On September 24, 2020 Reserve Bank of India(RBI) released “’Technology Vision for Cyber Security’ for Urban Co-operative Banks (UCBs) – 2020-2023”. It aims to enhance the cyber security in the Urban Co-operative banking sector against the growing Information Technology (IT) and cyber threat environment. Based on the inputs from diverse stakeholders, the technology vision document was formalised.
Need of the document
In recent years, the number, frequency and impact of cyber incidents/attacks have multiplied, to a greater extent in the case of the financial sector, including UCBs.
Gist about Technology Vision for Cyber Security’ for UCBs – 2020-2023
5 pillared strategic approach
The document will achieve its objective through a five-pillared strategic approach ‘GUARD’– Governance Oversight, Utile Technology Investment, Appropriate Regulation and Supervision, Robust Collaboration and Developing necessary IT, cyber security skills set.
Focus on board oversight on cyber security
As instructed in the Comprehensive Cyber Security Framework for UCBs, the Board of Directors is eventually responsible for UCBs information security and will play a proactive role to ensure an effective IT and IS (Information Security) governance.
Technology vision document
UCBs are required to create their own technology vision document that outlines their plans to securely incorporate IT solutions into their business.
Utile Technology Investment
Create a reserve/fund
UCBs may consider creating a reserve/fund to implement IT/ cyber security projects. In Phase I, an approach paper may be brought out by NAFCUB(National Federation of Urban Cooperative Banks and Credit Societies Ltd) and Federations of UCB and in Phase II, the funds can be created.
- UCBs in order to ensure that IT infrastructure is not exposed to risk due to obsolete hardware/software, shall attempt to invest and upgrade their IT inventory with the supporting infrastructure and facilities of IT.
- Additionally the UCBs shall implement a comprehensive process for Software License Management (SLM)
- UCBs to conduct review and appraisal of IT assets at least on a yearly basis.
Business Continuity Plan
UCBs to address the risk effectively shall have a Business Continuity Plan (BCP)for all processes, including aspects that are not limited to the availability of backup systems and ensure that it is well-communicated, well-rehearsed, and periodically reviewed.
Appropriate Regulation and Supervision
- UCBs have been advised to immediately report all unusual cyber security incidents to RBI, besides other concerned authorities
- An effective offsite supervision of UCBs to be set up to monitor UCBs compliance regarding cyber security guidelines and for an overall and up-to-date understanding of UCP’s cyber security posture of the UCB sector.
Cyber Security Hygiene’ document
For all the cooperative banks a uniform ‘Cyber Security Hygiene’ document shall be issued and shall be reviewed at periodic intervals.
UCBs may explore the possibility to establish forum at the state / regional level, where
key individuals and / or management from various banks and other relevant stakeholders may interact and integrate on cyber security features on a periodic basis.
CISO forum for UCBs
IDRBT can establish a separate Chief Information Security Officer (CISO) forum for UCBs to be closely connected with them.
- Cost effective technologies like cloud based services may be used to implement IT solutions and cyber security controls.
Developing necessary IT, cyber security skills set
Technical Skills to be imparted to UCBs in order to manage IT and Cyber Security
Awareness / certification programs will be developed and customized to functions/ responsibilities of stakeholders ( board to employee) in UCBs.
The Document with its 12 specific action points, seeks to:
- Engage more board oversight regarding cyber security.
- Facilitate UCBs to enhance their handling capacity and protect their IT Assets.
- For UCBs, implement an offsite supervisory mechanism framework on cyber security related controls.
- Create a forum for UCBs to enable them to share best practices and discuss practical issues and challenges.
- Implement a framework to provide awareness / training for all UCBs.
The formulation of cyber security controls for UCBs will be guided by the following principles as a ‘one size fits all’ approach will not be appropriate when prescribing cyber security in the country.
i.While prescribing cyber security controls for UCBs, a differentiated tier-wise approach will be followed. The tiers will be decided based on risk exposure in terms of the digital services offered by the UCBs.
ii.The primary responsibility to implement the cyber security controls, will be assigned to the board.
iii.The approach will ensure that UCBs with high IT penetration/ and who offer all payment services are brought at par with other banks which have mature cyber security infrastructure and practices.
iv.The responsibility to implement, monitor, compliance and response will be assigned from board level and pass through till the down level. The IT/IS Governance Framework includes appointing a CISO and establishing diverse committees among others.
The cyber security landscape will continue to evolve through the widespread adoption of digital banking channels so that UCBs can effectively manage the associated risks.
Active cooperation within UCBs and their stakeholders is required to share and coordinate the various measures taken on cyber security aspects.
Note- The implementation of the approach outlined in this document will reinforce the cyber resilience of the Urban Co-operative Banks
Recent Related News:
i.On the lines of the review of progress made under the first National Strategy for Financial Education (NSFE: 2013-2018) the revised NSFE (2020-2025) has been prepared and the document for the same was released by Mahesh Kumar Jain, Deputy Governor, Reserve Bank of India (RBI) on August 20, 2020. There are the Strategic Objectives laid down in NSFE 2020-2025 and in order to achieve them, the document recommends adoption of a ‘5 C’ approach.
ii.On June 13, 2020, India’s central bank, the Reserve Bank of India (RBI) has made some changes to the monitoring structure of Financial Markets Infrastructure (FMI) and Retail Payment Systems (RPSs) with the aim to ensure the security and stability of the payment structure.
About Reserve Bank of India (RBI):
Headquarters– Mumbai, Maharashtra
Governor– Shaktikanta Das