The CSO of Punjab National Bank on safeguarding customers, assets, and reputation in a digital-first era
As India’s financial landscape undergoes rapid digital transformation, the role of security leaders has never been more critical. In this exclusive conversation with BW Security World, Major Gaurav Pratap Singh Uppal (Retd.), Chief Security Officer of Punjab National Bank, shares his vision, experiences, and strategies for safeguarding one of the country’s largest banking networks while shaping the future of banking security across the industry.
PNB’s scale and diversity present unique challenges. In your view, what does true leadership in security look like in such an environment?
True leadership in security at Punjab National Bank is about foresight, adaptability, and responsibility. With over 10,200 branches and more than 12,000 ATMs across India, our security challenges are multifaceted—ranging from physical security at branches and ATMs, to the rapidly evolving cyber threat landscape, to ensuring compliance and resilience across diverse geographies.
As CSO, leadership means not only managing risks but also creating a culture of security awareness throughout the organisation. It includes the following:
Strategic Vision: Anticipating emerging risks and aligning security strategy with the Bank’s growth and digital transformation journey.
Preparedness: Moving from reactive firefighting to preventive security measures, leveraging technology such as AI-powered cameras, fraud detection tools, and cybersecurity monitoring. Regular fire drills, mock drills are conducted across the branches and administrative offices to test readiness and response time. Employees undergo continuous training and awareness sessions at our institutes, making them a first line of defence.
Holistic Protection: Safeguarding not just physical assets, but also customer data, employee trust, and the bank’s reputation as well.
Collaboration: We work together with cybersecurity, compliance, risk and IT teams of the Bank to build a unified defence-in depth besides working closely with regulators, law enforcement, technology partners, and internal stakeholders to strengthen the overall security ecosystem of the Bank.
Resilience & Adaptability: Building systems and teams that can respond swiftly to crises whether natural disasters, cyberattacks, or fraud attempts—while ensuring uninterrupted banking services. We have Business Continuity plans down till branch level to ensure uninterrupted banking services even during crisis.
Customer-Centric Security: Making sure that our customers feel safe and confident while banking with us, whether at branches, ATMs, or digital platforms. They are educated through various campaigns on safe banking practices.
In essence, true leadership in security at PNB is about balancing vigilance with innovation, ensuring that security is seen as an enabler of trust, efficiency, and sustainable growth to the Bank.
Security in banking often requires continuous learning. How do you and your team stay ahead of emerging threats, compliance mandates, and customer trust challenges?
In today’s banking ecosystem, security is not static-it evolves daily with emerging threats, new regulatory mandates, and rising customer expectations. For us, continuous learning aids the backbone of our security strategy.
Continuous Learning as a Culture: Security is dynamic. We evolve with threats, compliance, and customer needs on a day today basis.
Compliance Alignment, Risk Monitoring & Collaboration across various teams: We align closely with RBI guidelines, internal audits, and international standards. We have a Compliance and Risk Division who work in tandem with the IT Division and Cyber Information Security Division to ensure that every control is updated, tested and reported transparently to our Operational Risk Management Committee/ Risk Management Committee.
Employee Training: For employees, continuous capacity building is the key. We organise regular fire drills, cyber simulations, and mock exercises to keep our teams and employees prepared for evolving challenges. Various Demonstration Centres have been set up at all major training institutes where hands-on training is imparted on various security gadgets and fire equipment so that in case of any emergencies, employees at the branch/ offices are aware of usage of this equipment. Several fire incidents at branches were averted by the staff by timely utilisation of fire extinguishers for which they have also been suitably recognised and awarded by the Bank.
Certifications & Upskilling of Security & Fire Officers: Mandatory certifications and specialised training is organised annually for all Security & Fire Officers. Discussions on emerging modus operandi, Disaster Management, First-Aid, National Building Code, latest equipment, emerging technologies etc are held to keep the specialised officers updated.
Customer Awareness: SMS alerts, workshops, and campaigns against phishing, fraud calls, digital arrest, branch level initiatives etc are organised to ensure safe banking habits. By empowering customers, we extend our security perimeter beyond bank premises. There are rewarding instances where branch staff have saved bank’s customers facing digital arrest etc.
Partnerships with other agencies: We have close engagement with law enforcement agencies till branch level. This engagement is strengthened by our Security and Fire Officers who are deployed across the country.
We have a proactive, resilient, and trusted security ecosystem which safeguards– our staff, our customers and their assets.
How do you see the role of CSOs evolving in the Indian banking landscape, especially with the rapid adoption of digital financial services?
The role of the Chief Security Officer (CSO) in Indian Banking is becoming increasingly pivotal as banks rapidly adopt digital financial services, facing complex cybersecurity and physical threats and demanding new regulatory compliance frameworks.
Shift in Scope: With fast paced digital transformation, role & responsibilities of CSO is undergoing a significant transformation, going beyond physical security of branches/ ATMs to cyber security, fraud prevention, compliance, data privacy.
Digital Transformation and adopting Proactive Approach: With the growth of online banking, digital payments, UPIs and mobile apps, CSOs are now expected to act as strategic leaders who align security with business growth. This means moving beyond a reactive approach to a proactive approach, intelligence-driven model, leveraging AI, analytics, and real time monitoring to detect threats before they escalate.
Resilience and trust: Building a culture of security across employees and customers is as important as deploying advanced technology. CSOs must ensure robust business continuity frameworks, disaster recovery sites and customer awareness programs.
Regulatory alignment: In the Indian context, CSOs also play a crucial role in compliance to RBI guidelines, CERT- In advisories and data protection framework, ensuring that banks stay aligned with evolving regulations. The focus is no longer only on protecting infrastructure but on safeguarding customer data, digital identities and transaction integrity.
CSO is the advisor to the Management and the Board in matters related to Security & Safety but in future, CSO will act as a Chief Trust Officer.
In what ways do you hope to contribute to shaping the larger banking sector’s security practices beyond PNB?
As Chief Security Officer of Punjab National Bank, my role extends beyond safeguarding one institution. I take it as an opportunity to contribute to strengthening the larger security ecosystem of the Indian Banking Sector.
Firstly, collaboration is key. I actively support knowledge sharing platforms with other banks, regulators, and industry forums, so that insights on emerging threats, fraud trends, and best practices can be collectively leveraged. By contributing case studies and learnings from PNB’s vast network, we help raise the overall standard of preparedness across the sector.
Secondly, I believe in driving innovation adoption. PNB has already implemented AI-powered cameras and upgraded CCTV systems from analogue to network-based video recorders. From a security perspective, AI-enabled Centralised Monitoring System will play a pivotal role in strengthening banking security & operational resilience. By integrating surveillance, alarms, access controls into one unified platform, it ensures real time oversight across branches, ATMs and critical infrastructure. Sharing these models and frameworks with peer institutions can accelerate sector-wide adoption of technology-driven security.
Thirdly, the sector benefits when we collectively invest in capacity building. I aim to champion more joint training programs and awareness campaigns with other Banks, not only for employees but also for customers. Building a culture of security at scale will reduce vulnerabilities across the industry.
Additionally, by working closely with RBI, CERT-In, law enforcement agencies, BIS, ISO, I am regularly contributing to support the development of standardised security protocols, compliance frameworks, and response mechanisms that can be uniformly applied across banks.
Ultimately, my contribution will be in shaping a collaborative, resilient, and trust-driven banking security environment, where institutions work as partners rather than in isolation, ensuring that customers feel equally secure across the Indian financial ecosystem.
Could you share some of the key accomplishments during your tenure that you believe have made the most impact?
The key accomplishments during my tenure that I believe have made the most impact are as under: –
Regulatory Compliance & Governance: The various policies and guidelines implemented in my Bank are in full alignment with the regulatory guidelines and frameworks, ensuring zero major compliance gaps.
Technology Upgradation: The physical security infrastructure has been modernised with AI-powered cameras, upgraded CCTV systems, advanced sensors.
Digital Transformation in Security: With the advancement of technology and digital banking, the Security Division has also been introduced with digitalisation for transparent monitoring across branches and faster decision-making.
Threat Detection & Incident Response: Strengthened the services of security & fire safety gadgets across the branches enabling faster threat detection; improved response time and fire-related emergencies through integrated monitoring and SOPs. The deployment of manpower is such that all assets of the Bank are covered.
Business Continuity Planning (BCP): Successfully upgraded Business Continuity Plans from administrative offices till branches, tested resilience through regular mock drills, and ensured uninterrupted banking services during crises.
Employee Training & Capacity Building: Designed and implemented structured training modules, fire drills, mock exercises, and cyber simulations, making employees the first line of defence
Integrated Security Approach: Brought together cybersecurity, IT, risk, and compliance teams into a unified framework, strengthening both efficiency and accountability.
Innovation & Leadership: In the process of adoption of AI, analytics, and digital monitoring tools, setting benchmarks for peer institutions in the sector. I am a member of various national and international committees such as the Bureau of Indian Standards, International Standard Organisation and International Electrotechnical Commission wherein my motive is to contribute in improving the safety and security features of the equipment used in the BFSI sector.
Given the rising frequency of system intrusions and large-scale breaches, what critical reforms should the banking security ecosystem prioritise in the years ahead?
While the industry has witnessed a global rise in system intrusions and large-scale breaches, our bank’s experience has been markedly different. We have been regularly learning from the threats and are able to maintain a strong security posture. This is the outcome of a proactive security culture, robust systems, and continuous upgradation of both technology and processes.
Going forward, the critical reform is not about reacting to incidents, but about staying ahead of evolving threats. Our priority is to further strengthen preventive controls rather than corrective actions. This means deploying AI-powered surveillance systems, behavioural analytics, and advanced firewalls that can neutralise risks before they mature into incidents. The bank is exploring the same for real time monitoring in the branches.
Equally important is ensuring that policies and guidelines remain in full compliance with the regulator while being adaptable to new challenges. We are also investing in the digitalisation of reports and returns, ensuring transparency, speed, and accuracy in monitoring and compliance.
Another key pillar is resilience through Business Continuity Planning (BCP), regular fire drills, cyber mock drills, and disaster recovery exercises ensure uninterrupted services even under extreme scenarios. Alongside, our employee training modules create a vigilant workforce that can prevent and respond effectively to any emerging risk.
Thus, our reform agenda is built on a position of strength. We are not firefighting breaches; instead, we are building a zero-breach environment, where customer trust, regulatory compliance, and technological resilience go hand in hand to set industry benchmarks.
About the Interviewee
Major Gaurav Pratap Singh Uppal (Retd.), a decorated Army veteran (SENA Medal, Chief of Army Staff Commendation), is a distinguished leader having vast experience of more than 27 years in security, risk management, and business resilience. As “Chief Security Officer” of Punjab National Bank, he oversees physical security, fire safety, and crisis preparedness for 100+ high-rises, 10,000+ branches, and 13,000+ ATMs, ensuring seamless operations, regulatory compliance, and institutional security at scale.
A recognised expert in security standardisation, Major Uppal is an Expert Member of Physical Security Equipment Committee under ISO/TC 332, a member of ISO/TC 332/WG-1, IEC/ TC 79/ WG 12, ISO/ IEC JTC/ SC 37 and a Principal Member of BIS Committees on Security Equipment and Electronic Security Systems. His contributions shape global security frameworks, setting industry benchmarks for financial institutions worldwide.
Disclaimer: Views expressed are in individual capacity and must not be treated as employer’s views.
