Col Aryendra Sharma, with decades of military leadership, is redefining security at one of the largest public sector banks
In an era where financial institutions face threats ranging from armed robbery to sophisticated cybercrime, the role of a Chief Security Officer demands more than conventional oversight. At Indian Bank, Colonel Aryendra Sharma (Veteran) brings battlefield experience and strategic acumen to the forefront of banking security. With a decorated 34-year career in the Indian Army and command over sensitive units in J&K and Mumbai, he now leads the charge to safeguard the bank’s vast footprint, spanning urban financial hubs to remote rural outposts.
With a mission to anticipate, mitigate, and respond to evolving threats, Col Sharma shares his insights into Indian Bank’s future-ready security roadmap, the integration of AI, and the cultural shift required to make security a shared responsibility across the organisation and its customers.
“Security is not a one-man job but a collective responsibility. A chain is only as strong as its weakest link.” – Col Aryendra Sharma
Tomorrow’s threats need today’s planning. What does the next-gen security roadmap for the Bank look like, and where are you placing your biggest bets?
The security environment globally is changing at a rapid pace. With the astonishing rate of technological development, threats to financial institutions are increasing manifold. Banks remain a lucrative target for robbers, dacoits, fraudsters, and hackers. To plan for the future, one must visualise the threats and security environment that may prevail in both the short and long term. It will not be purely technology-based or human-led, but rather a unique blend of both.
Banks need to recognise, assess, and anticipate criminal threats to their establishments and develop a roadmap to eliminate or reduce the impact of such threats, should they materialise. This roadmap includes both active and passive strategies based on risk assessment, which varies depending on the asset, location, and type of threat. The most important element in developing a roadmap is identifying vulnerabilities.
In the near future, the Bank’s physical assets will remain the most vulnerable and will require continuous vigilance, both technological and human. Gradually, with a robust technological infrastructure, we will shift from human intervention to a technology-based support system. But overall, the roadmap rests on three pillars: reducing branch and asset vulnerabilities, limiting opportunities for criminals, and increasing awareness and adherence to security management guidelines and advisories.
With a wide national footprint, what unique physical security challenges does the Bank face, particularly in rural or remote branches, and how are these being addressed?
Unlike many private banks, public sector banks (PSBs) have a greater commitment to rural and far-flung areas. Their commitments and assets are proportionately more distributed in challenging and remote areas, where the majority of India’s population resides. To achieve inclusive growth, the Ministry of Finance monitors government-sponsored programmes for farmers, MSMEs, and SHGs (Self Help Groups).
PSBs have a larger footprint in these areas than private banks, and this is where the real test of security lies. The infrastructure in such regions is generally weak and more prone to criminal activity. Law and order are often challenging, with the nearest police stations located miles away. Unreliable networks render alert systems ineffective. Even when alerts are received, delayed police responses give criminals ample time to escape, often into nearby forests.
Given our limited capacity, providing foolproof security for cash and other assets in such areas is challenging. The golden principle here is to maintain minimal cash holdings and ensure regular replenishment, which helps minimise losses in case of any incident. Digital transfers are encouraged, as they are less susceptible to physical theft. Insurance coverage for cash and assets provides adequate contingency support. Emphasis on following SOPs for cash movement, workplace precautions, and regular alarm testing cannot be overstated, they have proven to be highly effective.
Can you walk us through how your security infrastructure adapts to situations like cash movement, ATM safety, and physical audits?
The Bank’s security infrastructure is layered and hierarchical, flowing upward from branches to zones and finally to the Head Office. The Head Office formulates policy and audits its implementation, while the zonal office acts as the executing authority for implementing the security apparatus and ensuring the safety of assets and infrastructure.
The overall infrastructure is a blend of technology, physical fortification, and human oversight. The focus is naturally higher on high-value and vulnerable assets, which drive risk categorisation. An environmental scan of criminal activity in a given area helps in threat identification, enabling prevention and mitigation strategies.
Cash-in-transit is protected by armed guards and centrally monitored at the zonal level. Branches and ATMs are under 24/7 CCTV surveillance with real-time alert systems. These alerts are simultaneously shared with branch officials and the local police control room to deter any attempted intrusion or tampering. Cash and jewellery are stored in reinforced steel/concrete vaults fitted with embedded alarm systems. Overall, the system is designed to be intrusion- and tamper-proof.
Periodic audits by security officers and the inspection team, based on detailed checklists, ensure that the security systems remain functional. A feedback system on compliance and methodology helps eliminate oversights and omissions.
With AI rapidly reshaping how organisations predict, prevent, and respond to threats, are AI and analytics playing a role in the Bank’s security framework for threat detection, fraud prevention, or risk intelligence? If so, how?
AI is a technological revolution impacting all sectors, and banking is no exception. It’s now employed across all aspects, from accounting and decision-making to investments, loan disbursement, and other financial activities. In security, AI has opened new avenues in three core areas: threat detection, mitigation, and response.
Surveillance is the foundation of any security system, and AI has now been integrated into all aspects of surveillance. AI is used not only for identifying threats in real-time but also for automatically generating alerts and communicating with law enforcement authorities. PSBs have deployed AI-enabled surveillance cameras equipped with predictive analytics, facial recognition, and automatic alert systems.
AI has significantly reduced false alarm generation and improved accuracy. Banks are now able to use AI to identify not only physical threats but also incidents such as fires, leading to more efficient resource allocation. Cameras linked with Aadhaar can identify and track individuals, including known criminals, and provide valuable real-time data. Advanced cameras can now detect weapons or firearms and generate alerts autonomously.
AI is proving to be more efficient, cost-effective, and reliable than human surveillance, and banks are adopting it successfully.
Customer trust is foundational to banking. What initiatives have banks taken to raise customer awareness about fraud, impersonation, and phishing?
Incidents of fraud, impersonation, and phishing are rising at an alarming rate. These incidents not only undermine customer trust but can also damage a bank’s reputation. In extreme cases, they can even threaten the survival of a financial institution.
The solution lies in three verticals: technology, people, and processes. Banks must deploy robust technologies with strong firewalls, protective mechanisms, and alert-generation capabilities. However, the most crucial factor is the human one, customers must be educated about preventive measures.
Customer awareness is a major focus for the RBI and all banks. Regular advertisements, SMS messages, and video tutorials are disseminated to raise user awareness. Customers are gradually becoming more adept at identifying fraud and phishing attempts. Banks deserve credit for this effort, as attempted frauds and successful incidents are decreasing over time.
Customers are advised not to engage with unsolicited communications or share sensitive information related to their accounts or cards. Dedicated helplines are prominently displayed, and mobile apps allow customers to monitor account activity and report unauthorised transactions. Banks have also introduced multiple layers of authentication, including dual OTPs and SMS confirmations, to improve customer security.
Nevertheless, the customer remains the most vulnerable link. Without vigilance and adherence to security advisories, they remain exposed to risk. Falling for fake websites, social media impersonations, or fraudulent links can result in the loss of hard-earned money.
The I4C (Indian Cyber Crime Coordination Centre), a Ministry of Home Affairs initiative, allows customers to report online fraud swiftly. Reporting incidents within the “golden hours” dramatically increases the chances of tracking down perpetrators.
What does crisis preparedness look like for a bank of this scale? Could you share an example where the security team had to step in during an unexpected threat or event?
Crisis management is the “master plan” to tackle any situation that may impact the Bank’s financial or reputational standing. We have tailored SOPs to deal with different types of crises, be it business continuity, disaster recovery, integrated risk, or cyber-attacks.
These plans aim to resume business as quickly as possible while maintaining customer trust. In today’s social media-driven world, reputational loss can be more damaging than financial loss. A robust communication framework built on inclusivity, clarity, accuracy, and timeliness ensures that rumours and misinformation are addressed swiftly.
Crises in the past have ranged from burglary, cybercrime, and natural disasters to full-blown war scenarios, as seen during “Operation Sindoor.” PSBs with extensive footprints have comprehensive Business Continuity Plans (BCPs) that include advance planning, crisis impact assessment, continuity strategies, and customer service assurance.
We frequently test these plans to identify gaps and revise them based on real-world feedback. A notable case is “Operation Sindoor,” which involved a war-like situation. Despite the chaos, business continuity was maintained, even at great personal risk to staff. ATMs were stocked, branches remained operational, and digital platforms functioned smoothly, ensuring no disruption to citizens near India’s western borders. Even home delivery of cash was initiated for the elderly and disabled. “Operation Sindoor” stands as a strong testament to our crisis resilience.
Security is not a department, it’s a shared responsibility. How do you embed this mindset across a large, legacy organisation and extend it to your customers as well?
Security is not a one-person job; it’s a collective responsibility. The saying “A chain is only as strong as its weakest link” couldn’t be more applicable. In large organisations like PSBs, security must not be seen as the duty of a single individual or team.
It’s essential to build a culture of awareness, accountability, and collaboration across all departments, including extending this to customers. This is done through customised training programmes, open communication, and embedding security into daily routines and decisions.
Gaining the commitment of top leadership to prioritise security sets the tone across the organisation. Mandatory security training tailored to each role covering physical security, phishing, password management, and data handling helps every employee understand their responsibilities.
Regular updates, internal advisories, and team briefings keep everyone informed. We reward staff who demonstrate a strong security mindset and enforce strict consequences for SOP violations. A zero-tolerance approach to man-made errors drives compliance and mitigates losses.
Cross-functional security teams or councils ensure collaboration and prevent internal conflict. Clear roles and responsibilities are defined across departments, with accessible reporting channels that encourage staff to raise concerns without fear.
We also extend this security culture to customers. We communicate policies transparently via our website, marketing materials, and support centres. We educate them on best practices—like using strong passwords and avoiding phishing traps—and create avenues for them to provide feedback or report concerns.
Ultimately, security is not a silo, it is a mindset. Cultivating situational awareness and responsiveness at all levels transforms security into a shared value, strengthening both the Bank’s posture and customer trust.