Posted by “Because we don’t see much of players or applications in the market, I don’t have a benchmark or a reference point, wherein I can refer something and build,” says Core Integra’s CIO Sameer Kulkarni. Core Integra is among the leading technology-driven regulatory and compliance solutions providers in India.
Regulatory technology (RegTech) and Compliance are quite new and emerging domains in India. For a country that is undergoing a massive transformation driven by technology and digitalisation. It is very demanding for companies like Core Integra to keep pace with these changes that are constantly coming from the central and different state governments. And it is even more challenging for Sameer Kulkarni to lead the role and position as Core Integra’s CIO.
In this edition of CIO Insights, Core Integra’s CIO Sameer Kulkarni spoke to TechHerald and discussed at length about organisation and its product and solution offerings, the domain of regulatory technology and compliance, and the challenges as CIO to lead IT and serve employees and customers. He also shared insights on data and security policy as well as the adoption of cloud, AI and ML automation and much more.
Edited excerpts …
Q1: As a CIO how do you see the role of IT in your organisation since it is in the space of compliance and regulations?
CIO Sameer Kulkarni: Since we are in the compliance domain, we manage all the regulatory compliance. As a CIO I have to manage all IT compliance of the organisation and that’s the key part of my role. Since we are a national player in the entire regulatory technology (RegTech) domain in the Indian market, as a CIO, the first thing is to ensure that the data is secure and that we need to provide the best solutions in the regulatory technology.
Because we don’t see much of players or applications in the market, I don’t have a benchmark or a reference point, wherein I can refer something and build. Hence, I need to keep looking at new things and start building new things based on the feedback and the requirements from the market. And that is a challenging part of what we have. And with regularly changing IT and other regulatory compliance, being able to stay up-to-date with that, is the major part of my job. Also, I need to keep our organisation as well as the solutions up to the current compliance and that’s the key for me.
Q2: What approach do you have for cloud usage and mobility? How are you leveraging this kind of technology internally and serving customers?
CIO Sameer Kulkarni: We started with a standalone server and systems, and then slowly moved into the AWS Cloud. So all our production environments are in the AWS cloud for all the security reasons, higher uptime and the best technology. Then we started moving into Jio Azure and are the first customer for server implementation on Jio Azure. We are planning to move a few of our new servers into (Jio) Azure so that we can be on the cloud with multiple operators. So at any given point, my clients will have 100% access and 100% uptime.
We implemented our Core Integra IT policy that enabled us to work from anywhere, even before COVID-19. We have implemented security policies. In most of our offices, everything runs on Wi-Fi or wireless technology base. The idea is to have a seamless office so we can serve the customers all the time, with 100% service.
The whole idea is to bring everything to the cloud –the secured cloud. Since we handle most of the secured data for PII data – security is a primary key. The goal is that my employees should be happy to work from anywhere and my client should be in peace of mind that our data is safe with CTRL F or the Core Integra products.
Q3: What sort of security practices or policies internally do you follow in securing data and cloud and would help to reduce breach incidents?
CIO Sameer Kulkarni: We are an ISO 9001 and ISO 27001 2022-certified company and try to adhere to all the policies. For example, none of my products are accessible without a VPN. If you as a client are accessing my application, you can access it sitting in your office with secure designated networks only using your IP, not outside. So, we have a restriction at the user level, not at the organisation level. At the user level, I can restrict who and what kind of data is accessed and track all the data being transferred from the server or within the server and the system also.
For example, we use Bitdefender and Kaspersky to protect us from viruses and malware. Plus, we have a role-based control on the data movement with DLP (data loss prevention). This gives me some comfort zone, but I cannot say that everything I can leave it on technology. Technology can be anything, but users need training. They need to be trained in such a way that they own the responsibilities that I am managing my data and it is someone’s asset.
So for this, we regularly conduct ISO and information security training, quizzes and internal audits. And of course, we have external auditors visiting us regularly, so I cannot say that it is a breach less, but we have fewer breaches. We can say almost towards zero breaches. That’s the policy we follow – it’s a mixture of technology and human resources; and not just technology alone.
Q4: Are your applications available on mobile devices or still accessible on traditional devices like laptops and computers?
CIO Sameer Kulkarni: We are into a kind of hybrid part. Most of our applications are predominately accessible by laptops only because they are heavily processing data. But I can’t ask a CEO or HR Head of the company to log into laptops. They can access dashboards and reports on their phones, where they can see them but will not get the complete data as it is a report. Also, we have restrictions on MAC ID and IMEI numbers that can restrict the access of all these data on their devices.
Our employees don’t have any access to any data on phones, except for senior management people. Other than that, they have to use the laptop as it is someone else asset and data. We implemented mobile security applications and VPN clients. If at all you need to access data on your phone, then enable VPN and access all the data. When we enable VPN it disables all the controls and you cannot download anything, just view everything – so this is how we manage at Core Integra.
Q5: What is the total employee strength and the customer base that you are serving?
CIO Sameer Kulkarni: We cater to 500+ customers across India and around 30+ domains. As a Core Integra, we are into multiple dimensions — we are into staffing also. We have 15,000+ employees, including staffing and core employees are 150. We have a subsidy called Core Integra Global Solutions. It’s a pure technology company, whereas CTRL F is our flagship product and has almost 50 developers, who manage all our internal applications and supports.
Q6: What sort of challenge, do you face as CIO, specifically in the domain of compliance and regulatory technology? How difficult is it to cater to this domain, which is very niche and emerging in India?
CIO Sameer Kulkarni: It is quite challenging. When I say challenging, it is with people’s mindset and the government policies. We deal with regulatory compliance and it changes now and then. So we have a dedicated team that will research and study these new upcoming changes and policies, which the government plans to implement.
So based on that, our subject matter experts provide us inputs which we will implement in our products and Core Integra is also into advisory services for compliance, where we provide advisory services to our clients on the compliance part. This is all about the compliance part. When it comes to technology or people, it is a very niche market. We don’t get people who are very well known to the compliance and who know the tech technology also.
For example, all regulatory compliance is known by all the lawyers and law graduates, but they are not tech-savvy. So somewhere, we balance and train them on the IT part. Take a developer and make him sit with this compliance expert and make the IT people learn about compliance. IT developers don’t understand -what is a pro forma or register or form. But when it comes to a legal person, he knows it is a government document called a register. So these are a few issues we face.
Q7: How large is your core IT team that works on the core technology foundation?
CIO Sameer Kulkarni: We have around 50 plus developers team, multiple product heads and products like the compliance product known as CTRL F – a pure compliance product. Then we have a product called HRM management or claims management. We have an application to manage PF trust ( the exempted PF trust) so we are one of the few players who manage large PF trust. These are the tools, which are available as a product as well as service enablers. So every product is independent and every product is different because compliance for both of them is different from each other.
My teams are divided into verticals based on technologies – some are in .Net, some are in JAVA and some are in a hybrid. Then, we have a common platform wherein we have a team of RPA developers. When it is not possible to build something within the application or cannot connect two things directly, then we pitch it to RPA tools and the RPA team, which will build a bridge for all these, whether it’s a large data possessing or data movement between the two systems, will be built instantly with RPA tools. This is how my teams are spread across.
Q8: How are you driving innovation and experimenting or leveraging the capabilities of new technologies like AI, automation and analytics in your field?
CIO Sameer Kulkarni: It is very important to have AI and ML in our systems. Everything is evolving along that, and the one step before going into all that is automation. So we are doing automation using RPA. We do process automation and build RPA around that, so it will save a lot of time, effort and human error based on the RPA. We are implementing AI / ML-based models which will be coming into the market by mid of the coming financial year where the users can manage many things by themselves and the data can be safely managed and handled without any hassle. ML is very important for us because we are dealing with a very large set of data.
For example, there was a recent case where we did a higher pension scheme. The government announced a higher pension scheme for all pensioners and we had lots of data from 1995 to date. And it’s a good opportunity to build analytics around, to help our customers make decisions on how things move from 1995 to this day and going further. So that helps us in building our set-up. As AI/ ML is everything for the future, so we are trying to implement AI as much as possible into our systems.
We are coming up with our products in a few months which will help our domain people, who can use these systems. When I say our domain, specifically compliance, people at large are not very tech-savvy. So it should be easy to use and understandable by non-techie people. So we are coming up with some things in our products.
These are the compliance domain products and the compliance domain itself is a bit complex. When you say compliance, people get a bit scared and hesitant to get into that. So we have to make these things easy, so people can understand and try to make things uncomplex and are working on those products.
Q10: How do you see the compliance domain from technology and competition per se in the Indian market?
CIO Sameer Kulkarni: When we talk about the competition, we have very few national-level players in the market, in the competition. We have a lot of regional and local competitors, who process, but this is not an organised sector. It is purely an unorganised sector, where we have a lot of opportunities to grow and make life easy with digitalisation. So we have a good scope and a good competition also. Since we have a 500+ customer base, we can implement many of the changes on-demand based on the client’s feedback, which helps us on a large scale.
Q11: Are the offerings available in the English modules, are in vernacular available for your client?
CIO Sameer Kulkarni: To be specific, our products are in English and all the registers are generated bilingual. Based on that particular state, we need to have registers in English as well as in the local language. Based on government policies, many states expect bilingualism, but many are okay with English — so we support both. So it is like a USP for us.
Q12: You mentioned that the compliance and regulation sector is a bit unorganised — so can you explain it?
CIO Sameer Kulkarni: There’s a large organisation, for example, which has a presence in pan India and is trying to manage its compliance. One day, a client gets a notice from the government. Since it remains in that local client office only, the central head office will never know about that until and unless that document comes to the head office.
And in our product, we have a centralised management system, where anything happens in any of their (client) sites — they just have to upload that document in their system. And the central compliance team and legal team, while sitting in the head office will manage it all. They don’t need to be on the spot. They cannot have a compliance team in every office. Many players only know how to manage within the local state or district, they don’t know how it is managed when it is a centralised system. So that is where we play a key role.
Q13: Which are the key IT projects and products in the pipeline going into 2024? As CIO, how are you driving them in terms of tech innovation in the organisation?
CIO Sameer Kulkarni: We are working on a few products. Firstly we are enhancing our products with the latest technologies as much as possible. We are trying to invest in AI-based things that make life easy for people to use. Since we see a large change with all the compliance from the government, we are building agile systems that can adopt the policy the moment it comes into the picture. We can change it so we can make it available for our customers. So that is a key part for us.
Apart from that, we are building a few more regulatory systems on the new reporting system, which the government is expecting on sustainability. At present, such systems are not available in the market. We have RPFs for a few critical processes, where human intervention is not needed so that my human capital can be utilised in better processes. So we are trying to automate things as much as possible and use my human capital on critical and complex applications or projects. So this is our benchmark for the new development.
Q14: Lastly, as ESG has become part of corporate and regulatory reporting, how is the ESG aspect playing out in the corporate sector in India based on your interactions with clients and customers?
CIO Sameer Kulkarni: Many of the organisations are now happy to adopt ESG parts in their corporate strategy. Earlier some people were religiously following it, while others were not following unless asked to do so. But now that trend is changing. People are now going into a more proactive mood, where they are getting all the things done and are happy to explore new products in the market. Earlier compliance was like, if I’m not compliant, will pay the penalty and lose some money. But now it is a brand value.
If I’m not compliant then it may damage my brand value. Now they are taking it as a pride to be compliant and don’t want to see one red tick anywhere on the compliance calendar or table. They want to follow the rules and regulations as much as possible and try to be on the right side of the law to save their brand value and make life easier with the management.
(Watch this entire conversation with Core Integra’s CIO Sameer Kulkarni on TechHerald YouTube channel)