RBI’s new directive on IT governance
Banking regulator Reserve Bank of India (RBI) has issued a new comprehensive Master Direction to banks and NBFCs on Information Technology Governance, Risk, Controls and Assurance Practices, which spells out the role of Directors of these regulated entities to discharge their duties in order to safeguard the interests of customers. These directions incorporate, consolidate and update the guidelines, instructions and circulars on IT Governance issued earlier and will come into effect from April 1, 2024.
image for illustrative purpose
Mumbai: Banking regulator Reserve Bank of India (RBI) has issued a new comprehensive Master Direction to banks and NBFCs on Information Technology Governance, Risk, Controls and Assurance Practices, which spells out the role of Directors of these regulated entities to discharge their duties in order to safeguard the interests of customers. These directions incorporate, consolidate and update the guidelines, instructions and circulars on IT Governance issued earlier and will come into effect from April 1, 2024.
The guidelines have directed all regulated entities to keep a close watch on: ‘Cyber events’ defined as any observable occurrence in an information system. Cyber events sometimes provide indication that a cyber incident is occurring. Foreign banks operating in India have also been asked to follow the guidelines and to hold discussions with the RBI in case they have to seek an exemption in the case of any particular norm.
