Overview

In the midst of increasing digital banking services, cybersecurity and IT risk management have been among the top priorities for governments and regulatory authorities. The changes in the work patterns, and the associated risks arising from those patterns in the last two years have further made the compliance framework more stringent.

The New RBI Mandates on Digital Banking and Cybersecurity

In our earlier blogs, we have discussed how the global regulatory compliances are getting stringent day by day. Recently, the Reserve Bank of India (RBI) announced that it will soon launch a web-based supervisory system that can supervise digital banking and ensure cybersecurity. Most of the nationalized and private banks are finding it challenging to meet the supervisory requirements in the post pandemic period. It is evident that the IT governance standards, access control policies and IT risk assessment procedures are taking priority right at this moment. In order to stay compliant, the RBI has mandated the following:

Verify compliance before investing in new technologies
As per governance standards, the organizations need to form the business model
Standard and strict allocation of risk management team and service assurance team
End-to-end workflow automation system to ensure continuous monitoring
Immediate incident reporting mechanism
Vulnerability remediation through workflow through alerts and notifications against anomalies

From the IT risk management point of view, once the new RBI guidelines are effective, it could be a boon for both national and international banks. Robust IT risk management helps to protect highly sensitive data from various IT risks and threats that prevails in large financial institutions’ IT infrastructure. These threats and risks are continuously evolving in today's dynamic environment as organizations are adopting new technologies for business productivity, scalability and efficiency.

What does the RBI’s New Mandates Imply?

The crux of the matter is the enterprise data, and its security and confidentiality. In the case of financial organizations, maintaining the confidentiality of data is comparatively challenging. The huge amount of data, vast IT infrastructure, and a large number of users that access systems make it very challenging to ensure data security and privacy. What the RBI’s fresh mandates demand is that financial institutions possess the necessary safeguards to securely store, access and process the data. The central bank expects that organizations have explicit policies for people (end-users) and IT processes. Besides, organizations must adopt adequate preventive measures including vulnerability assessment mechanisms to detect anomalies in a timely manner. Compliance with the RBI mandates can ensure data security as on close inspection it is clear that the central bank requires every access to data is authorized, authenticated and documented.

Compliance: Are organizations doing enough?

The RBI has imposed non-compliance penalties worth upto INR two crore on fourteen different banks in a single calendar year of 2021, as per Business Standard. Not just India, the global non-compliance scenario is quite similar. Non-compliance penalties have grown by 23% globally in the post-pandemic time. On closer assessment, it is obvious that abrupt change in the work pattern and fast adoption of new technologies is the main reason behind this.

Conclusion

The banking industry has to stay agile. This industry can never afford to stay stagnant in terms of technological adoption. As a result, a well-communicated IT security policy helps organizations to allocate relevant resources in relevant areas to ensure safe IT operations. It walks hand in hand with business strategy to ensure overall business growth. The new RBI norms are stepping stones towards attaining that ‘growth’.