How safe is safe enough? Heed RBI on cyber security and risk reduction.
banana peel that Indian banks were slipping on, recalling that in 2020, RBI had put restrictions on HDFC Bank for technological inadequacies. Another article about the cost of digital banking, while failing to highlight its significant benefits in reducing transaction costs and enhancing financial inclusion, quoted various bankers who put the technology spend of banks at around 10% of their overall expenses.
With so much noise around the issue, we should examine the proportionality of such regulatory actions. Let’s start with the 24 April directive from RBI, directing KMB to stop onboarding new customers through its online and mobile banking channels and issuing fresh credit cards.
RBI’s IT examination for two successive years had uncovered deficiencies in KMB’s asset inventory management, software patching, services outsourcing, data security and business continuity back-up. Further, KMB reportedly fell short on its compliance with a corrective action plan and risk and security governance norms.
The gamut of issues mentioned in the RBI press release cover most key aspects of the cyber security framework that banks are expected to adhere to. There is also a mention of KMB suffering “frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences." Surprisingly, though, the X (formerly Twitter) handle of KMB has no mention of any such planned or unplanned outage on that date.
Keeping customers updated on such events is a good practice that many foreign banks operating in India follow. We should also recall the ₹800 crore plus IMPS fraud/glitch in UCO Bank, amounting to almost half its previous year’s profit, which exposed
. Read more on livemint.com
