Cyber Security and concept of bad bank?



The Idea of bad bank in India

Indian banking sector is back in national and international news, but for all the wrong causes. Bank and financial Institutions (FIs) across the world are reeling under huge financial stress due to some bad loans and default by various borrowers, especially by big borrowers. The supreme court of India has also highlighted this issue by asking RBI to reveal the name of 57 big defaulters, with their total debt amounting of Rs. 85000 crores.

To address the issue of NPAs and to ease the Financial burden of Bank and Financial Institutions across India, the Ministry of finance in Consultation with RBI has proposed an idea of setting up of a Bad Bank which will exclusively deal with the problem of NPAs.

Concept of Bad Bank

The concept of Bad Bank was pioneered at the mellon Bank in 1988 (Now merged with Bank of New york) in response to problems in the bank’s commercial real-state portfolio. The concept of Bad Bank also applied in previous banking crises in Sweden, France and Germany in the early 1990s.

A “Bad Bank” is a bank or some type of Financial Institution that buys and holds all the “bad” or toxic assets from bank and financial Institutions which have stopped earning interest. Such bad loans are then sold to the highest bidder in the market. Bad bank when backed by the government, gains creditworthiness and reliability among investors thereby attracting them to invest in such schemes. It will buy NPAs from banks and FIs to free up their stressed balance sheet. It will further help bank and FIs in creating space for fresh lending which will eventually help them in asset creation thereby mobilizing economy.

What is the modus operandi of such Bad Bank?

  1. They can try to seize the assets pledged by the borrower and sell them in the market. This may incur losses on such loans as the assets have to sold at huge discount.
  2. Under the RBI’s Strategic Debt Restructuring (SDR) scheme, they can covert their loans into equity, acquire a majority stake in the firms, dislodge the promoters or management and bring in new promoters and management. However, Indian Banks lack experience and expertise in running businesses and management till such time as new promoters are found.
  3. Banks can restructure the loans for the borrowers. This involves stretching out the period of payment, or waiving  a portion of the loans, or reducing interest rate on loans, or some combination of these. Such restructuring often results in loss to the bank. However, in such restructuring schemes, PSBs may be accused of favouring certain borrowers which may invite action from investigating agencies. This will further lead to paralysis in functioning of such banks.
  4. Banks can sell their NPAs at a discount to an Asset Restructuring Company (ARC). This again involves a significant loss on loans when the transaction is made but it has the benefit of getting NPAs off the books.

What are the various issues in selling NPAs to bad Bank?

If the private investors have majority stake in bad bank, then they will try to Buy NPAs from PSBs at least possible rate. In such scenario, PSBs may be accused of selling loans too cheaply to private players in the market. Loans granted by PSBs to various investors have become NPAs. Some of these NPAs belong to viable projects and some to non-viable projects. Viable projects are those which are sruck at different stage of clearance due to external factors totally unrelated to the project themselves like problem in land acquisition, environmental clearance etc. with restructuring and additional funding, viable projects can be completed. It will ease up the financial pressure  on banks and allow credit expansion and growth. Bad bank should mostly be confined to non-viable projects whose economic feasibility and returns seems impossible.

Will bad bank make the PSBs look good?

The bad bank proposal is a variant of the 4th option. The Idea is to transfer NPAs of bank to the bad bank for further conversion into performing assets. The bad bank will manage these NPAs as per need. some may be liquidated, some way be restructured and others may be sold off at discounted rates.


Getting NPAs off the books will ease bank’s routine work and also help them attract new business instead of focusing on recoveries which will be done by such bad bank. However, if bad bank is set up as another government owned bank, then it will amount to transferring the problem from one part of the government to another.

Bad bank will be subject to the same regulations and constraints with respect to managing. NPAs and may encounter same hindrances in its operations as faced by other government sector bank. Also, a government entity may not be very willing to hire specialists from the market.

Way forward

The issue of bad loan or NPAs should be addressed structurally as the problem has various dimensions. Procedural actions to grant loans and their recovery should be taken in clear and strict terms as codified, and without discriminating between various stakeholders in the market. There shall not be any special favour either in granting loans or in their recovery to corporates or Industries taking bigger loans (running into thousands of crores) as compared to individuals or farmers taking meager loans for their day to day activity. Many industries and corporates are given loans based on their brand value or trademark which acts as their collateral. These practices are economically unsustainable because in case of default, the brand value itself takes a dip when an industry is reeling under huge losses.

Resolution of bad loans and restoring the health of PSBs is among the biggest challenges the economy faces today. it’s a challenge that requires a response on multiple fronts. The idea is to convert the NPAs to ‘Performing assets” for which pillars of sound banking finance needs to be strengthened. A bad bank is definitely one of the solution, but not the only solution to achieve desired result.

Security Breach at the Indian banks

Cyber security has been identified as one of the key areas of development, but the recent data breach at 19 Indian banks that led to more than 32 lakh debit cards being blocked or recalled is a wake-up call for the banking industries.

The probe by National Payments Corporation of India (NPCI) found a malware-induced security branch (detected in yes Bank, India’s fifth-largest private sector bank), in the systems operated by Japanese firm “Hitachi Payment Services”, which provides ATMs, point of sale and other services in India.

Malware is malicious software including viruses, worms, trojans, ransomware, spyware and other programmes that damages computer system at ATM or bank server, and allows fraudsters to access confidential debit card data.

Other ATM Frauds: such as “Card swapping” (at merchant establishments), keypad jamming at ATM centers (by blocking enter and cancel button) and Skimming (device is planted in the ATM’s debit card slot, which is able to read the information on the card’s magnetic tape) are the other common practices.

Liability: According to the RBI’s draft circular on customer protection, a customer is not liable for a 3rd party branch, or where negligence or fraud is on the part of bank, if the customer informs the bank about the fraud within 3 working days of after receiving a communication from the bank on any unauthorized transaction.

What are the step taken by Government Of India?

Since most of the cards at risk are not chip-based, banks are planning to replace them with chip-based ones. The Council of payment card industry data security standard (PCIDSS), an international body that sets data security standard, has ordered a forensic audit of the data branch in India.

Banks has issues Do’s and Don’ts instruction for customers, such as don’t share or disclose PIN to other, Check transaction alert SMSs and bank statements frequently etc.

Recently, RBI issued instruction on a cyber-security framework in banks, asking them to put in place :

  1. Board-approved cyber security policy
  2. Prepare a cyber-crisis management plan
  3. Make arrangement for continuous surveillance
  4. The cicular also asked bank to share unusual cyber security incidents with RBI.

RBI has setup an expert panel on IT Examination and cyber security incidents in banks cyber security initiatives. Computer Emergency Response Team (CERT-In) is also working closely with the reserve bank of India to enhance financial sector security.

A Cyber security task Force is launched by National Association of Software and Services Companies (NASSCOM) and Data Security  Council of India (DSCI). The aim of task force is to build India as a global hub for providing cyber security solutions, developing cyber security research & Development (R&D) plan and develop a skilled workforce of cyber security experts.

Our Research Analysis

On the one hand, Digital India program and cashless economy is a priority for government where as On the other hand, it is full of challenges for the cyber security and Internal Security of India?

We believe that, A safe and secure banking system is vital for Development, prosperity and economic growth and the sector is being called upon to ensure effective management of the threat. So, there is a need for banks to start educating their employees and customers to prevent the cyber threats.

A successful online attack could causes significant financial, operational and reputational harm to firms, as well as potentially threatening the stability of the financial system. Whilst Bank have developed some of the most sophisticated risk mitigation capabilities, the threats are evolving rapidly and often have international dimensions.

Thus, a genuinely strategic approach at all level i.e. Individual staff, customer, organizational, National and International level is needed to overcome these kind of challenges.


One thought on “Cyber Security and concept of bad bank?

Leave a Reply