Latest News | RBI Issues Comprehensive Directions on IT Governance in Banks, NBFCs

Mumbai, Nov 7 (PTI) The RBI on Tuesday came out with a comprehensive guideline related to information technology (IT) governance and controls for banks and NBFCs.

The key focus areas of IT governance will include strategic alignment, risk management, resource management, performance management and business continuity/ disaster recovery management.

Also Read | CAT 2023 Exam Admit Card Out at iimcat.ac.in: Hall Ticket for Common Eligibility Test Examination Released, Know Steps To Download.

In this regard, the RBI has issued the final Reserve Bank of India (Information Technology Governance, Risk, Controls and Assurance Practices) Directions, 2023. The directions will come into force from April 1, 2024,

"REs (regulated entities) shall put in place a robust IT Service Management Framework for supporting their information systems and infrastructure to ensure the operational resilience of their entire IT environment," the latest directions said.

Also Read | Intelligence Bureau Recruitment 2023: Apply Online for 677 Posts at mha.gov.in, Know Eligibility, Selection Process, and Other Details.

REs, it further said, should have a documented data migration policy specifying a systematic process for data migration, ensuring data integrity, completeness and consistency.

"The policy shall, inter alia, contain provisions pertaining to signoffs from business users and application owners at each stage of migration, maintenance of audit trails, etc," the RBI said.

It also said that every IT application which can access or affect critical or sensitive information, should have necessary audit and system logging capability and should provide audit trails.

On cryptographic controls, it said the key length, algorithms, cipher suites and applicable protocols used in transmission channels, processing of data and authentication purpose should be strong.

Also, in order to prevent unauthorised modification of data, REs should ensure that there is no manual intervention or manual modification in data while it is being transferred from one process to another or from one application to another, in respect of critical applications.

According to the directions, the risk management policy of the RE should include IT related risks, including the cyber security related risks, and the risk management committee of the board (RMCB) should periodically review and update the same at least on a yearly basis.

The central bank further said REs should analyse cyber incidents for their severity, impact and root cause. They should take measures, corrective and preventive, to mitigate the adverse impact of incidents on business operations, it added.

(The above story is verified and authored by Press Trust of India (PTI) staff. PTI, India’s premier news agency, employs more than 400 journalists and 500 stringers to cover almost every district and small town in India.. The views appearing in the above post do not reflect the opinions of LatestLY)