Friday, 23 December 2011

Data Security, Cyber Security And Privacy In Indian Banking Industry

Banking industry of India is passing through a transformation age. From technological upgradations to enacting new regulatory norms, banking sector of India is all set for a big change. However, this change is also very demanding and challenging in terms of legal obligations and technological knowledge. Banks in India are finding it difficult to cope with both.

For instance, banks in India are required to not only ensure cyber due diligence in India but also cyber security due diligence in India. Reserve Bank of India (RBI) has very categorically told Indian banks to ensure effective cyber security in their day to day affairs and banking transactions. However, banks in India are not complying with RBI’s cyber security due diligence requirements due to lack of awareness and technical expertise.

Further, on the compliances front as well, banks in India are not doing the needful. For instance, as per RBI’s recommendations, all banks should create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest. Till now banks in India have not fulfilled these requirements.

Similarly on the front of cyber security Indian banks have not performed well. Cyber security for banking and financial sectors of India is not up to the mark. Internet banking risks in India are in abundance and we have no cyber security of Internet banking in India. Even cyber due diligence for banks in India is not taken seriously by Indian banks. Cyber security of online banking systems in India is by and large below average and many cases of banking financial frauds and cyber crimes have been reported in India.

Even the mobile banking in India is risky as the present banking and other technology related legal frameworks are not conducive for mobile banking in India. We have no dedicated Internet banking laws in India or mobile banking laws in India. Mobile banking transactions in India are risky and untrusting in the absence of mobile cyber security in India. We are still not ready for mobile governance in India as m-governance in India is not going to be successful in the absence of a sound mobile governance policy of India.

Data security and privacy in Indian banking industry is another area that requires special attention of Indian banks. Banks in India must ensure privacy protection and data protection of its customers.

The corporate and banking laws in India are in the process of being streamlined. An Integrated modern banking law in India is also in pipeline. RBI has also prescribed an enhanced due diligence measures by banks of India for higher risks customers. Overall, the emphasis is upon ensuring data security, cyber security and privacy protection by banks operating in India.