The bank’s IT-development policy is aimed at improving its banking technologies, and developing, optimising and upgrading its IT systems. The IT Directorate is responsible for development and implementation of the 2019-2020 IT strategy, IT policies, improvement and maintenance of the entire IT infrastructure, software development, deployment and maintenance, i.e. measures intended to support implementation of business initiatives and for compliance with the requirements of the regulator.
The bank is committed to building a failsafe IT infrastructure. As it needs to ensure guaranteed execution and high efficiency of banking and, first and foremost, customer transactions, the main IT infrastructure design criteria are the elimination of Single Points of Failure and the ability to promptly expand IT systems’ processing capacities. The cost efficiency of the created infrastructure is also taken into account.
In order to build a failsafe IT infrastructure, the bank uses a distributed data centre (DDC), enabling it to ensure high efficiency of transaction processing with a strong protection of such transactions against any infrastructure breakdowns. All data centres (DCs) in the DDC are connected by a private network of fibre-optic links (Dark Fiber) via main and back-up, non-overlapping routes. Usage of DDC architecture has increased reliability and scalability of IT infrastructure at acceptable costs, because IT systems in this architecture do not fail (but only become less productive) if one centre fails. Taking into account the projected capacity, the overall productivity would not decrease by more than 10-15% if one data processing centre fails, and the impact would be mainly limited to the least critical systems at the Office Productivity level.
The DDC uses high-tech engineering systems and management utilities to achieve maximum manageability of the sophisticated engineering infrastructure by enabling collection, sorting and circulation of critically important alerts, video surveillance records and other important information, so that the entire picture of the sophisticated engineering infrastructure can be seen from any point of the network.
In terms of improving the IT infrastructure fault tolerance, considerable attention is paid to the practical aspects of ensuring business continuity. During the year, in accordance with the developed plan, the bank performed disaster recovery testing in the data centre of information systems (DR-testing), which was aimed at checking and confirming the target recovery periods set for the relevant categories of system criticalness. In the course of the tests, the employees of the IT Directorate practice switching components of information systems between the nodes of the DDC and recovering systems in conditions close to real ones.
In order to be able to further scale up while increasing the level of security and reliability, the bank launched the concept of using the platforms of commercial operators’ DC that meet Tier 3 requirements as nodes of the bank’s distributed computing centre. In 2019, agreements were concluded with two service providers, whose facilities formed the basis for launching the deployment of additional nodes of the bank’s DDC.
The DDC is operated by a VMware vSphere virtualisation platform. The virtual server farm is based on cloud technologies in the form of a Private Cloud, and forms the bank’s main processing capacity. The VMware High Availability Cluster-based virtualisation increases IT systems reliability, the server utilisation ratio, equipment density and, owing to faster roll-out and greater testing possibilities, accelerates the introduction of new products. This solution also simplified IT infrastructure expenditure planning by unifying processing resources.
As part of the solution to increase the availability of the bank’s business applications, special attention is paid to expanding the coverage and increasing the effectiveness of IT infrastructure monitoring. In 2019, a dedicated competency for the development of this area was created at IT. An architectural concept for building an integrated monitoring system was developed and approved. The architecture of the target system is based, on the one hand, on open source solutions for the technical monitoring of infrastructure components and, on the other, on the productivity monitoring and end-to-end transaction monitoring software of world leaders. In accordance with the approved target architecture, the bank removed monitoring from non-target systems, expanded the number of monitoring metrics, deployed the target technical monitoring architecture and launched pilot operation of end-to-end transaction monitoring solutions.
In the retail block, the bank successfully completed key tasks 1 and 2 of the Collection project priority, which increase collection efficiency, such as through segmentation of overdue loans in the early stages of overdue, automation of debt receipt and repayment in real time. The bank also developed a calculation to incentivise Collection employees, automated the process of forming a portfolio and delivering it to collection agencies at the pre-trial collection stage, and developed and implemented Collection reports to track indicators in real time. Work was successfully completed on the introduction of blocking of all withdrawal operations in the event of an individual’s bankruptcy.
In pursuit of strict control over operational efficiency, the bank’s development strategy requires the maximum use of remote client service systems. To perform transactions and data exchange with the bank, corporate customers use the convenient and constantly improving internet banking system Your Bank Online (YBO).
In 2019, a current account text alert service became available to corporate customers, with which they can quickly receive notifications of cash flows on their accounts. To unify the exchange of financial messages with customers, the international standard ISO20022 is being actively implemented. Customers can now receive statements in the ISO20022 format, and make rouble and foreign currency payments. In 2019, integration with the National Settlement Depository was successfully completed.
Thanks to successful integration with MPS Round, customers can now pay customs payments to companies involved in foreign trade, legal entities and individuals in real time.
In 2019, YBO was successfully connected to the SWIFT Global Payment Innovation (GPI) service to quickly and efficiently manage cross-border payment flows, track fund transfers along the entire chain of correspondent banks thanks to unique transaction numbers, and track payment status and location online.
The bank successfully launched projects to extend the standard and extended business days in roubles, US dollars and euro, and to introduce round-the-clock acceptance of interbank payments.
Relating to the development of the banking platform, in accordance with the regulatory requirements of provisions No. 604-P, 605-P, 606-P of the Central Bank of the Russian Federation, the IFRS 9 objectives for credit, deposit, interbank and securities transactions were implemented in 2019. The improvements ensured the correct recording of these operations on the accounts of book records and the calculation of the necessary indicators in accordance with the regulator’s requirements.
As part of the requirements of Regulation No. 659-P, the objectives of IAS 16 Property, Plant and Equipment in CFT were implemented in 2019. The purpose of the improvements was to prescribe the accounting treatment for property, plant and equipment, including the recognition of assets, the determination of their carrying amounts, and the depreciation charges and impairment losses to be recognised in relation to them.
As the Russian Central Bank’s requirements grow ever tougher, the bank resorted to an industrial solution to ensure advanced environment for AML/CFT, sanction control, FATCA and CRS purposes. The tender was won by AML Adviser, a comprehensive system covering the entire scope of the Compliance Department’s tasks.
The implementation of the AML solution, a customer activity analysis complex, is very important given the substantial expansion of the bank’s customer base and its prospects of further development, especially in the regions. The project started in early 2019 and is to finish in the first half of 2020. It will result in a full package of tools for straightforward and effective compliance with AML/CFT laws and the sanctions regime, and for statutory, FATCA and CRS reporting.
During the year, the bank implemented processes for sanctions screening, FATCA/CRS reporting, and regulatory reporting (under Ordinance 4936-U).
In 2019 many times over and more than doubling their number. In late 2019, the bank deployed a SAS ESP-based platform for launching online marketing campaigns, which will improve the quality and speed of interaction with customers, boost cross-sales and decrease customer outflow. The migration to a cluster solution made SAS RTDM-based automatic loan application processing more failsafe and faster. Pre-scoring of corporate customer applications was established.
The bank is a principal member of Visa, MasterCard, MIR, JCB and UPI and issues a wide range of cards: debit, credit, prepaid and virtual cards, both for the mass and premium segments. To provide a comprehensive and high-quality plastic card service, the bank operates its own processing centre based on the Compass Plus solution. The bank operates its own card personalisation centre to ensure prompt card issuance. State-of-the-art bank card technologies are being actively adopted: Google Pay, Samsung Pay, Apple Pay, Garmin Pay services, and payment rings are all supported.
In 2019, the bank was connected to CBR’s FPS payment system, enabling its customers to transfer funds using telephone numbers as identifiers.
In 2019, the bank actively implemented an IT strategy for approaches to software quality control. New approaches increase the reliability and fault tolerance of application software. In particular, the development of load testing and productivity testing areas is aimed at checking the on-load operation of application software, searching for maximum system productivity, checking the system for increased database volumes, and application software operation on various hardware packages in order to select the optimal level. As part of development of this area, the bank launched a programme to introduce stress testing for key back-office systems.
As part of the tasks to optimise the budget and increase its effectiveness, an End-to-End Analytics system was launched at the end of the year. It analyses the effectiveness of marketing investments based on data that tracks the full path of the customer from viewing an advertisement, visiting the site and ending with sales and repeat sales. The End-to-End Analytics system, when used with Wi-Fi radars and the Dynamic Call Tracking system, will indicate the real costs of each product and each landed customer with breakdown of channel, and the effectiveness of cross-selling. The project is critical for increasing the effectiveness of promotion channels.
The bank pays considerable attention to information security and cyber resilience issues. The most important information security processes are those identifying and remedying both purely technical vulnerabilities of information systems and logical vulnerabilities affecting customer service processes and products. The following threat prevention projects were initiated and successfully completed:
- A next-generation firewall as a basic element of protection against external attacks;
- A solution to counter targeted attacks which use malicious email messages or malicious sites, which, in turn, use 0-day vulnerability and are not detected by standard protection tools, for example, antiviruses. The system rebuffed more than 650 targeted attacks;
- A fraud monitoring system for remote banking;
- A staff training system that simulates mailing of malicious file attachments and phishing links and automatically starts testing if employees open such attachments or enter their passwords on linked websites;
- An anti-fraud system for detecting abnormal and illegal payments transmitted to the Bank of Russia or SWIFT;
- Systems searching confidential information in databases, network folders and workstations;
- A data loss prevention (DLP) system to monitor and prevent attempted theft of confidential information of the bank and its customers.
As part of the system of protection against external and hacker attacks, the bank launched a project to protect its web applications. To protect its ATMs and payment terminals, the bank launched a project to create an isolated software environment for them.
Based on 2019 results, the quality of the information security services was confirmed by audits for compliance with the PCI DSS and the SWIFT Customer Security Programme.