RBI’s General Manager Ranjeev Shanker has written letters to all the Chairmen, MDs and CEOs of Urban Co-operative Banks in the country on the need to spruce up basic cyber security framework. This was felt necessary in the wake of UCBs falling prey to cyber-attacks, latest being that in the Cosmos Bank.
Titled “Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)”, the letter talks of increasing usages of IT solutions in the banks and the risks emanating thereof. “There is an urgent need to put in place a robust cyber security framework at UCBs to ensure adequate security of their assets on a continuous basis”, notes the letter.
RBI also points out that the level of technology adoption is also different across the banks in this sector – some banks offering state of the art digital products to its customers and some banks maintaining their books of account in a standalone computer and using e-mail for communicating with its customers/supervisors/other banks.
The basic cyber security guidelines applicable to all UCBs. However, any UCB, depending on its Self-Risk Assessment is free to adopt advanced cyber security norms as decided by their Boards, the Circular reads. It asks all UCBs to immediately put in place a Cyber Security policy, duly approved by their Board/Administrator, giving a framework and the strategy containing a suitable approach to check cyber threats depending on the level of complexity of business and acceptable levels of risk.
On completion of the process of policy formulation by the Board, a confirmation shall be sent to Department of Co-operative Bank Supervision with within three months from the date of circular.
RBI also reminds that Cyber Security Policy is distinct from that of the IT policy or IS Policy of the UCB. The IT architecture or framework which includes network, server, database and application, end user systems, etc., should take care of security measures at all times and this should be reviewed by the Board or IT Sub-committee of the Board periodically, directs the Circular.
It also asks to keep a proper record of the entire process to enable supervisory assessment. The Circular says that managing cyber risk requires the commitment of the entire organization including staffs at all levels, Board and Top Management Security awareness among customers, employees, vendors, service providers, etc. about the potential impact of cyber-attacks helps in cyber security preparedness of UCBs.