BOC Logo

Stakeholder Outcomes

A Digitally Empowered Bank

Chairman

As technology redefines the financial landscape, the Bank of Ceylon's digital transformation agenda aims to enhance efficiency, agility, productivity and customer convenience much like the hexagon an emblem of precision, strength and efficiency. The Bank adopts a structured and strategic approach of integrating digital transformation within its core business operations.

The hexagon, found in nature's most optimised structures, mirrors BOC's commitment to building a seamless, interconnected and highly efficient banking ecosystem.

By leveraging state-of-the-art IT infrastructure, cybersecurity frameworks and customer-centric digital solutions, the Bank's focus is on delivering efficiency, agility and promoting financial inclusion.

Chairman
Chairman

CONTEXT FOR 2024

A significant increase in the adoption of digital banking solutions across all customer segments.
Drive innovation and transformation to stay competitive in the evolving banking industry and to ensure unparalleled customer experience.
The focus on secure, efficient, and inclusive digital services by investing in robust digital infrastructure.
The need for enhanced digital onboarding solutions to streamline customer verification processes and improve accessibility.
Greater focus on enhanced cybersecurity frameworks to mitigate cyber threats and ensure regulatory compliance.
Strategic Pillar

Digital Excellence

BOC’s digital capital strategy is built on the core pillar of “Empowering Customers through Digital Excellence”. The Bank aims to enhance accessibility, security, and efficiency across all digital banking channels, ensuring a seamless banking experience.

Priority Areas
  • ● Customer convenience and accessibility
  • ● Process and infrastructure development
  • ● Strengthening security
PRIORITY AREA: 01

CUSTOMER CONVENIENCE AND ACCESSIBILITY

In today's fast-paced digital era, providing seamless and accessible banking services is critical for customer retention and satisfaction. BOC has committed to enhancing digital convenience by investing in user-friendly banking platforms and expanding its reach across multiple channels. Thereby, the Bank ensures that customers can access financial services anytime, anywhere, with minimal friction.

GRI 2-6
Chairman

Enhancing Existing Channels

The Bank focused on improving its existing channels and platforms to ensure that the customers have access to a superior and seamless experience with every interaction. During the year, the Bank successfully improved its mobile application and expanded its digital ecosystem through new touchpoints.

SmartPay Enhancements: User Interface (UI) revamp, facilitate Lanka Pay Online Payment Platform (LPOPF)/ Government Digital Payment Platform (GDPP), facilitate JustPay Scenarios.
Apply Online: Fully automated workflow for Credit Card Issuing.
Integration of Digital Business Cards: Near-Field Communication (NFC) enabled.
Website and Digital Media Optimisation: Enhancing the Bank's digital presence through an optimised website and digital media strategies, improving customer engagement and lead generation. Search Engine Optimisation (SEO) facilitating accessibility features for differently abled people.
New E-Services: E-Wish, E-Calendar, and E-Booklets for seasonal offers.
Digital Onboarding in 2024:

The Bank implemented digital verification and KYC (Know Your Customer) to accelerate account opening procedures. The 'Apply Online' facility simplifies opening of credit cards, loans and savings accounts ensuring faster approval and accessibility.

During the year 2024, the Bank witnessed a growth in digital adoption levels as shown by the encouraging statistics.

Chairman
PRIORITY AREA: 02

PROCESS AND INFRASTRUCTURE DEVELOPMENT

The backbone of a successful digital banking ecosystem is its operational efficiency and infrastructure. The Bank continuously invests in process optimisation and IT infrastructure development to ensure seamless banking operations. By leveraging automation and technological advancements, the Bank enhances service delivery, reduces turnaround times, and increases overall efficiency.

4.5 million
Papers saved
1,402
Toners saved
1.2 million
CASA opened
364,644
Fixed Deposits opened
98,233
Loans facilitated

Process Improvement Outcomes

Process Improvement Outcome/s Impacted Stakeholders
Workflow automation integration Faster transactions, increased productivity Customers
Employees
Core banking system upgrades Improved reliability and transaction efficiency Customers
Employees
Shareholder and Fund Providers
Apply-Online Loans via Web Faster loan requests and processing Customers
Enhanced cybersecurity measures Strengthened trust and regulatory compliance Customers
Regulators
Customer support implementation Enhanced Customer satisfaction and issue resolution Customers
Employees
PRIORITY AREA: 03

STRENGTHENING SECURITY

In a rapidly evolving digital landscape, security and IT governance form the foundation of sustainable innovation. As the Bank accelerates its digital transformation journey, it adopts a structured approach.

With banking operations becoming increasingly interconnected, robust cybersecurity frameworks, data privacy measures and meticulous IT governance protocols are critical in safeguarding trust. BOC is committed to embedding advanced security mechanisms, and regulatory compliance into its digital ecosystem, ensuring that innovation is built on a foundation of resilience and accountability.

By aligning digital transformation with governance best practices and global security standards, BOC reinforces its position and responsibility as a bank that leverages technology not just for speed and efficiency, but for trust, stability, and long-term sustainability.

Customer Privacy GRI 418-1
No incidents of substantiated complaints concerning breaches of customer privacy took place in 2024.
No identified leaks, thefts or losses of customer data took place during the year.
DATA PROTECTION

As per the Data Protection Act No. 9 of 2022, the Bank's Data Protection Officer (DPO) who reports to the General Manager independently, oversees the implementation and enforcement of data privacy measures to comply with the Data Protection Act in Sri Lanka. The DPO is responsible to develop comprehensive policies and procedures for data handling with the objective of safeguarding customer information. The DPO also conducts regular training and awareness building sessions to the staff on data protection policies to improve data protection. The Bank conducts regular audits and inspections to assess compliance with the regulations and preventing any data breaches. The DPO is also responsible to ensure that there are no privacy violations and data breaches which will erode the confidence and the trust the customers possess in the Bank's operations.

Security Frameworks

To reinforce digital security, the Bank has adopted industry-leading security frameworks and technologies. The following measures have been implemented to safeguard stakeholders by upholding the highest standards of customer trust and confidentiality:

Initiative Outcome/s
Security Information and Event Management (SIEM) and Network Detection and Response (NDR) upgrade ➤➤➤ Enhanced threat detection and response capabilities
Data Loss Protection (DLP) implementation ➤➤➤ Prevention of data leakage and unauthorised access
Advanced threat protection ➤➤➤ Strengthened endpoint and server protection and network security
Deception technology ➤➤➤ Advanced detection and mitigation of cyber threats
External Vulnerability Assessment and Penetration Testing (VAPT) ➤➤➤ Comprehensive identification and reinforcement of security vulnerabilities
Privilege access management ➤➤➤ Secures, controls and monitors privilege accounts to prevent unauthorised access and cyber threats
Intrusion Prevention System and Intrusion Detection System (IPS/IDS) ➤➤➤ Intrusion prevention/detection mechanism to secure the perimeter firewall
Web Application Firewall and Distributed Denial of Services (WAF/DDOS) ➤➤➤ Mitigate using web application from DDOS attacks

The Bank has felt the need for proliferation of IT industry best practices and International Standards into its processes. Towards achieving this objective, the Bank focuses on introducing "Enterprise IT Governance Framework (COBIT 2019)", which will cover:

Quality Management Systems (ISO 9001:2015 Standard)

Service Management System (ISO 20000-1:2018 Standard) IT Infrastructure Library (ITIL) Best practice

Risk Management (ISO 31000:2018 Standard)

Information Security Management System (ISO 27001:2013 Standard)

Project Management Body of Knowledge (PMBOK)

Additionally, the Bank continuously updates its security protocols to address emerging threats. Regular security audits, penetration testing, and employee training programmes help to maintain a strong defence against cyber threats.

Chairman ISACA - Digital Trust Awards 2024

As the employer with the most of ISACA members acknowledging it's community of cybersecurity professionals.

Implementation of best practices aligning with international standards and frameworks

The Bank adheres to global cybersecurity standards and best practices to uphold trust, transparency and confidentiality of the Bank's operations. The Bank's strong IT governance frameworks establish clear policies, robust cybersecurity measures and risk management protocols to protect sensitive information, maintain system integrity and ensure business continuity. IT governance ensures that technology investments align with strategic objectives while safeguarding digital assets and customer trust. It provides a structured approach to decision-making, accountability, and risk mitigation, ensuring that innovation does not come at the cost of security or regulatory compliance.

Cyber threats, data breaches, and regulatory complexities demand a governance model that is proactive, adaptive, and resilient.

Chairman
WAY FORWARD

As BOC looks ahead to 2025 and beyond, the Bank is committed to further strengthening its digital banking ecosystem. Future priorities include:

Embracing AI-driven solutions
Leveraging artificial intelligence for customer assistance, fraud detection, and process automation.
Expanding digital banking services – Broadening access for SMEs and international customers to drive financial inclusion.
Collaborating with fintech companies – Partnering with innovative fintech firms to accelerate digital banking advancements.
Rolling out new initiatives
Introducing solutions like BOC Rewardz Plus, Mini POS systems, and an upgraded mobile banking application to enhance customer engagement.
Enhancing cybersecurity frameworks – Continuing investments in security infrastructure to safeguard against evolving digital threats.
Future-Proofing the Digital Ecosystem - With a commitment to digital excellence, the Bank is poised to lead Sri Lanka's financial sector towards a fully integrated, customer-centric, and secure digital future.