Master Direction on Information Technology Governance

Statement on Developmental and Regulatory Policies released with the Bi-monthly Monetary Policy Statement 2021-22 on February 10, 2022, wherein it was announced that draft guidelines, updating and consolidating the instructions relating to Information Technology (IT) Governance and Controls, Business Continuity Management and Information Systems Audit, will be issued by the Reserve Bank of India. It is a master Direction prescribed by RBI on Information Technology Governance, Risk, Controls and Assurance Practices, to be implemented by the Regulated Entities which is further divided in 7 domains. It is applicable to Scheduled Commercial Banks (excluding Regional Rural Banks); Small Finance Banks; Payments Banks; Non-Banking Financial Companies in Top, Upper and Middle Layers; All India Financial Institutions (NHB, NABARD, SIDBI, EXIM Bank and NaBFID); and Credit Information Companies.

This document facilitates the easy of IT and cyber governance and compliance as instead of multiple circulars, this is one master document including compilation of regulation in relation to IT, Audit, Governance and more It brings all entities under one umbrella, and unifies all all REs which will ease the governance and compliance management & also enable the learnings and understanding inter-perable. With swift move towards digitalization and increasing threats, the master direction brings the required structure and procedures to make the banking systems more secure.

IT Governance is rather robustly defined and compliance of the same would be ensured by setting in various roles, governance structure and processes necessary to meet the RE’s business/ strategic objectives.