In fact, cyber due diligence and banking due diligence could have prevented the recent Citibank fraud. The truth is that banks and financial institutions in India are not serious at all regarding cyber due diligence, cyber crimes, financial frauds and cyber security. Till now RBI’s guidelines on steering committee and CIOs have not been fulfilled by banks of India. Even RBI has recently imposed non compliance penalty upon 19 banks of India in another case.
However, despite all these actions, the higher management of banks have not been persuaded to take due diligence seriously. Now RBI has decided to change this position and it has asked banks to seek information from their directors on any adverse strictures passed by financial sector regulators against them.
This means if directors of banks are negligent in meeting various due diligence requirements, statutory obligations, cyber law and cyber security requirements, etc and any stricture is passed against them in this regard that would have to be reported.
RBI has also partially modified the format of “Declaration and Undertaking” prescribed for the purpose of conducting due diligence to determine the “fit and proper” status of directors. Banks should get information whether the director at any time come to the adverse notice of a regulator such as the Securities and Exchange Board of India (SEBI) and the Insurance and Regulatory Development Authority (IRDA) .
Henceforth, banks should obtain declaration and undertaking from existing directors and also persons to be appointed or elected as director. It is not necessary for a candidate to mention about orders and findings by regulators which have been later on reversed or set aside in toto. But they would have to make a mention of the same, in case the reversal and setting aside is on technical reasons like limitation or lack of jurisdiction and not on merit. If the order (of the regulator) is temporarily stayed and the appellate or court proceedings are pending, the same also should be mentioned, RBI added.
This is a good step in the right direction by RBI. This would bring not only discipline among the higher management but would also ensure statutory and due diligence compliances on their behalf.