Friday, January 21, 2011

RBI Mandated Cyber Due Diligence For Banks In India

The Reserve Bank of India (RBI) has recently released a report of its working group on information security, electronic banking, technology risk management, and cyber frauds.

The report covers various areas such as IT Governance, information security (including electronic banking channels like internet banking, ATMs, cards), IT operations, IT services outsourcing, Information System Audit, Cyber frauds, business continuity planning, customer education and legal issues.

The report has also issued many guidelines that Indian banks would be required to follow in order to provide safe and secure technology driven banking. Practically, this means that banks in India would be required to adopt techno driven and cyber law related due diligence requirements.

Indian information technology act, 2000 (IT Act 2000) carries many provisions that may result in liabilities on the part of various banks. With growing cases of cyber crimes and cyber frauds, banks must take both IT Act, 2000 and these guidelines very seriously.

Banks must take a special care of ATM frauds, credit card frauds, online banking and Internet banking frauds, etc. Besides, phishing scams must also be taken care of by banks.

With the present guidelines, banks can no more ignore due diligence requirements that they have been ignoring for long. The earlier banks are prepared for cyber related issues the better it would be for them.