Reserve Bank of India (RBI) has recently directed that all banks would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest. This has been suggested so that cyber due diligence for banks in India can be ensured.
Few more areas that Indian banks must keep in mind include cyber security due diligence for banks in India, e-discovery for due diligence for banks in India, cyber law compliances, ATM frauds and phishing attacks, etc. However, the big question is are Indian banks ready for cyber due diligence?
As per RBI’s guidelines and recommendations, Indian banks need to ensure implementation of basic organisational framework and put in place policies and procedures which do not require extensive budgetary support, infrastructural or technology changes, by October 31, 2011.
The rest of the guidelines need to be implemented within period of one year unless a longer time-frame is indicated in the RBI’s circular. There are also a few provisions which are recommendatory in nature, implementations of which are left to the discretion of banks.
RBI is becoming more and more serious regarding defaults committed by Indian banks. In the past, RBI imposed penalty upon 19 banks for non compliance of prescribed standards. Similarly, RBI has also directed that any strictures passed against directors of a bank by any financial sector regulators must be reported to it. Non compliance of the recommendations of RBI working group may attract both penalty and strictures.
Banks are required to follow cyber due diligence and cyber security due diligence requirements in their own interests. The sooner it is done the better it would be for all the stakeholders.