We believe cloud works best for recent data, but older data should move back on-prem to control costs: Vivek Dhavale, Equitas Small Finance Bank
Vivek Dhavale, CTO, Equitas Small Finance Bank, has nearly three decades of experience in the IT industry within the banking domain. Over the years, he has witnessed the dramatic transformation of banking technology, from early digitisation efforts to today’s automation and AI-driven innovations. In this interview, Dhavale shares insights on how the roles of CTOs have evolved, the challenges of modernising legacy systems, and the increasing integration of IT with business strategy. He also discusses the practical use of AI in banking processes, cybersecurity investments, cloud versus on-premises storage strategies, and how technology is driving financial inclusion for underserved customers. Finally, he outlines his core focus areas for the year ahead, emphasising automation and security.
You have been in the industry for nearly two decades, you have witnessed the evolution of technology—from digitisation to automation. How do you see the role of CTOs evolving over time?
If you look at how IT has evolved in banks, the shift has been significant. Initially, not all technical professionals transitioned into IT roles. Even CTO positions were often filled based on seniority or promotion, like general managers stepping into the role. But now, the trend is very different. People with real IT experience—whether in consulting, product, or development—are increasingly taking on these roles.
We’re also seeing a clear shift away from heavy reliance on OEMs for core banking or other applications. Organisations are now exploring how to build or customise solutions internally. Even when it comes to adopting new technologies—where ready-made use cases might not exist—they’re experimenting, collaborating with vendors, and innovating on their own.
Core IT is now more deeply integrated with business strategy, which is a very positive sign. I believe this trend will only get stronger in the future.
For banks and established companies, digital transformation can be a complex and demanding process. During your own transformation journey, what challenges did you encounter?
When I moved from the IT industry to a bank, one of the first challenges I faced was around building APIs and launching a mobile banking application for credit cards. The credit card system didn’t support APIs at all. Without APIs, nothing could function in real time. Initially, the only way was to use an app that would collect files and update the legacy system at the end of the day—essentially making everything T-1, with a one-day lag.
To overcome this, we explored the ISO 8583 protocol, which the mainframe-based credit card system supported. We built a logic interface based on ISO 8583 that allowed the mobile banking app to interact directly with the credit card system. Eventually, we built APIs for other core systems as well and achieved integration.
However, the journey took more than a year, even though it could have ideally been completed in six months. But we insisted on building it for real-time operation—rather than settling for a one-day lag—because that was the right long-term approach. Legacy systems always force a choice: either accept the limitations of delayed processing or invest time and money to enable real-time capabilities.
Effective change management is crucial in banking, where long-standing professionals must adapt to digital transformation. What strategies have you implemented to facilitate this shift, and what challenges have arisen in managing cultural change?
No, I don’t think change management has been a major issue. The real challenge was more around collaboration—specifically, finding a common language between IT and the business side of the bank. Translating technology into business requirements and vice versa is where most of the friction comes in.
Often, instead of stating a clear problem, people ask for specific changes—like “I need this field added to this screen”—without explaining the actual need or objective. I always find myself wondering why they’re asking for something so specific. If they could just articulate the problem statement clearly, we’d be in a much better position to offer the right solution and add real value.
So, yes, the biggest hurdle is helping people define the problem itself. Once that’s clear, everything else becomes far more manageable.
Given that clearly defining the problem is often a challenge, how do you see AI fitting into this picture—particularly in helping bridge the gap between business requirements and technical solutions?
AI fits in wherever learning and understanding are essential. In most workplaces, new employees take time—sometimes months—to build working knowledge. That’s where AI can play a crucial role. It can absorb and replicate the collective learnings of multiple people over time, allowing that knowledge to be reused effectively across tasks.
For example, in processes like underwriting, credit analysis, or improving policy decisions, AI can consolidate knowledge from various team members and provide accurate, consistent responses. If someone asks, “Which form do I need to nominate someone?” AI can intelligently guide them by asking relevant follow-up questions—like whether it’s for a savings account or an FD, and whether it’s jointly held—before recommending the correct form or process.
Similarly, in complex cases such as handling deceased customers, where information may be scattered across multiple documents (FDs, loans, etc.), AI can streamline the response. Instead of a person needing to manually check different documents or consult others, AI can instantly identify and deliver the correct process based on the situation.
So, anywhere that requires contextual learning and application of existing knowledge, AI can significantly bridge the gap between business needs and technical execution.
Can you share a use case where you implemented this successfully and achieved a positive outcome?
We’ve been trying to implement the process documentation use case for a while now, but haven’t seen great success yet. It’s not just due to hardware issues—many vendors are still struggling to make the technology truly effective. That said, it remains a top priority for me because it’s one of the simpler use cases. Once that’s in place, I want to explore using it for underwriting and customer service as well.
On the email front, we’re experimenting with how GenAI can help, but there’s still some skepticism. People are unsure whether GenAI should send emails directly or if they should review them first. So currently, even if GenAI drafts a good email, there’s a preference to review it before hitting send.
The goal is to get the process documentation sorted first, then expand from there. I’m hopeful that it won’t require a huge investment just for documentation and email responses, but I’m still evaluating the ROI. If we can crack the underwriting and customer service use cases, I believe the value will be significant.
Storage has evolved from on-prem data centres to cloud adoption, but rising costs are prompting a shift back to on-prem solutions. How do you see the balance between cloud and on-prem storage, and what is the way forward?
Right now, we’re also exploring a similar strategy. Initially, we moved all backups from our data centre to a cloud vendor. But now, for data older than three years, we plan to move it into cold storage and eventually bring it back on-prem. For recent data—say, the past three months to a year—cloud works well because of its elasticity, speed, and efficient data retrieval. But beyond that, there’s no point spending on cloud storage for low-demand data.
We’re also dealing with cost challenges. For instance, there’s a major application we’ve recently adopted on the cloud. As storage and database sizes grow, the costs are rising exponentially. We believe pricing should scale with user growth—not shoot up disproportionately. So, we’re considering monthly purges for older data, moving them back on-prem while continuing to use the application’s features on the cloud.
The idea is to keep active data (up to one or three years old) on the cloud and shift older, inactive data back to the data centre. This hybrid approach helps control costs. But unless cloud providers come up with better pricing strategies, I believe they’ll start feeling the pressure.
The small finance bank ecosystem aims to serve underserved customers. How is technology helping you expand reach and improve financial inclusion?
Technology has helped us significantly. Among our roadmap customers—especially in microfinance—we’ve seen the highest adoption of eKYC and eSign, with over 90–95% uptake. This is particularly impressive given these are tier 3 and tier 4 customers, who in many cases are adopting tech even faster than urban users.
Using digital tools like eKYC and eSign has reduced our dependence on physical agreements, saving both time and effort. While adoption is a bit lower in housing loans, LAP, and vehicle finance, microfinance leads the way. These digital processes have also reduced paperwork and accelerated turnaround times, enabling quicker loan disbursal and better customer service.
Forrester’s 2025 Predictions report estimates cybercrime will cost $12 trillion by 2025. While banks, NBFCs, and companies are heavily investing in AI, do you see security investments keeping pace with other technologies, or is there still a gap in focus?
No, I think security investments are keeping pace with AI adoption and, in some ways, even leading. Security is becoming more predictive by using AI to identify known threats—like man-in-the-middle attacks—by detecting patterns early. This makes AI highly practical and valuable in cybersecurity, often delivering better ROI than other AI use cases, including in banking. From what I’ve seen recently, many companies are doing well and making significant progress in integrating AI into their security measures. So, overall, I don’t see a gap; security is definitely embracing AI strongly.
As we look ahead, what are your core focus areas for this year?
This year, one of my key goals is to implement at least one AI use case. I want to focus on automating as much routine work as possible, especially tasks that require repetitive effort. For example, on the security front, activities like VAPT and frequent server patching are critical to keep our systems secure. Patching 2,000 to 3,000 servers every month or quarter is a huge task, so automating these processes is a major priority for me this year.
