background image

A DIGITALLY EMPOWERED BANK

DIGITAL 

EXCELLENCE

Customer 

convenience and 

accessibility

Process and 

infrastructure 

development

Strengthening 

security

PRIORITY 

AREAS

STRATEGIC 

PILLAR

SDGs 

IMPACTED

MATERIAL 

TOPICS

M1

M2

1,490

digital contact 

points

19%

Virtually enabled 

customers 

46% 

Digital transactions

11%

Increase in 

digital adoption

CONTEXT FOR 2023

LKR 1.4

billion

Invested in

Digitalisation

34%

Digitally enabled 

customers 

• 

The economic crisis led customers and employees to face 
challenges with respect to mobility and accessibility.

• 

A greater focus on resource efficiency and sustainability owing to 
resource shortages and climate change.

• 

With the rise in digitalisation across society, threats to cybersecurity 
remain a key concern across organisations, particularly those with 
access to sensitive information.

• 

An increased need for productivity and automation amid the 
increase in employee migration. 

Digital transformation is an

ongoing process at Bank

of Ceylon, and deeply

entrenched within our

operations and approach

to doing business. Our

digital capabilities enable

us to achieve wide-ranging

outcomes by delivering

convenience and accessibility

to our customers, while

driving increased efficiency,

productivity and responsible

consumption.

background image

Digital 

Onboarding 

in 2023

976,894

Card Users

463,084

Smart 

Passbook 

Holders

425,700

Smart Online 

Banking Users

352,727

Smart Pay Users

Digital products and Services

Online Banking 

platform

International 

payment gateway

Agency Banking

WhatsApp 

Banking

Mobile

Banking 

app

Digital Pass 

Book

Digital fund 

transferring

Online apply 

via web

Cardless 

Withdrawal 

Self service 

banking

Smart 

zones

POS terminal

PRIORITY AREA 01: 

CUSTOMER CONVENIENCE AND ACCESSIBILITY

BoC relies on a versatile range of digital channels and platforms to ensure its customers are able to access key banking functions from 
any location, at any time, with the added benefit of maximising the Bank’s reach across the island.

An Improved 

Customer 

Experience

Enhancing 

Existing 

Channels

Enhancing Existing Channels

The Bank engaged in upgrading and 
improving its channels and platforms to 
ensure its customers receive a seamless, 
integrated and convenient experience 
across every digital interaction.

During the year under review, the 
Bank successfully revamped the BoC 
SmartPay app to improve the overall 
user experience and took further steps 
to initiate the process of revamping the 

Bank’s mobile application and internet 
banking application. The Bank further 
expanded its digital touchpoints during 
the year under review.

New Channel 

Development

BoC Cards

background image

100

The Bank’s website act as 24/7 digital storefront for its vast customer-base from any location. The website was revamped and 
launched during 2023, and includes the following features: 

• 

An enhanced interface and 
significant improvements 
in the presentation of 
information

• 

Available in Tri-lingual 
(English/ Sinhala/ Tamil)

• 

High mobile responsiveness

• 

Accessibility features to 
facilitate the needs of the 
differently-abled aligned 

with CBSL and UN SDGs 
guidelines

• 

Products and services 
linked to the home page to 
improve accessibility

• 

Locally thematic design 
and appearance

• 

Branch network/customer 
touchpoints integrated 
with Google Maps

• 

Interest rate calculation 
for loans and deposit 
build-up through a newly-
introduced calculator

• 

A separate page arranged 
for 'BoC Museum' with 
online reservation forms for 
museum visits

www.boc.lk

A DIGITALLY EMPOWERED BANK

New Channel Development

The Bank continues to take a pioneering role in introducing new developments to the market, and relies on the combined strength 
of its Innovation Lab, Product Development and Business Process Re-engineering Project (BPRP), in addition to the Bank’s Electronic 
Banking and Card Operations Teams.

Available 

Services

Key Benefits

• 

Cash 
withdrawals

• 

Third party 
payments 

• 

Essential and 

convenient  

facility in an 

emergency

• 

Ability to withdraw money even at 
the absence of issued debit card.

Available 

Services

Key Benefits

• 

Credit card balance inquiries

• 

Remittance tracker 

• 

Live Agent Chat

• 

Conventional product related inquiries 

• 

CASA, loans and FD balance inquiry/mini 

statement, etc.

• 

24x7 access 

• 

Secure and 
convenient banking

• 

Financial enquiries 
and other services

• 

Customer support 
availability over Live Chat

• 

Self-registration with NIC 
and mobile number (local 
and foreign)

• 

Non-BoC customers 
also can access services 
like rates, remittance 
tracker, locate near 
by BoC ATM’s and 
branches.

PRIORITY AREA 02: 

PROCESS AND INFRASTRUCTURE 

DEVELOPMENT 

With the objective of increasing 
automation and driving efficiency and 
productivity throughout the Bank’s 
operations, the Bank implemented a 
range of improvements. Overall, the Bank 
automated 28 workflows and engaged 
in upgrading its platforms, of which a 
number of key initiatives are listed below;

background image

PROCESS

IMPROVEMENT

OUTCOME/S

IMPACTED STAKEHOLDERS

Streamlining 
the incident 
response process

Implementing Sri Lanka’s 
first Software Defined Data 
Center (SDDC) with VMWare 

Automation of customer 
related workflows

Automation of routine 
security workflows

Upgrading the Oracle 
Exadata Platform to the 
latest version

Significantly reducing the 
resolution time

Accommodating IFRS systems databases
Improving system performances
Reduction of licensing costs

Reduction in AC, power, space for  
physical servers
Reduction of licensing costs
Improving system performances

Significant reduction of the time taken 
for the processes 
Maintaining a greater level of accuracy
Adhering to the internal and regulatory controls

Reduction in turnaround time

Customers

Customers

Customers

Customers

Customers

Employees

Employees

Employees

Employees

Employees

Regulators

3.9 million

Papers Saved

1,265

Toners saved

365,803

Fixed deposits opened 

1.2 million

CASA opened 

PRIORITY AREA 03: 

STRENGTHENING SECURITY 

The Bank has appointed a Data 
Protection Officer (DPO) to oversee 
compliance with the Data Protection 
Act No. 9 of 2022. At present, the Data 
Protection Officer functions under the 
purview of the Chief Risk Officer.  

BoC Bankpedia 

The Bank further relies on E-learning 
to drive organisational learning, 
and accordingly introduced 
BOC Bankpedia to serve as a 
comprehensive knowledge bank. 
BoC continues to build on its work-
from-home capabilities to ensure 
business continuity and enhance 
productivity even amid disruptions in 
the environment.

The duties of the DPO at the Bank include overseeing the implementation and 
enforcement of data privacy measures to comply with the Data Protection Act 
in Sri Lanka. The DPO is actively involved in activities related to development of 
comprehensive policies and procedures for data handling with the aim of ensuring 
the secure handling of customer information. The DPO is additionally responsible for 
providing ongoing training to staff on data protection practices to improve the data 
protection posture of the Bank and conducts regular audits to assess compliance with 
the requirements specified under the Act. Furthermore, the DPO plays a crucial role in 
investigating and addressing any data breaches or privacy violations promptly, thereby 
upholding trust, transparency, and confidentiality in the Bank's operations.

Owing to the increased threat with respect to cybersecurity and the Bank’s ongoing 
alignment with the newly implemented Data Protection Act, the following steps 
were taken in order to safeguard sensitive information and protect the organisation’s 
stakeholders;

Security 
Frameworks 
at BoC

ISO 27001

ISO 27701

BoC Cyber Security 

Framework developed 

based on NIST Cyber 

Security Framework on 

Critical Infrastructure 

Cyber Security

COBIT 2019 

framework  

(an ISACA

Framework)

57,749

Loans facilitated

OUTCOMES 

OF PROCESSES 

IMPROVEMENTS AND 

COMPLETED WORKFLOWS

background image

A DIGITALLY EMPOWERED BANK

Customer Privacy

 GRI 418-1

No incidents of substantiated 
complaints concerning breaches of 
customer privacy took place during 
2023.

No identified leaks, thefts or losses of 
customer data took place during the 
year.

Activity

Outcome

Deployed an advanced Data Leakage 
Prevention (DLP) solution

Monitoring and preventing unauthorised 
database access

Introducing a collaborative platform

Enabling real-time dissemination of 
information among the security teams

Implementation of deception technologies Misleading and detecting any potential 

attackers

Swift user separation through the 
installation of firewalls

Enhancing data security

Implementation of advanced analytical 
tools

Enabling proactive threat detection and fast 
incident responses

WAY FORWARD

•  Revamping UI/UX interfaces and the user experience across the Bank’s digital 

platforms.

•  Expanding on existing solutions and developing new products to serve corporate 

customers.

•  Developing a strong back-end to stabilise all core solutions and build an 

integrated platform that incorporates the Bank’s key functions.

•  Strengthening security utilising state-of-the-art firewall solutions, and conduct 

continuous upgrades and developments in consultation with industry experts and 
leaders.

•  Utilising straight-through-processing and e-KYC to improve efficiency and 

security.

•  Leveraging AI and data analytics to drive process efficiency and customer service.

Leveraging AI 

and data analytics 

to drive process 

efficiency and 

customer service.

Implementing Best Practices, 

Framework and Standards

As the Bank moves ahead in its 
digitalisation journey, it has recognised 
the value of IT, the management 
of inherent risks and the need for 
regulatory compliance. This requires 
a comprehensive IT governance 
model which consists of the necessary 
leadership, organisational structure 
and processes.  IT governance is a 
crucial aspect of its overall governance 
framework, ensuring that technology 
is effectively leveraged to support 
business objectives while managing 
risks appropriately.

The Bank’s ‘Enterprise IT Governance 
Framework (COBIT 2019)’ includes the 
following standards and best practices 
which are to be implemented:

• 

Quality Management Systems 

(ISO 9001:2015 Standard) 

• 

Service Management System 

(ISO 20000-1:2018 Standard)- IT 

Infrastructure Library (ITIL) Best 

practice

• 

Risk Management (ISO 31000:2018 

Standard)

• 

Information Security Management 

System (ISO 27001:2013 Standard) 

• 

Project Management Body 

of Knowledge (PMBOK)

Effective IT governance requires 
collaboration and coordination across 
different functions, including senior 
management, risk management, 
compliance, and IT teams. It is a 
continuous process of monitoring, 
evaluating, and adapting to changes in 
technology, regulatory landscapes and 
business priorities.