RBI flags risks emerging from over-reliance on third party vendors
third party vendors by financial institutions. Speaking at a convention organised by the International Association of Deposit Insurers, RBI deputy Governor J Swaminathan called upon banks to exercise caution to guard them against potential vulnerabilities while working with third party vendors. He also called upon deposit insurers to tie insurance premiums to the level of risk posed by individual financial institutions.
“The digital transformation in banking has also led to a multitude of distinct third-party entities getting involved in the provision of a single product or service, creating a complex web of technical and operational dependencies,” said J Swaminathan, DG, RBI. “The impact of failure in any link in this chain can often be catastrophic as was seen in a global IT services outage incident last month. Third parties could be points of intrusion for ransomware and other cyber threats.”
Last month, C-edge Technologies a third party IT vendor jointly owned by Tata Consultancy Services and State Bank of India faced a
ransomware attack by the RansomEXX group.
The attack had primarily impacted Brontoo Technology Solutions, a key collaborator with C-EDGE. The attack had led to several Co-operative banks and regional rural banks getting disconnected from the retail payments network.
Swaminathan added that financial institutions have the primary responsibility to preserve the confidentiality, integrity, and availability of data.
The deputy governor also highlighted that the rise of fintech companies and the
