Sunday, May 1, 2011

RBI Working Group On Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds

Reserve Bank of India (RBI) has recently constituted a working group on information security, electronic banking, technology risk management and cyber frauds. The working group submitted its report in the recent past upon which public inputs were invited. After analysing the public inputs, the final draft has been recently released and notified by the RBI.

RBI has also directed that all banks would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest. This direction was provided through the information technology vision document for 2011-17 (IT Vision 2011-17) and the recent notification of the draft report. This document has suggested many technological as well as legal reforms for banking sector of India.

RBI has recently acknowledged the risks of e-banking in India. There are many problems from which the online banking or Internet banking in India is suffering. The most important pertains to maintaining effective cyber security for banking and financial sectors of India. Similarly, there are no effective Internet banking laws in India or online banking laws in India. In the absence of stringent laws in this regard, online banking risks in India are increasing. However, of all the shortcomings, nothing can match the absence of encryption laws and standards in India. In the absence of proper encryption norms in India, e-banking in India is really insecure.

Although, RBI has been taking many far reaching and important steps yet e-banking in India still very risky. Of late, cases of phishing and banking frauds have increased tremendously in India. Further, cyber due diligence of banks in India is still a far dream. Even the directions of RBI to appoint CIOs and steering committees on information security have not yet been implemented.

Cyber security for banking and financial institutions of India is not in proper shape. Even due diligence requirements under the cyber law of India are not properly met. This has forced RBI to upgrade ATM security in India. Further, RBI has also imposed penalty upon 19 banks for non compliance with the regulatory requirements.

Indian banks are poor at cyber security policy formulation and its implementation. Cyber Security Policy is an issue that is very important for Banks of India, says Praveen Dalal, managing partner of New Delhi base ICT law firm Perry4Law and leading cyber law expert of India. With the growing use of Internet Banking, ATM machines, Credit and Debit Cards, Online Banking, etc, Banks of India must also upgrade their Cyber Security Infrastructure and establish a Cyber Security Policy, suggests Dalal.

RBI must rigorously implement the directions and suggestions made in the report of working group. Without stringent actions, the report would never be actually and practically implemented by Indian banks.