Cyber Security Framework: Key Features of Technology Vision for Urban Co-operative Banks (RBI)

Ashish M. Shaji

19 Jan, 2021

With a view to enhance the cyber security posture of the Urban Co-operative Banking sector, the Reserve Bank of India^[1] issued a detailed communication titled technology vision for Cyber security for Urban Co-operative Banks (UCBs). It introduced for UCBs to get prepared for evolving IT and cyber threat environment.

What is the need of this vision for Urban Co-operative Banks released by RBI?

In recent years, there has been an increase in the number of cyber related incidents and cyber attacks in the financial sector, including UCBs. The impact of these cyber attacks and incidents have caused the need to be prepared for preventing, detecting, and recovering from such attacks.

The purpose for this is to ensure that the UCBs with great IT penetration, all payment services would be at par with other banks having better cyber security infrastructure and practices. As per RBI the cyber security landscape is expected to evolve with wider adoption of digital banking channels thereby necessitating the UCBs to manage the risks effectively.

The implementation of the approach mentioned in the technology vision document, released by the RBI, is expected to strengthen the cyber resilience of the UCBs.

Vision for Cyber security for Urban Co-operative Banks as visualized by RBI

The document shall achieve its objective through a five pillared strategic approach. Enhancing cyber security posture of the Urban Co-operative Banks against cyber threat through GUARD approach. 

GUARD, viz-

1. Governance Oversight;
2. Utile Technology Investment;
3. Appropriate Regulation and Supervision;
4. Robust Collaboration;
5. Developing necessary IT, cyber skills set.

Now that we have understood its extended form lets understand what would be the action points as visualized by RBI?

• Governance Oversight

As provided in the Comprehensive cyber security framework for UCBs, the board of directors shall be responsible eventually for UCBs information security and shall play a critical role to ensure an effective IT and IS governance.

UCBs should create their own technology vision document that outlines their plans to securely incorporate IT solutions to their business.

• Utile Technology Investment

UCBs can consider creating a reserve/fund to implement IT/cyber security projects. In phase I, an approach paper can be brought out by NAFCUB and federations of UCB and in phase II, the funds can be created.

UCBs to ensure that IT infrastructure is not exposed to risk with obsolete hardware/software, will attempt to invest and upgrade their IT inventory with the facilities of IT and supporting infrastructure. Moreover the UCBs are required to implement a comprehensive process for software licence management. They will also address the risk effectively by having a business continuity plan for all processes and ensure that it is well communicated rehearsed and reviewed periodically.

• Appropriate Regulation and Supervision

The Urban Co-operative Banks are advised to report all unusual cyber security incidents to RBI immediately, besides other concerned authorities. An effective offsite supervision of UCBs shall be set up in order to monitor UCBs compliance regarding cyber security guidelines for up to date understanding of cyber security posture of the UCBs sector.  

It may be noted that for all co-operative banks uniform cyber security hygiene document shall be issued and it shall be reviewed at periodic intervals.

• Robust Collaboration

UCBs can explore the possibility of establishing forum at the state/regional level where key individuals from various banks may interact and integrate on cyber security features on a periodic basis.

Cost effective technologies such as cloud based services can be utilized to implement IT solutions and cyber security controls.

• Developing necessary IT, cyber security skills set

Technical skill shall be imparted to the UCBs to manage IT and cyber security. Awareness/ certification programmes shall be developed and customized to functions of stakeholders in UCBs.

The mission statement incorporated the following action points for turning the visualization into real action:

1. RBI has decide that the matters  of cyber security will be part of the discussion in the Board meetings and that the instructions shall be issued to banks to include the review on cyber security posture with specific indicators.
2. It could be that the Reserve Bank may monitor the role of Board of Directors regularly which is easier with the implementation of updated computer systems.
3. A comprehensive process for Software License Management shall be implemented by the UCBs. The review and appraisal of IT assets shall be done by UCBs at least on a yearly basis.
4. A suitable digital regulatory reporting will be developed by the RBI along with the implementation of cyber security regulations.
5. As stated earlier, RBI has informed about uniform Cyber Security Hygiene document. It is for all cooperative banks. This document shall specifically cover different best practices seen across supervised entities in different areas. It may be used by UCBs as a reference document for implementing applicable controls.

Read our article:Co-operative Bank License in India

This uniform up gradation of cyber security system among UCBs shall result in the formation of forum at the state level to act as a platform for UCBs in benchmarking their practices with peers, exploring the strength and weakness in facing cyber threats.

Conclusion

Read our article:Urban Cooperative Banks to report Exposure of Rs. 5 Crore or more to CRILC