Personal Finance

IT Governance: RBI’s New Directions to Banks, NBFCs Effective from April ’24

The Reserve Bank of India (RBI) has issued a new comprehensive master direction on Information Technology (IT) governance, risk, controls, and assurance practices for banks and Non-Banking Financial Companies (NBFCs). 

It establishes the role of directors of such Regulated Entities (REs) to discharge their duties with an intent to safeguard the interests of consumers. 

The core focus areas of IT governance shall comprise strategic alignment, risk management, resource management, performance management, and business continuity or disaster recovery management.

Referred to as the Reserve Bank of India (Information Technology Governance, Risk, Controls and Assurance Practices) Directions, 2023, it shall be effective from April 1, 2024.

The guidelines have called upon all REs to remain vigilant about cyber events, which are defined as any observable occurrence in an information system. Cyber events sometimes tend to indicate that a cyber incident is occurring.

It also takes into account cyber security, which is related to the preservation of confidentiality, integrity, and availability of any information via the cyber medium. 

Additionally, other properties, such as authenticity, accountability, non-repudiation, and reliability, can be involved as well.

It also refers to a cyber incident,  which is a cyber event that adversely influences the cyber security of an information asset that could be the result of malicious activity or not.

It puts the spotlight on cyber-attacks, which relate to malicious attempts to exploit vulnerabilities via the cyber medium with the intent to damage, disrupt, or gain unauthorised access to assets.

It also talks about the De-Militarised Zone (DMZ), which is a perimeter network segment that is logically between internal and external networks.

The term information asset relates to any piece of data, device, or other component of the environment that is known to support information-related activities. These may include information systems, data, hardware, and software. 

Furthermore, foreign banks who have their operations in the country have also been directed to follow the norms. They would be required to hold discussions with the central bank if they have to seek an exemption in the case of any specific guideline.

The new directions also spell out that the risk management policy of the RE shall include IT-related risks, including cybersecurity-related risks, and the Risk Management Committee of the Board (RMCB), in consultation with the Income Tax Settlement Commission (ITSC), shall review periodically and make an updation report on an annual basis.

Share

Recent Posts

Mutual Funds: SIP Inflows Breach Rs 19,000-Crore Mark for the First Time in February ’24

The systematic investment plan (SIP) contribution in February 2024 has crossed a new milestone. The monthly contribution tipped at Rs…

9 months ago

Income-Tax Return: A Brief Note on Annual Information Statement (AIS)

The Income-Tax (I-T) Department has directed taxpayers to access the Annual Information Statement (AIS) via the e-filing official portal and…

9 months ago

Mutual Funds: All About SIP and Market Fluctuations

Considering the vagaries of the stock market, investors often ponder over reevaluating their strategies. Whether to continue to remain invested…

9 months ago

Income-Tax Saving Through Strategic Life Insurance Planning

Financial planning is beyond just investing wisely to save on taxes; it's also related to protecting oneself and one's loved…

9 months ago

Income-Tax Return: Here’s a Note on Tax-Saving Avenues

A salaried individual earning up to Rs 5-15 lakh as net salary on an annual basis must first take stock…

9 months ago

A Quick Take on Equity-Linked Savings Scheme

Equity-linked savings schemes (ELSS), also referred to as tax-saving schemes, are equity funds that invest a significant portion of their…

9 months ago