Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)

The Reserve Bank of India (RBI) on October 19, 2018 issued a set of guidelines for Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs). Such a framework was issued by the RBI as a measure to enhance security of the UCBs in light of the increasing number and impact of cyber security attacks on the financial sector including banks. [1]

  1. Board Approved Cyber Security Policy
  • All UCBs need to immediately put in place a Cyber Security policy, duly approved by their Board/Administrator, giving a framework and the strategy containing a suitable approach to check cyber threats depending on the level of complexity of business and acceptable levels of risk.
  • On completion of the process, confirmation of same within 3 months must be sent to the Department of Co-operative Bank Supervision.
  • The Cyber Security Policy should inter alia encapsulate the following concerns:
  • Preventing access of unauthorised software.
  • Network Management and Security.
  • Secure Configuration.
  • Anti-virus and Patch Management.
  • Secure mail and messaging systems.
  • The IT framework/framework must be reviewed periodically by the Board or its IT subcommittee in order to identify vulnerable areas and put in place a suitable cyber security system to address the issues after assessment.
  1. Cyber Crisis Management Plan
  • The Cyber Crisis Management plan, prepared by CERT-In (Computer Emergency Response Team – India maybe referred to by the UCBs for guidance.
  • UCBs should promptly detect any cyber intrusions (unauthorised entries) so as to respond/recover/contain impact of cyber-attacks, especially those offering services such as internet and mobile banking, RTGS/NEFT/SWIFT, credit and debit cards etc.
  1. Organizational Arrangements
  • UCBs should review the organisational arrangements so that the security concerns are brought to the notice of suitable/concerned officials to enable quick action.
  • UCBs should actively promote among their customers, vendors, service providers and other concerned parties an understanding of its cyber security objectives.
  • UCBs, as owners of customer sensitive data, should take appropriate steps in preserving the Confidentiality, Integrity and Availability of the same, irrespective of whether the data is stored/in transit within themselves or with the third party vendors; the confidentiality of such custodial information should not be compromised in any situation.
  • UCBs to put in place suitable systems and processes across the data/information lifecycle. UCBs may educate and create awareness among customers with regard to cyber security risks.
  1. Supervisory reporting framework
  • UCBs should report immediately all unusual cyber security incidents (whether they were successful or mere attempts) to Department of Co-operative Bank Supervision giving full details of the incident.
  • UCBs are advised to implement basic Cyber Security Controls and report the same to respective Regional Offices of Department of Co-operative Bank Supervision on or before March 31, 2019.

Source: http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11397&Mode=0

https://rbidocs.rbi.org.in/rdocs/content/pdfs/63NT19102018_A1.pdf

[1] http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11397&Mode=0.

Similar Articles

Sometimes talking gives solution

Contact us for more information about our services and how we can help

Contact
Disclaimer

As per the rules of the Bar Council of India, we are not permitted to advertise or solicit work. By accessing and browsing through this website, all users agree and acknowledge that the content of this website is for informational purposes only and that there has been no form of solicitation, advertisement or inducement by NovoJuris Legal or its members, in any form. No information provided on this website should be construed as legal advice and NovoJuris Legal shall not be liable for consequences of any action taken by relying on the information provided on this website.