Skip to main content

RBI Mandates IT Services Framework For REs

The new comprehensive master direction on information technology governance, risk, controls and assurance practices to be implemented by Regulated entities (REs) comprising of scheduled commercial banks (excluding regional rural banks); small finance banks; payments banks; NBFCs in top, upper and middle layers; all India financial institutions and credit information companies effective from 1st April 2024 shall facilitate the easy administration of IT and cyber governance and compliance, in place of the prevalent multiple circulars.

REs shall facilitate the easy administration of IT and cyber governance and compliance, in place of the prevalent multiple circulars
REs shall facilitate the easy administration of IT and cyber governance and compliance, in place of the prevalent multiple circulars

In the case of foreign banks, the directions state that they shall be subject to a ‘comply or explain’ approach in terms of the applicability of these Directions and they do not need to constitute any Committees (Board or Executive level) referred in this Master Direction at the branch level. They have been given the flexibility to leverage upon controlling office/ head office/ regional/ zonal Committees for compliance with this Master Direction as long as governance obligations/responsibilities outlined for the prescribed committees are met.

The master direction clearly outlines the role (including authority) of the board of directors, board-level committee and senior management of these REs in discharging their responsibilities to protect the interests of customers. and consolidates and updates the guidelines, instructions and circulars on IT Governance Risk, Controls, Assurance Practices and Business Continuity/ Disaster Recovery Management issued earlier.

The master direction makes it mandatory for the REs to put in place a robust IT Service Management Framework for supporting their information systems and infrastructure to ensure the operational resilience of their entire IT environment (including Disaster Recovery sites). Further its stresses the need to have a documented data migration policy specifying a systematic process for data migration, ensuring data integrity, completeness and consistency. In the wake of cyber and IT fraud, RBI in its master direction has stressed the need for IT applications to have the necessary audit and system logging capability and ability to provide audit trails. Further, in order to strengthen the IT infrastructure, the RBI through its direction highlights the need to adopt internationally accepted and published standards that are not deprecated/ demonstrated to be insecure/ vulnerable and the configurations involved in implementing controls to be compliant with extant laws and regulatory instructions.

While the approval of strategies and policies related to the IT function lies in the hands of the Board, these directions put the responsibility on the CEO to institute effective oversight on the planning and execution of IT Strategy as well as to ensure that cyber security posture of the RE is robust; and overall, IT contributes to productivity, effectiveness and efficiency in business operations. The directions designate a Chief Information Security Officer (CISO) who will be responsible for driving IT/ cyber security, compliance and related regulatory guidelines, and administering policies of the RE.

From a compliance perspective, REs have to ensure that appropriate vendor risk assessment process & controls proportionate to assessed risk & materiality has been put in place. Further, it shall be the responsibility of the REs to maintain an enterprise data dictionary to enable data sharing among applications & information systems

The RBI through this master direction, recognizing the increased relevance of IT infrastructure in the financial services space, has detailed the mandatory implementation and review of the IT systems and applications in order to keep a check on the processes, data security and integrity, disaster recovery management as well as business continuity in order to protect the interest of various stakeholders including customers. The directions mandate the adoption of several procedures and processes like IT Strategic Planning, Service Level Management (SLM), product approval and quality assurance process (for new IT-based business products) in order to ensure that the banking sector delivers secure products and services to its clients. In this era of digitisation and increasing threats, the master direction provides the required structure and procedures to secure banking systems.

Labels:

Comments

Post a Comment

Popular posts from this blog

Khajan Singh Tokas is an Indian Swimmer, Who Remained National Swimming Champion of India

Khajan Singh Tokas is one of the most outstanding swimmers India has ever produced. Born on 6 May 1964, in a small village of Munirka in Delhi, Khajan Singh stands tall in a sport, where mediocrity has been the byword for Indian sportspeople. He is currently working with Central Reserve Police Force (CRPF) and his achievements in swimming are still fresh in the minds of sports enthusiasts of the country. ​ Khajan Singh Tokas  is one of the most outstanding swimmers India has ever produced. He is currently DIG at CRPF. Born on 6 May 1964, in a small village of Munirka in Delhi, Khajan Singh stands tall in a sport, where mediocrity has been the byword for Indian sportspeople. He made a sensational debut in competitive swimming, when he bagged five gold medals at the National School Championships held in 1981-82. While he is currently working with Central Reserve Police Force (CRPF), his achievements in swimming are still fresh in the minds of sports enthusiasts of the country. Khajan...
Post a Comment
Read more

Today in Politics: Modi, Kharge, and Rahul Gandhi Ramp Up Campaigns

As the Lok Sabha elections approach their final phase, political heavyweights are making a strong push in key battlegrounds. Here’s a look at the latest developments in the campaign trail: PM Modi will address a rally in Mathurapur in South 24 Parganas district in West Bengal .Congress leader Rahul Gandhi will address the election rallies in Ludhiana and Patiala in Punjab.  Modi and Kharge in Odisha On Wednesday, Prime Minister Narendra Modi and Congress President Mallikarjun Kharge will intensify their campaigns in Odisha. This comes just before the seventh and final phase of the Lok Sabha polls on June 1. PM Modi will start his day with a rally in Mathurapur, South 24 Parganas district, West Bengal. He will then head to Odisha, where he will address public meetings in Mayurbhanj, Balasore, and Kendrapara. Meanwhile, Kharge will be holding rallies in Balasore and Bhadrak. Voting will take place in six Lok Sabha constituencies and 42 Assembly seats within these constituencies. Rahu...
Post a Comment
Read more

Sudan conflict: Situation 'heartbreaking', says WHO; 61 per cent health facilities closed in Khartoum

In the capital Khartoum, 61 per cent of health facilities are closed, and only 16 per cent are operating as normal. Many patients with chronic diseases are unable to access the health facilities. The Sudanese doctors' union says 13 hospitals nationwide have been shelled and 19 others evacuated since fighting began.  WHO on Wednesday said the bloodshed seen over the past 10 days in Sudan, where people have already suffered so much in recent years, is heartbreaking. In a media briefing, the director general of the World Health Organisation, Tedros Adhanom Ghebreyesus welcomed the ceasefire agreed between the parties. We urge all parties to fully respect it"," he said. Already, the violence has taken a terrible toll on health. On top of the number of deaths and injuries caused by the conflict itself, WHO expects there will be many more deaths due to outbreaks, lack of access to food and water, and disruptions to essential health services, including immunization, Tedros sa...
Post a Comment
Read more