In a move to strengthen the information technology architecture of banks, the Reserve Bank of India (RBI) has asked the institutions to form an policy approved by the board.
The central bank has emphasised the need to create an exclusive board-level IT strategy committee, with two directors as members, where one would be an independent director.
A working group, under the chairmanship of RBI executive director G Gopalakrishna, has recommended enhancing RBI guidelines relating to the governance of IT and information security measures to tackle cyber fraud, apart from enhancing independent assurance about the effectiveness of IT controls.
“All members of the IT Strategy Committee would need to be technically competent, while at least one member would need to have substantial expertise in managing/guiding technology initiatives,” the committee said.
The committee has been asked to review the plans at least once an year. In addition, banks will soon have a chief information officer (CIO), who would play a role in the executive decision making function. “The key role of the CIO would be to act as an owner of the IT function and enable alignment of business and technology,” said the central bank.
The working group has also suggested an additional post of Chief Information Security Officer (CISO) who will be responsible for making and implementing policies to protect information. “An official of GM/DGM/AGM level can be appointed as CISO, who will report directly to the head of the risk management function and should not have a direct reporting relationship with the CIO,” RBI said.
A board-approved information security policy needs to be in place and reviewed at least annually. To prevent skimming of credit and debit cards, the working group recommended that RBI move to use chip-based cards in a phased manner. “Chip-based cards help prevent frauds using the details recorded on the magnetic-stripe of the card. Sparing one or two private sector banks, all other banks currently issue cards with a magnetic stripe on it,” RBI said.
