Urban Cooperative Banks (UCBs) are a critical part of the banking ecosystem in India. There have been approximately more than 1500 UCBs across India, including multi states and single state operative banks, with an overall depositor base of 8 Crore plus.
Recent developments on legal framework changes and regulatory framework for UCBs would be transformative not only for Banks but also for customers. They will have a broader impact on the banking and financial ecosystem.
Loksabha has passed an amendment to the Banking Regulation Act to bring cooperative banks under the RBI supervision. Powers of the Registrar of Cooperative Societies will not have a significant impact, but this amendment will enable regulation of cooperatives’ banking activity by the Reserve Bank of India (RBI).
Urban cooperative banks and multi-state cooperative banks will be brought under the RBI’s supervision process applicable to commercial banks.
In continuation of the above legislation changes, The Reserve Bank of India last week placed on its website the “Technology Vision for Cyber Security for Urban Co-operative Banks (UCBs) – 2020-2023”. The Technology Vision Document aims at enhancing the cybersecurity posture of the Urban Co-operative banking sector against evolving IT and cyber threat environment.
It envisages achieving its objective through a five-pillared strategic approach GUARD.
This article attempts to deep dive into the vision document on Cyber Security. It assesses its implications on UCBs and explores the approach adopted by UCBs to deploy suggested guidelines in a structured framework.
Cyber Security- Critical Block for UCBs to part of Digital and Fintech Movement
Setting up a cybersecurity framework is a logical step for UCBs to drive digital footprint and drive the next phase of growth without exposing data and cyber risks to its business and customer data. Considering the diverse nature of the business landscape of UCBs, RBI has suggested the approach of “Not One Size Fits All” to drive the implementation of guidelines. Fundamental principles suggested as part of the vision covers
- Tier Wise Approach for Cyber Security: This would require UCBs to do a proper risk assessment and understand its exposure because of its digital footprint, coverage of technology infrastructure, and payment services. Also, Banks should critically assess the next phase of digitization programs and understand risk better.
- Alignment of responsibility of Board for implementation of cybersecurity controls: Making the Board aligned to oversee cybersecurity will also drive Board to have a closer look at the digital program of banks. This will push both digital programs with a balanced approach to cybersecurity. The top-down approach will also be essential to have better oversight on the cost intensive process of implementing cybersecurity controls.
RBI has suggested wide range of control action items ( as indicated in the below image) and provided a time frame of implementation in 2-3 years depending upon the size and format of UCBs.
Picking up Right Approach: Next Step toward building Cyber Security Framework
It takes more than cost to set up the right balanced cybersecurity program within the organization. A successful framework would require UCBs to map business strategy with digital programs and assess its risk profile. This would give banks a fair view of risk exposures and pick up the right set of controls aligned with RBI guidelines.
So, it is crucial to build a framework to
- Assess Risks across segments
- Review all products, processes, technology, and partner programs
- Build Control requirements at the technology layer, digital program
- Build operating procedures for compliance monitoring and audit
- Regular monitoring & reviews of product & service performance
The Digital Fifth has developed a framework to assist UCBs to relook its current state of business mapped with digitization program within the organization and build Cyber Security Framework.
The Digital Fifth