Based on risk exposure in terms of the digital services offered by the UCBs, a differentiated tier-wise approach will be followed while prescribing cybersecurity controls for UCBs.
“Co-Lending Model” is expected to leverage the comparative advantages of banks and NBFCs in a collaborative effort.
The Reserve Bank of India today laid down a set of new cybersecurity guidelines for urban cooperative banks, in the wake of a rising number of cyberattacks in the recent past. RBI said that it has become essential to enhance the security posture of UCBs to prevent, detect, respond to, and recover from cyber-attacks. The central bank further said that considering the heterogeneity of the UCB sector in terms of size, regions, financial health, and digital depth, it was recognised that a ‘one size fits all’ approach may not be suitable while prescribing cybersecurity guidelines for UCBs.
Based on risk exposure in terms of the digital services offered by the UCBs, a differentiated tier-wise approach will be followed while prescribing cybersecurity controls for UCBs. The Reserve banks said that the approach will ensure that the UCBs with high IT penetration and offering all payment services are brought at par with other banks having mature cybersecurity infrastructure and practices. The Board of the UCBs will have the responsibility to implement the cybersecurity controls.
However, the cost of enhanced security may also reach to the bank customers. Considering that implementation of the cybersecurity framework would be a cost-intensive process, the responsibility for implementation, monitoring, compliance, and the response would have to be assigned from the Board level and percolate down till the end-user, RBI added.
RBI’s ‘Vision for Cyber Security’ for UCBs – 2023 includes a five-pillared strategic approach, which are Governance Oversight; Utile Technology Investment; Appropriate Regulation and Supervision; Robust Collaboration; and Developing necessary IT, cybersecurity skills set. Meanwhile, for the UCBs with higher digital depth, the IT/IS Governance Framework would include appointing a Chief Information Security Officer (CISO) and setting up various committees such as IT Strategy Committee, IT Steering Committee, etc.