RBI Working Group On Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds

Reserve Bank of India (RBI) has been streamlining the Financial and Banking Sector of India. It is very apparent if we look at the recent Policy Decisions made by RBI from time to time. Although all of these Policy Decisions are good yet one aspect that requires a special mention is the constitution of RBI Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds (Working Group).

The Working Group submitted its report in the recent past upon which public inputs were invited. After analysing the public inputs, the final draft has been recently released and notified by the RBI.

RBI has also directed that all banks would have to create a position of Chief Information Officers (CIOs) as well as Steering Committees on Information Security at the board level at the earliest. This direction was provided through the Information Technology Vision Document for 2011-17 (IT Vision 2011-17) and the recent notification of the draft report. This document has suggested many technological as well as legal reforms for banking sector of India.

Although the direction to have CIOs and Steering Committee is very clear yet till now banks in India has failed to comply with this direction. RBI said that the banks need to ensure implementation of basic IT organisational framework and put in place policies and procedures which do not require extensive budgetary support, infrastructural or technology changes, by October 31, 2011. The rest of the guidelines need to be implemented within period of one year unless a longer time-frame is indicated.

Banks in India need to formulate a Cyber Security Policy as soon as possible. Cyber Security Policy is an issue that is very important for Banks of India. With the growing use of Internet Banking, ATM machines, Credit and Debit Cards, Online Banking, etc, Banks of India must also upgrade their Cyber Security Infrastructure and establish a Cyber Security Policy.

Banks and Financial Institutions must regularly engage in “Forensics Audit” and “Incidence response”. Presently, Banks and Financial Institutions engage in these “Essential Exercises” when something fraudulent or wrong have already taken place. If Banks and Financial Institutions conduct regular Cyber Due Diligence then incidences like Citibank Fraud Case could be minimised.

Perry4Law and Perry4Law’s Techno Legal Base (PTLB) have been analysing these issues for long and they have been providing their suggestions in this regard. We believe that RBI must play a more pro active role in analysing whether its Policies and Recommendations are duly complied with. It seems the Recommendations of the Working Group constituted by RBI have still not been implemented. A “Progress Report” must be sought from Banks of India in this regard by RBI as soon as possible.

Source: ICTPS Blog.