The UCBs with higher digital depth will now have to appoint Chief Information Security Officer (CISO)
The Reserve Bank of India
(RBI) on Thursday proposed to bring cyber security rules based on the size and complexity of urban cooperative banks
(UCB) with an aim to bring the largest of them at par with other banks
that run a full gamut of protections against online threats.
“The approach will ensure that the UCBs with high IT penetration and offering all payment services are brought at par with other banks
having mature cyber security infrastructure and practices," the central bank said in its technology vision document for 2020-23.
The UCBs with higher digital depth will now have to appoint Chief Information Security Officer (CISO), and set up various committees such as IT Strategy Committee, IT Steering Committee, etc. There has to be a board approved IT governance framework, and considering the implementation to be a costly process, "the responsibility for implementation, monitoring, compliance and response would have to be assigned from the Board level and percolate down till the end user," the RBI
The central bank’s vision for the UCBS till 2023 is based on five pillars --GUARD, viz, - Governance Oversight, Utile Technology Investment, Appropriate Regulation and Supervision, Robust Collaboration and Developing necessary IT, cyber security skills set.
The 12 specific action points that the vision document outlined include involving more board oversight over cyber security, enable UCBs to better manage and secure their IT assets, implement an offsite supervisory mechanism framework for UCBs on cyber security related controls, develop a forum for UCBs so that they can share best practices and discuss practical issues and challenges; and implement framework for providing awareness and training for all UCBs.