Receive Daily Updates by Email (Free Subscription)

[RBI] Master Direction - Information Technology Framework For NBFC Sector

The Reserve Bank of India, being satisfied for the purpose of enabling it to regulate the credit system of the country to its advantage, has issued Master Directions - Information Technology Framework for the NBFC Sector, 2017 vide its notification no. DNBS.PPD.No.04/66.15.001/2016-17 dated June 08, 2017, in exercise of the powers conferred in terms of clause (b) of sub-section (1) of 45-L of the Reserve Bank of India Act, 1934 (Act 2 of 1934).

INDEX of the Contents of the Master Direction

~Introduction
~Section-A: 1. IT Governance, 2.  IT Policy, 3. Information and Cyber Security, 4. IT Operations, 5. IS Audit, 6. Business Continuity Planning, 7. IT Services Outsourcing
~Section-B: 8. Recommendations for NBFCs with asset size below Rs. 500 crore
~Annex- I: Template for reporting Cyber Incidents


Introduction:
The NBFC (Non-Banking Finance Company) sector has grown in size and complexity over the years. As the NBFC industry matures and achieves scale, its Information Technology /Information Security (IT/IS) framework, Business continuity planning (BCP), Disaster Recovery (DR) Management, IT audit, etc. must be benchmarked to best practices.

2. Accordingly, directions on IT Framework for the NBFC sector that are expected to enhance safety, security, efficiency in processes leading to benefits for NBFCs and their customers are enclosed. NBFCs may have already implemented or may be implementing some of the requirements indicated in the circular. NBFCs are therefore required to conduct a formal gap analysis between their current status and stipulations as laid out in the circular and put in place a time-bound action plan to address the gap and comply with the guidelines.

3. The focus of the proposed IT framework is on IT Governance, IT Policy, Information & Cyber Security, IT Operations, IS Audit, Business Continuity Planning and IT Services Outsourcing. The directions are categorized into two parts, those which are applicable to all NBFCs with asset size above Rs. 500 crore (Considered Systemically Important) are provided in Section-A. Directions for NBFCs with asset size below Rs. 500 crore are provided in Section-B.

4. NBFCs may place these directions before their Board, together with a gap-analysis vis-a-vis the Master Direction and the proposed action by September 30, 2017.

5. NBFCs- Systemically Important shall comply with the Master Directions by June 30, 2018 and other NBFCs (asset size below Rs. 500 crore) shall comply by September 30, 2018.

5. NBFCs- Systemically Important shall comply with the Master Directions by June 30, 2018 and other NBFCs (asset size below Rs. 500 crore) shall comply by September 30, 2018.


THE FULL CONTENTS OF THE ABOVE MASTER DIRECTION IS AVAILABLE HERE - LINK

No comments:

Post a Comment

Share your valuable opinion or your query here.

Additional Info

privacy policy