Technology Transformations need Accountability: The IOB-EdgeVerve Incident
The recent failure of Indian Overseas Bank’s new internet banking platform has shaken the financial sector — not just because of the disruption, but because of something far rarer: the bank publicly naming its vendor.
On July 24, IOB went live with a revamped system built by EdgeVerve (an Infosys subsidiary). Within days, customers faced persistent login failures, leading to a rollback to the legacy platform.
In an unusually direct move, IOB issued a statement:
“Due to technical failure of Edgeverve (Infosys)… and their inability to address it timely, we are forced to go back to the old Internet Banking system.”
This is more than a tech failure. It’s a governance failure — and a wake-up call.
What This Reveals About Core Banking Transformation
Despite the surge in digitization, 70% of core banking system transformation projects failto fully meet their objectives.
Why?
Because transformation is often treated as a tech project, not a GRC-driven change initiative (GRC = Governance, Risk and Compliance). The IOB case illustrates wider challenges:
- Inadequate UAT and rollback protocols
- Weak vendor accountability in contracts
- Poor operational risk controls during system cutover
- Minimal business continuity readiness for mission-critical systems
This isn’t an isolated case — it’s a pattern.
The Compliance Cost of Failure
The consequences of such failures go far beyond customer experience. With the RBI’s increasing emphasis on operational resilience and tech risk management, banks face:
- Regulatory scrutiny and penalties
- Damage to trust and credibility
- Long-term reputational erosion
In short, digital transformation without intelligent governance is now a compliance liability.
How We See the Future at WhyMinds
At WhyMinds, we believe the IOB incident marks a paradigm shiftin how financial institutions approach technology risk. Vendor accountability is no longer optional — it must be embedded into the DNA of transformation strategy.
This is exactly why we built RegAhead— our unified GRC and Third-Party Risk platform — to enable proactive, end-to-end governance and intelligence.
🛡️ With RegAhead, institutions can:
- Conduct pre-implementation risk assessments and vendor due diligence
- Monitor compliance in real time across transitions
- Enforce automated, policy-driven controls
- Maintain audit-ready trails for every critical event
It’s not about reacting after failure. It’s about risk-proofing transformation from Day 0.
What’s Next for the Industry?
The IOB-EdgeVerve incident won’t be the last. But it should be the turning point. Boards, regulators, and CXOs will now ask:
“Who owns the risk when transformation fails?”
Those who can confidently answer that question — with visibility, governance, and control — will lead the next chapter of resilient financial innovation.