Thursday, March 1, 2012

RBI Warned Indian Banks For Inadequate Cyber Security

The Reserve Bank of India (RBI) has been issuing various directions and recommendations from time to time to strengthen cyber security of banks operating in India. Further, RBI has also prescribed a cyber due diligence for Indian banks. However, Indian banks are not following the directions of RBI in this regard and a majority of banks in India still do not have a well defined cyber security policy.

RBI has also directed that all banks must create a position of chief information officer (CIO) as well as steering committee on information security at the board level at the earliest. Till now there are no publically available records that show that banks operating in India have appointed CIO and a steering committed as directed by RBI. In any case, these directions of RBI must be complied with latest by October 2012.

Realising that banks in India are not complying with the directions of RBI, it has issued a stern warning that RBI will act against banks that do not implement its guidelines on electronic security of their transactions and operations by October 2012. RBI observed that at present some banks do not have proper security policy and methods to monitor the service level agreements with third parties and have inadequate audit trail.

RBI has directed that the banks with a high technology usage will have to implement all the guidelines and those not having any major online transactions have to implement only some of its recommendations.

Perry4Law and Perry4Law Techno Legal Base (PTLB) believe that the future of banking segment in India is highly dependent upon technology and it would be beneficial if the directions of RBI are implemented by all banks as soon as possible. This would not only safeguard the interests of bank’s customers but would also save banks from many legal problems and cases. Further, inadequate cyber security would give rise to increased cyber crimes and financial frauds that would undermine the reputation of such banks.

ATM frauds, credit cards frauds and Internet banking frauds are on rise in India. Part of this is attributable to lack of public awareness but lack of cyber security adoption by banks in India is the main reason for such crimes and frauds.

Perry4Law and PTLB recommends that banks in India must start implementing the techno legal aspects of cyber security as soon as possible as deadline of October 2012 is fast approaching.