Annual Report 2024 Turning the Dream of Home into a Goal
Download report in PDF

Operational Performance

Information Development

In its development, the Bank pays great attention to information technology support for the activities of its divisions. The Bank is constantly developing its IT infrastructure and automated information system in order to improve its functional and technical capabilities and bring them in line with the requirements of tariff programs, as well as to expand its analytical capabilities.

In information development, the Bank aims to create a dynamic digital bank with an optimal structure of automated business processes, to ensure the implementation of advanced technologies for the development of banking services and innovative banking service systems.

During its development, the Bank solved the following IT tasks successfully and efficiently:

  • Modernization of the IT infrastructure and strengthening the resilience of the Bank’s information systems;
  • Upgrading of computer and peripheral hardware;
  • Development of the Colvir core banking system, including migration to the ISO 20022 standard, data volume optimization in the ABS Colvir database, and implementation of the civil law contracts module;
  • Implementation of a two-factor authentication system for access to information resources and remote employee access;
  • Robotic process automation (RPA);
  • Implementation of endpoint device management systems;
  • Phased licensing of database systems;
  • Implementation of mass incident handling processes in the Service Desk system;
  • Implementation of problem management processes in the Service Desk system;
  • Enhancement of critical system and software monitoring tools.

The Bank continually supports its infrastructure at a modern technological level, ensuring information security while taking into account emerging challenges and threats.

Development of Remote and Alternative Service Channels

In recent years, along with expanding its physical branch and agent networks, the Bank has actively developed modern customer service methods. This includes the advancement of its own digital channels and tools to facilitate the shift of routine transactions to online and mobile platforms. The Bank has worked on enhancing the Baspana real estate portal to meet customer needs for improving housing conditions and to promote partner housing offers and related services such as home renovations. Additionally, it has expanded its online and mobile sales and service channels, reducing branch queues and improving service speed.

As a result, in the reporting period, 78.3 % of transactions were conducted through remote channels. Specifically, 3.4 million transactions (72.3 %) were processed via internet banking, including the Otbasy bank mobile app, and 0.29 million transactions (6 %) were carried out through video banking.

Automation and Business Process Development (IT Infrastructure Reorganization and Ensuring Information System Reliability)

To improve service quality, labor productivity, and decision-making speed while reducing operational risks, the Bank is actively automating its business processes.

Automation covers lending and post-lending operations, deposit and post-deposit operations, customer requests, customer flow and payment monitoring, incoming calls, video services, HR processes, accounting, IT and IT security, report generation, and internal document flow. These processes are regularly assessed and analyzed to remain responsive to market changes.

In 2024, according to the Bank’s Business Process Automation Plan, automation was implemented across digital customer operations, risk management, collateral management, HR, accounting, compliance, reporting, and other areas. The plan was executed in full, achieving 100 % completion.

As part of upgrading the IT infrastructure and ensuring fault tolerance of the Bank’s information systems, the following server equipment was commissioned and the following activities were completed during the reporting year:

  1. Deployment of two high-performance servers (RAM: 4 TB and 2 TB) for the core banking system and critical systems, enhancing performance and reliability.
  2. Installation of 48 drives and one disk array, enabling flexible, reliable, and high-performance enterprise-grade storage solutions. This represents a 10 % infrastructure update.
  3. Deployment of eight hardware-software systems, improving the security, scalability, and performance of business applications, and allowing dynamic task distribution and cross-site server management. Data Center servers can be located hundreds of kilometers apart, using a single platform and managed by a common application. The infrastructure update in this area was 3 %.
  4. Implementation of SD-WAN routers, introducing SD-WAN technology across the branch network. This allowed channel aggregation, intelligent traffic distribution, and cost savings by replacing MPLS lines with broadband internet, ensuring stable performance of business applications even over open networks.
  5. Scheduled updates: 31 % of computers, 22 % of monitors, 10 % of printing equipment, 18 % of uninterruptible power supplies, 48 % of TVs, and 36 % of projectors. As of now, 85 % of the Bank’s computer fleet has been upgraded and remains within its depreciation period (under 5 years). According to the Bank’s IT strategy roadmap, phased annual equipment upgrades are planned.

In 2024, the Bank also continued developing the BPM 2.0 Business Process Management System (hereinafter, BPM 2.0) as part of the phased transition from the previous electronic document management system. This transition was successfully completed by the end of 2024.

Work was carried out on integration with the Open API Platform for exchange of data on customer accounts, on integration of BPM 2.0 with the EDMS of Baiterek NMH JSC in terms of receiving and transmitting correspondence, with the credit history database of the State Credit Bureau JSC for obtaining credit reports. The development of Open API continues in terms of money transfers between Me2Me accounts at different commercial banks, in cooperation with the National Payment Corporation of the National Bank of Kazakhstan. The development of the ODS system continues, and the ODS system has been integrated with the CRM and Baspana platforms.

Implementation and Development of Information Systems

In 2024, as part of the IT development, the Bank initiated and implemented the following projects:

  • Migration to the ISO 20022 standard;
  • Optimization of data volumes in the Colvir core banking database;
  • Implementation of a civil law contracts management module;
  • Robotic process automation (RPA);
  • RPA with OCR integration;
  • Licensing of MS SQL Server database management system;
  • Licensing of Oracle database management system;
  • Modernization of server and network infrastructure;
  • Implementation of mass incident handling processes in the Service Desk system;
  • Implementation of problem management processes in the Service Desk system;
  • Enhancement of critical system and software monitoring tools;
  • Implementation of UEM system;
  • Modernization of computer and peripheral equipment;
  • Development of the Situational Monitoring system;
  • Development of the RPM (Risk and Performance Management) system for non-financial risk oversight;
  • Development of Oracle BI-based data warehouse analytics;
  • Expansion of the internal social network for consultants.

In 2023, the Bank decided to adopt a new technology stack for the Otbasy bank mobile app, transitioning to Flutter. In December 2023, a minimum viable product (MVP) version was released with limited functionality. By December 2024, the app was approved by both PlayMarket and AppStore. In 2024, the Bank fully migrated to the new Mobile Application 2.0, which includes 46 transferred services and several newly implemented features that were not available in the previous version:

  • Prequalification for mortgage loans (with certificate issuance);
  • Mourning theme option (dark memorial theme for the app);
  • Stories and highlights displayed on the main screen;
  • Anti-Fraud system;
  • Open Banking integration

Overall, the Bank demonstrates a relatively high level of digital innovation support, which forms a strong foundation for continued development.

Cybersecurity
Cybersecurity

Ensuring the security of information assets and protecting their confidentiality remain important tasks within the Bank’s operations. The relevance of these tasks is underlined by the need to comply with Resolution No. 832 dated 20 December 2016 of the Government of the Republic of Kazakhstan “Approval of Uniform Requirements in the Field of Information and Communication Technologies and Information Security”, Resolution No. 48 dated 27 March 2018 of the Board of the National Bank of the Republic of Kazakhstan “Approval of Requirements for Information Security of Banks, Branches of Non-Resident Banks of the Republic of Kazakhstan and Organizations Performing Certain Types of Banking Operations, Rules and Terms for Providing Information on Information Security Incidents, Including Information on Violations, Failures in Information Systems”, as well as the need to comply with the requirements of other laws and regulations of the Republic of Kazakhstan and internal regulatory documents of the Holding Company.

The main conceptual directions for strengthening information security are:

  • keeping the base of internal regulatory documents on information security up to date;
  • raising the information security awareness of the Bank’s IT infrastructure users;
  • ensuring compliance with the compliance of the external Regulator;
  • technical support and development of software and hardware measures to ensure information security of the Bank, including the following directions:
    1. Monitoring information security events;
    2. Recording and resolving information security incidents and building a knowledge base on them;
    3. Controlling the circulation of sensitive information (personal data and banking secrecy);
    4. Managing access controls within the Bank’s application systems;
    5. Vulnerability management within the Bank’s IT infrastructure;
    6. Database information protection;
    7. Monitoring privileged access;
    8. Protecting email systems and users while interacting with the Internet;
    9. Safeguarding the Bank’s web and mobile applications;
    10. Multi-layer antivirus protection of the Bank’s IT infrastructure;
    11. Change control on the Bank’s critical hosts and application monitoring.
  • Conducting penetration tests, social engineering and analyzing the source code of the Bank’s critical applications to obtain an outsider’s view of the actual security of the Bank’s assets;
  • Continuously detecting potential threats through automated anomaly detection tools and analyzing suspicious activity for possible incidents;
  • Performing ongoing vulnerability assessments of the Bank’s digital assets using CVE2 and CVE3 standards and in-house specialized systems;
  • Conducting proactive threat hunting and analysis of data to identify risks not covered by current security tools;
  • Implementing information security threat prevention and localization measures;
  • Assigning tasks to relevant Bank’s departments to localize and prevent threats;
  • Analyzing alerts about emerging threats to determine their initial impact and severity.

To maintain cybersecurity, the Bank utilizes data loss prevention (DLP) systems, anti-cyberattack mechanisms, antivirus protections, unauthorized access monitoring tools, copying and modification controls, and more.

The Bank conducts ongoing monitoring of all critical IT systems that store, process, and/or transmit protected information, with the goal of identifying and promptly responding to cybersecurity incidents. In the reporting year, there were zero cases of data leakage and zero fines paid in connection with information security violations.

Moving forward, the Bank will continue to upgrade and configure security systems, and keep its cybersecurity policies, procedures, and infrastructure up to date.

In 2024, the Bank established an Anti-Fraud Unit within the Information Security Department. The main task of this Unit is to protect the Bank and its customers from fraud-related events.

INCIDENTS OF CUSTOMER DATA 0 SECURITY BREACH
0
INCIDENTS OF CUSTOMER DATA 0 SECURITY BREACH

During the reporting period, the Bank implemented and launched the Anti-Fraud system whAnalytics FMS to defend against external threats. Anti-Fraud Unit staff continuously review alerts generated by pre-configured scenarios in the system. Since its industrial deployment, approximately 4,000 alerts have been reviewed (including test and false-positive alerts). Additionally, rule optimization and score threshold calibration were carried out, along with the introduction of 10 new rules aimed at better protecting customers from fraud-related risks.

Simultaneously, the Bank integrated with the Anti-Fraud Center of National Payment Corporation JSC under the National Bank of the Republic of Kazakhstan. To proactively detect fraudulent phishing websites, the Bank also conducted pilot testing of brand protection systems and database protection systems aimed at identifying leaks of customers’ personal data.

To reduce fraud risks, the Anti-Fraud Unit, in collaboration with the Digital Technology Department, implemented the following enhancements to the Bank’s mobile application:

  1. Blocking of screenshots within the app;
  2. Restriction on screen sharing when using third-party apps;
  3. A warning banner about fraud risks displayed during money transfers via the mobile app.

The Anti-Fraud Unit continues to take all necessary actions to ensure the secure operation of the Bank, mitigate both internal and external threats, protect the lawful interests of the Bank and its customers, and strengthen the security of Bank personnel and assets.