Nobody is disclosing the price tag, but last month diversified conglomerate Kanbawza Group no doubt pleased Bill Gates when it announced the biggest reported purchase of Microsoft systems and services in Myanmar.
Myanmar has long been notorious for the widespread commercial and personal use of cheap pirated software.
The September 18 deal with Microsoft involves KBZ Bank but will eventually cover all of the Kanbawza Group’s companies, which have interests in insurance, aviation, manufacturing, real estate, trading, tourism and healthcare.
It’s not just about getting good software.
Stephane Lamoureux, director of Group IT at KBZ, said the Microsoft deal was just a small step in a much bigger project to upgrade KBZ Bank’s operations and make them compliant with international banking standards and regulations.
Support more independent journalism like this. Sign up to be a Frontier member.
“One of the first things I started here was a compliance program,” said Mr Lamoureux, who took up his IT post at KBZ in December and is no stranger to compliance in the banking sector. He helped to establish international standard systems at the Paris-based Bred Bank’s operations in Asia before he moved to Yangon from Bangkok. “It’s all about compliance. Unfortunately, in the very mature markets, compliance essentially runs the banks,” Mr Lamoureux said.
Compliance means meeting some of the stringent security and internal control standards imposed by governments on American and European banks in the wake of the war on terrorism and the 2008 financial crisis, which was blamed in part on lax financial sector regulations.
Among the certificates banks need to demonstrate compliance with international security standards are PCIDSS and ISO 27001.
PCIDSS (Payment Card Industry – Data Security Standard) sets guidelines and a framework for securing credit card payments and data, such as stipulating requirements for personal individual numbers (PIN) terminals. ISO 27001 (International Organization for Standardization) 27001 is essentially about access to security data
“Part of the PCIDSS and ISO 27001 requires the organization to have only legal and certified licensing,” said Mr Lamoureux, referring to the Microsoft purchase. The bank’s first step will be to get rid of unlicensed software in PCs at its branches throughout the country and replace it with the real McCoy. The KBZ/Microsoft IT teams face a huge task. KBZ, the largest privately-owned bank in Myanmar, boasts 350 branches and sub-branches nationwide, up 60 percent from the 215 outlets it claimed in mid-2014. The upgrade will take about a year and involve the installation of the Microsoft SQL Server 2012, Windows Server 2012 and System Center 2012 systems.
KBZ Bank’s deal with Microsoft came in anticipation of stricter laws and regulations against pirated software. Such regulations apply in such neighbouring countries as Thailand and Singapore.
As Myanmar’s business relations warm with the United States and Europe, pressure is likely to mount on the government to provide more protection for intellectual property rights, a battle in which Microsoft is often at the forefront. “There are limited regulations when it comes to data protection,” Mr Lamoureux said. “But it is coming and once they are in place we will be ready.”
Other than making them “legit,” the Microsoft software will allow KBZ Bank branches to hold video conferences via Skype and to strengthen internal security. The software allows the bank to control access to bank data, including limiting access to some employees and managers, depending on their seniority. Most security problems come from within, said Mr Lamoureux. “Everything is centralised, all passwords, all user names, so you have control over access to your network.”
An important goal for KBZ Bank is the message the Microsoft move sends to the international banking community.
“It’s to show that we are following international standards and that we can work with global banks,” Mr Lamoureux said. The development is also a good one for Microsoft, he acknowledged. “We are the biggest bank in the country and need to lead by example. We are opening the door (for Microsoft) to the rest of the market.”
Having legitimate and up-to-date software will also help KBZ move into e-banking, arguably the wave of the future in a country where access to bank branches is limited but mobile phones are quickly penetrating the market.
Some sources estimate that only 5 percent of the population has bank accounts, a legacy of demonetisations, economic mismanagement and the banking crisis of 2003. Most Myanmar banks have fewer than 100 branches throughout the country and they tend to be concentrated in urban centres or border trading towns.
“The challenge we have in Myanmar is the banks are many years behind so they are having to build really fast, and if you look at the technology you have a lot of people going from simple landlines, if they have one, straight to smart phones,” Mr Lamoureux said.
“They are not going to a PC to do their internet banking, they are going straight to a smart phone, so having a mobile financial strategy in the future will be critical,” he said.
Offering internet banking will attract more customers.
“You will have to open other channels and that is where your mobile channel, and your internet channel come in,” said Mr Lamoureux, adding that the mobile banking penetration level in Singapore is 45 percent. KBZ Bank has sent itself a more manageable target: 20 percent of its customer base.
