NEW GUIDELINES OF RBI (Syllabus: GS Paper 3 – Economy)

News-CRUX-10     9th November 2023        
output themes

Context: The Reserve Bank of India (RBI) recently released final guidelines on information technology (IT) governance for regulated entities (REs) like banks, non-bank financial companies, credit information companies, and other financial entities.

  • As per the new guidelines, which will come into effect from April 1 next year, the REs will have to set up a board-level IT strategy committee (ITSC), which will be headed by an independent director and will have three directors as members.

IT Strategy Committee (ITSC)

  • Establishment of ITSC: The RE will create a Board-level IT Strategy Committee (ITSC), comprising a minimum of three directors.
  • Meeting: The ITSC will convene at least on a quarterly basis to review and strategize.
  • This committee will ensure the effective implementation of IT strategic planning processes and guide in the preparation of IT strategy.
  • It will also ensure that the IT strategy aligns with the overall strategy of the RE to achieve its business objectives.

New Guidelines on Information Technology (IT) Governance for Regulated Entities (REs)

  • Structure: REs are required to establish a comprehensive IT governance framework.
  • Processes: The framework should encompass strategic alignment, risk management, resource performance, and Business Continuity/Disaster Recovery Management.
  • Defining Roles and Responsibilities: The framework will define the roles and responsibilities of key stakeholders, including the Board of Directors, board-level Committees, and Senior Management.
  • Accountability: Measures will be put in place to oversee IT and cyber/information security risks effectively.
  • Accountability mechanisms will be established to mitigate these risks.
  • Incorporating IT-Related Risk Assessment: The enterprise-wide risk management policy will include periodic assessments of IT-related risks, including inherent and potential risks.
  • Approval and Review: The Board of RE will approve strategies and policies related to IT, Information Assets, Business Continuity, Information Security, and Cyber Security.

output themes