The Reserve Bank has initiated steps to have a standing committee and a separate Enforcement Department to minimize cyber security risks based on the recommendations of an expert panel on Information Technology Examination and Cyber Security headed by Executive Director Meena Hemachandra.
The new department will start operations from April 1, RBI deputy governor S.S. Mundra stated at a media interaction post the release of the Sixth Bi-monthly Monetary Policy report on Wednesday.
Mundra disclosed that an inter-disciplinary standing committee on cyber security is also being constituted given the continuing need to be vigilant across existing systems and emerging areas.
Advertisement
“The Standing Committee will be cross functional. It will have industry experts as well as government representatives,” Mundra stated.
The committee will review the threats inherent in the existing/emerging technology; study adoption of various security standards/protocols; interface with stakeholders; and suggest appropriate policy interventions to strengthen cyber security and resilience, the RBI said in a press note.
The proposal to set up a dedicated department to look into cyber security follows an advisory issued by the RBI last year on June 2 asking banks to take regulatory policy measures for further strengthening the banking structure and enhancing the efficacy of the payment and settlement systems.
Advertisement
“Enforcement deals with cases of non-compliance with regulations noticed either through the surveillance process or otherwise,” the RBI stated in a press note. “With a view to developing a sound framework and process for enforcement action, it has been decided to establish a separate Enforcement Department.”
The RBI guidelines mandating cyber security preparedness for addressing cyber risks states that while banks have taken steps to strengthen their defences, the diverse and ingenious nature of recent cyber-attacks necessitates an ongoing review of the cyber security landscape and emerging threats.
RBI deputy governor G. Vishwanathan told media, “Enforcement is of course part of the supervisory process. We do take enforcement actions even now. But a focused attention, we believe will improve regulatory compliance going forward.”
