RBI unveils draft directive to enhance digital payment safety controls and cyber resilience

Written By Raunak Jain | Updated: Jun 03, 2023, 07:03 PM IST

RBI introduces draft directive to enhance digital payment security and cyber resilience.

RBI: In a significant move, the Reserve Bank of India (RBI) has recently unveiled a draft master directive focusing on cyber resilience and enhancing digital payment safety controls for payment system operators. This crucial development comes as the central bank aims to fortify the security measures surrounding digital transactions. The RBI has invited comments on this draft directive, extending the deadline until June 30. Those interested in providing their input can conveniently do so via email or post, addressing their communication to the Chief General Manager at the Department of Payment and Settlement Systems, Central Office, Mumbai, RBI.

Understandably, cyber security and payment safety have become paramount concerns in the current digital landscape. The RBI had already taken significant steps by announcing on April 8 that it would issue explicit instructions regarding cyber resilience and payment security controls for payment system operators (PSOs). These guidelines encompass several crucial aspects, including governance mechanisms, risk identification, assessment and management, information security, and baseline security measures, all aimed at ensuring secure digital payment transactions.

Of particular note is the emphasis placed on the linkages between PSOs and unregulated entities within their digital payments ecosystem, such as payment gateways, third-party service providers, vendors, and traders. The draft guidelines make it clear that PSOs must take effective measures to identify, monitor, control, and manage cyber and technology-related risks arising from these connections. To achieve this, mutual agreement and compliance with the specified directions by the unregulated entities are expected.

To ensure comprehensive oversight, the responsibility for monitoring information security risks, including cyber risk and cyber resilience, will fall upon the Board of Directors of the PSOs. However, the primary task of overseeing these aspects may be entrusted to a dedicated sub-committee that convenes at least once every quarter. This approach aims to ensure that the highest standards of information security are upheld, mitigating potential risks and vulnerabilities.

Recognizing the evolving nature of cyber threats and the need for proactive measures, the RBI has also directed PSOs to develop a dedicated Cyber Crisis Management Plan (CCMP). This plan, which must be approved by the board, will provide a framework for detecting, controlling, responding to, and recovering from cyber threats and attacks. Furthermore, PSOs are advised to conduct regular cyber risk assessments whenever launching new products or services, adopting new technologies, or implementing significant changes to existing infrastructures or processes.

Read more: RBI unveils draft directive to enhance digital payment safety controls and cyber resilience