RBI

Cybercrime audit of banks to check loopholes- RBI Instruction

Cybercrime audit of banks to check loopholes- RBI Instruction. Circular requires banks to have cyber-security policy, cyber crisis management plan etc. 

Ministry of Finance

Cybercrime audit on banks to check loopholes

To address the issue of cyber resilience, RBI vide circular dated December 9, 2016 had instructed all authorised entities / banks issuing PPIs in the country to:

(i) Carry out a special audit by the empanelled auditors of Indian Computer Emergency Response Team (CERT-In) on a priority basis and take immediate steps thereafter to comply with the findings of the audit report. The audit should cover compliance as per security best practices, specifically the application security lifecycle and patch/vulnerability and change management aspects for the system authorised and adherence to the process flow approved by the Reserve Bank.

(ii) Take appropriate measures on mitigating phishing attacks considering that the new customers are likely to be first time users of the digital channels. Safety and security best practices may be disseminated to the customers periodically.

(iii) Implement additional measures dynamically depending upon the risk perception or threats as they emerge.

RBI has set up a Cyber Security and IT Examination (CSITE) Cell within its Department of Banking Supervision in 2015. The Bank issued a comprehensive circular on Cyber Security Framework in Banks on June 2, 2016 covering best practices pertaining to various aspects of cyber security. The circular requires banks to have among other things, a cyber-security policy, cyber crisis management plan, a gap assessment vis-a-vis the baseline requirements indicated in the circular, monitoring certain risk indicators in this area, report unusual cyber security incidents within 2 to 6 hours.

RBI has been carrying out IT Examination of banks from last year. RBI has also set up a Cyber Crisis Management Group to address any major incidents reported including suggesting ways to respond and recover to/from the incidents.

This was stated by Shri Santosh Kumar Gangwar, Minister of State in the Ministry of Finance in written reply to a question in Lok Sabha today.

*****

Share

Recent Posts

  • huf

When testator was illiterate, burden was on propounder of Will to satisfy judicial conscience of Court

If judicial conscience of a final court of fact is not satisfied about the valid execution of the Will, it…

9 hours ago
  • Insurance

Which ITRS are relevant for assessing income of deceased person under MV Act 1988

SC laid downs guidelines for use of ITRS for assessing annual income of deceased person under Motor Vehicles Act 1988…

3 days ago
  • Income Tax

CBDT condones delay in filing Form No. 10AB

CBDT condones delay in filing Form No. 10AB furnished electronically between 01.10.2025 to 31.03.2026. CBDT has condoned the delay in…

4 days ago
  • bankruptcy

SC express concern over AI generated judgments/paragraphs escaping scrutiny by NCLT/NCLAT

Supreme Court expresses serious concerns over AI generated judgments/paragraphs relied upon by the NCLT/NCLAT In a recent judgment, the Hon'ble…

4 days ago
  • ICAI

ICAI to take disciplinary action for quoting very low & incommensurate fee by Chartered Accountants

ICAI to take disciplinary action for quoting very low and incommensurate fee by Chartered Accountants As per the announcement made…

4 days ago
  • Income Tax

NSDL latest e-TDS TCS RPU Version 6.00 and FVU 9.5 RPU V 1.0 from Tax Year 2026-27 – Download

NSDL latest e-TDS TCS RPU Version 6.0 from FY 2007-08 NSDL has revised the e-TDS TCS RPU utility for preparing…

5 days ago