Reserve Bank of India (RBI) has in the past constituted a Working Group on Information Security. The Working Group submitted its initial report a few months back. RBI invited public comments upon that report and after analysing these comments, it issued a “Notification” asking the banks of India to comply with its recommendations.
Multiple deadlines were demarcated by RBI for implementation of its recommendation by banks of India. While not all these recommendations are mandatory some of them are and banks of India must comply with the same till October 31, 2011. These mandatory recommendations pertain to policies and procedures which do not require extensive investment.
For instance, RBI has directed that all banks would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest. This is a policy decision that may be required by RBI to be implemented till October 31, 2011.
However, it seems the recommendations of the RBI have still not been implemented. Till now there are no signs that cyber security of banks has been streamlines. ATM frauds, credit card frauds, phishing frauds, Internet banking frauds, etc are increasing in India. In fact, RBI ombudsman office is flooded with ATM frauds related complaints.
Recently RBI imposed penalty upon 19 banks for non compliance of prescribed standards. Similarly, RBI has also directed that any strictures passed against directors of a bank by any financial sector regulators must be reported to it. Non compliance of the recommendations of RBI Working group may attract both penalty and strictures.
Banks need to adopt techno legal measures to prevent ATM and other similar frauds. Further, cyber due diligence trainings for bank employees can also be beneficial in this regard. Banks must also appoint steering committees and CIOs as soon as possible.
Source: ICTPS Blog.