Call : +91 98 9070 8533 help(at)microninfo.com
Week days: 010:00 AM - 22:00 PM Saturday: 11:00 AM - 18:00 PM Call 24x7

‘Technology Vision for Cyber Security’ for Urban Co-operative Banks – 2020-2023

On September 24, 2020 Reserve Bank of India (RBI) released “Technology Vision for Cyber Security for Urban Co-operative Banks (UCBs) – 2020-2023”. It aims to enhance the cyber security in the Urban Co-operative banking sector against the growing Information Technology (IT) and cyber threat environment. Based on the inputs from diverse stakeholders, the technology vision document was formalized.

Need of the documentation

In recent years, the number, frequency and impact of cyber incidents/attacks have multiplied, to a greater extent in the case of the financial sector, including UCBs.

Five pillared strategic approach 

The document will achieve its objective through a five-pillared strategic approach ‘GUARD’RBI GUARD

Governance Oversight,

Utile Technology Investment,

Appropriate Regulation and Supervision,

Robust Collaboration and

Developing necessary IT, cyber security skills set.

Governance Oversight

Focus on board oversight on cyber security

As instructed in the Comprehensive Cyber Security Framework for UCBs, the Board of Directors is eventually responsible for UCBs information security and will play a proactive role to ensure an effective IT and IS (Information Security) governance.

Technology vision document

UCBs are required to create their own technology vision document that outlines their plans to securely incorporate IT solutions into their business.

Utile Technology Investment

Create a reserve/fund 

UCBs may consider creating a reserve/fund to implement IT/ cyber security projects. In Phase I, an approach paper may be brought out by NAFCUB(National Federation of Urban Cooperative Banks and Credit Societies Ltd) and Federations of UCB and in Phase II, the funds can be created.

IT Assets

  • UCBs in order to ensure that IT infrastructure is not exposed to risk due to obsolete hardware/software, shall attempt to invest and upgrade their IT inventory with the supporting infrastructure and facilities of IT.
  • Additionally the UCBs shall implement a comprehensive process for Software License Management (SLM)
  • UCBs to conduct review and appraisal of IT assets at least on a yearly basis.

Business Continuity Plan

UCBs to address the risk effectively shall have a Business Continuity Plan (BCP)for all processes, including aspects that are not limited to the availability of backup systems and ensure that it is well-communicated, well-rehearsed, and periodically reviewed.

Appropriate Regulation and Supervision

UCBs to address the risk effectively shall have a Business Continuity Plan (BCP)for all processes, including aspects that are not limited to the availability of backup systems and ensure that it is well-communicated, well-rehearsed, and periodically reviewed.

Appropriate Regulation and Supervision

Reporting Framework

  • UCBs have been advised to immediately report all unusual cyber security incidents to RBI, besides  other concerned authorities
  • An effective offsite supervision of UCBs to be set up to monitor UCBs compliance regarding cyber security guidelines and for an overall and up-to-date understanding of UCP’s cyber security posture of the UCB sector.

Cyber Security Hygiene’ document

For all the cooperative banks a  uniform ‘Cyber Security Hygiene’ document shall be issued and shall be reviewed at periodic intervals.

Robust Collaboration

Forum 

UCBs may  explore the possibility to establish forum at the state / regional level, where key individuals and / or management from various banks and other relevant stakeholders may interact and integrate on cyber security features on a periodic basis.

CISO forum for UCBs 

IDRBT can establish a separate Chief Information Security Officer (CISO)  forum for UCBs to be closely connected with them.

Cloud Services

  • Cost effective technologies like cloud based services may be used to implement IT solutions and cyber security controls.

Developing necessary IT, cyber security skills set

Technical Skills to be imparted to UCBs in order to manage IT and Cyber Security

Awareness / certification programs will be developed and customized to functions/ responsibilities of stakeholders ( board to employee) in UCBs.

The Document with its 12 specific action points, seeks to:

  • Engage more board oversight regarding cyber security.
  • Facilitate UCBs to enhance their handling capacity and protect their IT Assets.
  • For UCBs, implement an offsite supervisory mechanism framework on cyber security related controls.
  • Create a forum for UCBs to enable them to share best practices and discuss practical issues and challenges.
  • Implement a framework to provide awareness / training for all UCBs.

Principles

The formulation of cyber security controls for UCBs will be guided by the following principles as a ‘one size fits all’ approach will not be appropriate when prescribing cyber security in the country.

i.While prescribing cyber security controls for UCBs, a differentiated tier-wise approach will be followed. The tiers will be decided based on risk exposure in terms of the digital services offered by the UCBs.

ii.The primary responsibility to implement the cyber security controls, will be assigned to the board.

iii.The approach will ensure that UCBs with high IT penetration/ and who offer all payment services are brought at par with other banks which have mature cyber security infrastructure and practices.

iv.The responsibility to implement, monitor, compliance and response will be assigned from board level and pass through till the down level. The IT/IS Governance Framework includes appointing  a CISO and establishing diverse committees among others.

Key Info

The cyber security landscape will continue to evolve through the widespread adoption of digital banking channels so that UCBs can effectively manage the associated risks.

Active cooperation within UCBs and their stakeholders is required to share and coordinate the various measures taken on cyber security aspects.

Note: The implementation of the approach outlined in this document will reinforce the cyber resilience of the Urban Co-operative Banks

Sources:

  1. https://rbi.org.in/scripts/PublicationReportDetails.aspx?ID=1159
  2. https://rbidocs.rbi.org.in/rdocs//PublicationReport/Pdfs/CYBERSECURITYUCBSC6B5EF6A5DD549DC9F5A4B9C49E2A646.PDF
To learn more about how to increase your bank’s cyber security, please contact us.