blueprint, indicating standards were certifiable, those yet to be and others that were merely frameworks to which an organisation could not be accredited.

She also provided a cross-referencing of standards to indicate those closely associated and provided guidance on preferred routes to attain certification to multiple standards.

For organisations who have more than two management systems in place, she recommended an integrated approach though the PAS 99, the world’s first specification for integrated management systems.

According to her, it streamlines operational activities, aligns all common standard requirements and cuts the cost of separate audits and administration. Its benefits include less duplication, lower operating costs, simplification and more easy update.

Odunfa said that the global best practice standard certification status for Nigeria as of last month showed that 23 companies were certified with PCIDSS while five others were in progress.

For Information Security Management System (ISO 27001), 20 companies were certified, with another 15 in progress. For Business Continuity Management System (ISO 22301), four companies were certified and another three were in progress.

Five companies were certified with ISO 20000 (IT Service Management), while two were in the process.

For ITIL (IT Infrastructure Library), two companies had evidence of full implementation while one was in the process. No company had evidence of a full implementation of COBIT 5 (Control Objectives for Information and Related Technology) but two were in the process.

However, within the banking sector specifically, for ISO 27001, nine were certified while another five were in progress; ISO 22301 (two and four respectively), ISO 20000 (one and two respectively), ITIL (one fully implemented, one in progress) and COBIT 5 (none fully implemented but one in progress).