In this edition of Banking Frontiers Live, Founder and Publisher Babu Nair engages in a deep and insightful conversation with cybersecurity veteran Sanjay Katkar, co-founder of Quick Heal and the enterprise security brand Seqrite. The dialogue focuses on the emerging landscape shaped by India’s new privacy legislation—the NCPDP/DPD Act—and what it means for banks and financial institutions navigating an increasingly AI-driven world.
Sanjay explains that while the new Privacy Act offers a comprehensive and strengthened regulatory framework, its on-ground implementation will be anything but straightforward for banks. With decades of legacy infrastructure, fragmented applications, and extensive third-party ecosystems, banks handle vast volumes of highly sensitive personal and financial data. Many existing systems were never built with privacy-by-design principles, making compliance tasks such as granular consent management, purpose limitation, data minimization, and controlled data retention extremely challenging. Even with a two-year compliance window, he believes the transformation will take much longer.
Responding to Babu’s questions, Sanjay highlights that a practical approach for banks is a hybrid one—designing privacy-first architecture for all new systems while layering privacy-enhancing tools like consent management modules and data discovery systems on top of legacy platforms. The conversation also delves into AI’s dual role: while it powers innovations in fraud detection, scoring, and automation, it simultaneously increases risks of data misuse, over-collection, and leakage. Banks are therefore experimenting with sanitized data, encrypted training, and AI models with built-in compliance guardrails.
Sanjay concludes by noting that “privacy is the new trust currency,” urging banks to implement NCPDP requirements module-by-module rather than attempting an unrealistic, large-scale overhaul.
