RBI releases strategic approach ‘GUARD’ for UCBs in tier-wise cybersecurity guidelines

The Reserve Bank of India has today placed on its website the “’ Technology Vision for Cyber Security’ for Urban Co-operative Banks (UCBs) – 2020-2023”. The Technology Vision Document aims at enhancing the cybersecurity posture of the Urban Co-operative banking sector against evolving IT and cyber threat environment. The Central Bank laid down a set of new guidelines for UCBs to prevent, detect, respond to, and recover from cyber-attacks. Considering the heterogeneity of the UCB sector in terms of size, regions, financial health, and digital depth, it was recognised that a ‘one size fits all’ approach may not be suitable while prescribing cybersecurity guidelines for UCBs, it said. It further said that based on risk exposure in terms of the digital services offered by the UCBs, a differentiated tier-wise approach will be followed while prescribing cybersecurity controls for UCBs.

“The Technology Vision Document for Cyber Security for UCBs has been formalised based on inputs from various stakeholders. It envisages to achieve its objective through a five-pillared strategic approach GUARD, viz., – Governance Oversight, Utile Technology Investment, Appropriate Regulation and Supervision, Robust Collaboration and Developing necessary IT, cybersecurity skills set” the regulator said. The press release of RBI said that the practice will ensure that the UCBs with high IT penetration and offering all payment services are brought at par with other banks having mature cybersecurity infrastructure and practices. The Board of the UCBs will have the responsibility to implement the cybersecurity controls, it said.  UCBs with higher digital depth, the IT/IS Governance Framework would include appointing a Chief Information Security Officer (CISO) and setting up various committees such as IT Strategy Committee, IT Steering Committee, etc. the statement said.

In its 12 specific action points the vision document aspires more involvement of Board Oversight over Cybersecurity which enables UCBs to better manage and secure their IT Assets. It also envisages implementation of an offsite supervisory mechanism framework for UCBs on cybersecurity-related controls, It encourages to develop a forum for UCBs so that they can share best practices and discuss practical issues and challenges Implementation of a framework for providing awareness/ training for all UCBs.