Confidential

SHINE Project
Independent Audit Procurement
March 2023

1
Our Agenda Confidential

Section Topic

01 SHINE Project Background

02 Independent Audit Procurement Plan

 Confidential

01
SHINE Project
Background

3
Key Banking Service Upgrade (1/2)
From
 Kesulitan dalam transformasi digital dan penerapan
Core Banking teknologi baru karena dibangun berdasarkan elemen
teknologi yang sudah ketinggalan zaman
 Arsitektur transportasi yang ada terjalin seperti spageti,
Transportation
sehingga refactoring dan re-arsitektur sangat dibutuhkan
Layer
untuk meningkatkan pemeliharaan.
 Karena DWH saat ini diimplementasikan dengan hanya sekitar
MIS 5% dari data core banking, wawasan yang memadai tentang
manajemen & perilaku pelanggan tidak dapat diperoleh
New Loan  Perbaikan mendasar diperlukan untuk meminimalkan tingkat
Origination & NPL dan meningkatkan transparansi underwriting, credit rating
Admin dan approval
 Tidak dapat mengatasi tren digital karena logika pembayaran &
Payment G/W penyelesaian tersebar di lapisan transportasi yang ada dan
logika bisnis inti perbankan
 Saluran digital terfragmentasi oleh produk dan platform, dan
Digital First siklus perencanaan-pengembangan-pemeliharaan-pensiun
untuk setiap saluran diulangi tanpa perencanaan strategis
 Perlu membangun fungsi manajemen anggaran / pengeluaran /
General Affairs inventaris, dan untuk mengkonsolidasikan pengelolaan aset
tetap duplikat saat ini. sistem ke dalam satu platform
4
>> To
 Masalah terkait G/L dan masalah manajemen akun yang terjadi di
masa lalu dapat diselesaikan dengan cepat dengan
memperkenalkan paket core banking modern
 Transportation layer architecture are standardized through
middleware upgrade and architectural refactoring
 MIS ditingkatkan secara signifikan melalui pengenalan fungsi-
fungsi baru seperti RDM, CRM, audit, profitabilitas dan KPI serta
respons kepatuhan
 Dapat berkontribusi pada mitigasi risiko kredit dan peningkatan
tingkat pemulihan dengan mekanisasi proses penyaringan manual,
evaluasi dan pasca-manajemen
 Untuk peluncuran produk konvergensi digital secara tepat
waktu, pembayaran, persetujuan, respons regulasi, fungsi
rekonsiliasi untuk setiap jaringan pembayaran diintegrasikan
ke dalam satu sistem
 Infrastruktur digital all-in-one digunakan untuk
meminimalkan dampak pada sistem legacy guna
mewujudkan strategi transformasi digital bank secara lebih
aman dan efisien
 Dapatkan visibilitas ke dalam operasi internal melalui
komputerisasi proses pelaksanaan anggaran & pengeluaran,
manajemen inventaris akta, dan manajemen aset tetap
Key Banking Service Upgrade(2/2)
From >> To

 Insufficient software & equipment for centralized  Able to significantly improve service availability and quality by
IT Operation monitoring and control on infrastructure resources introducing a modern ITSM such as “Service Now”

 Able to solve current productivity problems by introducing an

Banking  The fact that 3 different types of terminals are being used in
integrated terminal system with enhanced UI/UX and
Terminal BAU significantly has had an impact on branch productivity
usability having single sign on feature

 Able to attract rich customers by improving outdated card

 No online integration with the existing core banking, and
Credit Card business functions in the package also need improvement
functions through license upgrade, integration with the new core
banking and providing new digital credit card services

 Not enough readiness for professional contact center  Can support customers in cost-effective manner through
Digital
support via video call for large volume of digital on-boarding system integration using API with an Indonesian professional
Contact Center traffic digital contact center in digital era

 Significantly reduce the risk of huge penalty and reputation by

 Not enough readiness for complying to regulations of
AML/FDS supervisory authority on time
introducing agile compliance response systems and a fraud
monitoring system implementation

 Significant improvement on each infra element is required for  Improve availability and quality of banking services through
Infra. S/W
high availability and IT operational efficiency modernization of infrastructure software

Enterprise  Need to provide various authentication methods based on  New authentication systems based on various biometrics such
Authentication FIDO with strong security to attract trend-sensitive customers as fingerprint, iris or face recognition are provided.

5
SHINE Project Implementation Timeline Confidential

6 *subject for discussion

SHINE Project Structure CONFIDENTIAL

NGBS Steering Committee  Oversee and provide guidance

on overall NGBS project
Project Sponsor DPD CIO CFO
CSO COO CCO

IT Planning & Operation

Biz Project Director IT Project Director

IT Development

Governance, Risk
& Compliance External IT Audit
 Independent IT audit for
 Monitor GRC of NGBS project applications needed OJK approval
 Support regulatory review
activities
External
NGBS Biz PM NGBS IT PM
PMO
 Monitor & report overall
NGBS project status,
mainly for IT stream
 Coordination over streams

Biz PMO Biz Requirement IT PMO Infrastructure Core Banking* MIS* Digital*

NGBS TF

MC – PMO MC – Infra. MC – Core Banking MC – MIS MC – Digital

7
 Confidential

02
Independent Audit
Procurement Plan

8
Independent Audit Scope
Scope
1 Independent Review
Review SHINE project’s product
characteristics, documents, process, and
controls and identify any key regulatory
gaps.
Expected Output
• Initial report (findings and
remediation plan)
• Final report after remediation
Vulnerability Assessment (VA) &
2 Penetration Testing (PT)
Perform VAPT to identify and
mitigate cybersecurity threats and
associated risks to the SHINE Project.
Expected Output
• Initial report (findings and
remediation plan)
• Final report after remediation
Confidential
Identified Regulations
No Issuer Document No. Regulation Name
• POJK 11/POJK.03/2022 Implementation of Information
1
• SEOJK No.21/SEOJK.03/ 2017 Technology in Commercial Bank
Management of Digital Banking Services
2 POJK No. 12/POJK.03/2018
by Commercial Banks
Otoritas Jasa
Keuangan (OJK) Implementation of Digital Banking
3 POJK No. 13/POJK.03/2021
Services by Commercial Bank
SEOJK Cyber Security Resilience for
4 SEOJK No. 29/SEOJK.03/2022
Commercial Banks
5 PBI 23/6/PBI/2021 Payment Service Provider
Bank Indonesia (BI)
Management of Payment Transaction
6 PBI No. 22/23/PBI/2020
Processing
Operational provisions for equipment
7 Kominfo Permenkominfo No. 16, 2018 and/or certification telecommunications
device
Note: Should follow updated regulation by authorities, if there’s any
9
Estimated Independent Audit Procurement Timeline Confidential

Mar’23 Apr’23 Mei ’23 Jun’23

Activity Start Date Finish Date
6 13 20 27 3 10 17 24 1 8 15 22 29 5 12 19 26

1 RFI Discussion 15 Mar ‘23 17 Mar ‘23

2 Obtain RFI response 21 Mar ‘23 21 Mar ‘23

3 TOR & RFP Preparation 23 Mar ‘23 30 Mar ‘23

4 TOR & RFP Disbursement 31 Mar ‘23 31 Mar ‘23

5 Aanwijziing 4 Apr ‘23 4 Apr ‘23

6 Proposal Submission 13 Apr ‘23 13 Apr ‘23

7 Presentation & Scoring 17 Apr ‘23 20 Apr ’23

8 Negotiation 27 Apr ‘23 5 Mei ’23

9 CCC & BOD Approval 8 Mei ‘23 31 Mei ‘23

10 Winner Announcement 2 Jun ‘23 2 Jun ‘23

11 SPK Signing 6 Jun ‘23 6 Jun’23

12 Start Working 12 Jun ‘23 12 Jun‘23

10
Contact Person Confidential

Contact Details

Uus Firdaus
IT Planning & Quality Management Manager

+62 812 8011 8811

Uus.firdaus@kbbukopin.com

Rino Susanto
IT Policy Staff

+62 852 1151 2922

rino.susanto@kbbukopin.com

11
Confidential