RBI plans to set up portal to supervise cybersecurity measures of PSPs

The Reserve Bank of India (RBI) plans to set up an Integrated Compliance and Tracking System portal to supervise cybersecurity measures of payment system providers (PSPs). This is in light of cyber risk, with particular consequences to the banking sector, said the RBI. The central bank also plans to expand the portal to cover other regulated entities. 

“Payment system providers are required to establish mechanisms for monitoring, handling and follow-up of cybersecurity incidents and cybersecurity breaches,” said the central bank in its report on Trend and Progress in Banking released on Friday. It added that formulation of comprehensive cyber risk and resilience policies and diligent implementation along with providing effective governance is also crucial.  

The number of cyber crimes in 2017-2018 stood at 2,059 cases with a total value of Rs 10.96 billion, a steep rise against 1,372 cases of a total value of Rs 423 million in 2016-2017. 

The RBI said that an integrated approach to ensure survivability of PSPs is necessary due to the increasing role of technology in provision of financial services, rapid growth in digital payment ecosystem, high degree of interdependence and interconnectedness between operators in financial markets and increasing diversity of attackers.

“We invest heavily into cyber security measures but it is not a one- time cost.  The rapidly changing landscape and technology requires constant vigilance and updation, which requires a lot of funds,” said a technology banker on condition of anonymity.     

The past year saw cyber attacks on various banks including City Union Bank, Punjab National Bank, Cosmos Bank and the State Bank of Mauritius. 

The central bank had specified a cyber security framework for banks in June 2016, which specified that banks would need to immediately put in place a cyber-security policy and get it duly approved by their Board. The policy needs to be separate from the broader Information Technology policy and the cyber security measures in the banks need to be constantly monitored and routinely tested. The framework also specified reporting requirements and sharing information on cyber security and risk with the central bank.