Tuesday 1 February 2011

Due Diligence For Banks In India Under IT Act 2000

Cyber risks for banking industry in India are increasing at an alarming rate. Whether it is phishing scams, spam frauds, Nigerian frauds, ATM frauds or credit card cloning frauds, Indian banking industry is not prepared to tackle them.

Realising the gravity of the situation, the Reserve Bank of India (RBI) has recently released a report of its working group on information security, electronic banking, technology risk management, and cyber frauds.

The report has also issued many guidelines that Indian banks would be required to follow in order to provide safe and secure technology driven banking. Practically, this means that banks in India would be required to adopt techno driven and cyber law related due diligence requirements.

Till now banks have not taken due diligence requirements seriously. Already many cyber law related contraventions adjudication proceedings have started in India. The trend is going in the direction of more such consumer disputes and adjudication proceedings in India.

A major reason for this apathy on the part of banks for due diligence is lack of awareness regarding provisions of cyber law of India. The information technology act, 2000 (IT Act, 2000) clearly mandates observation of due diligence on the part of banks. In the absence of such due diligence, banks can be held liable for consumer losses.

Banks must establish core IT committees as per RBI directions that must consist of good techno legal professionals who can guide them regarding various due diligence requirements under the IT Act, 2000 and other laws.