RBI releases draft on cyber resilience, digital payment security controls

The Reserve Bank of Indis (RBI) on Friday issued draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs).

According to the RBI's release, the central bank has invited feedback from the shareholders on the same.

RBI's draft directions include a governance mechanism for the identification, assessment, monitoring, and management of cybersecurity risks including information security risks and vulnerabilities, along with specifying baseline security measures for ensuring safe and secure digital payment transactions.

The draft comes after the central bank, during the April monetary policy meeting (MPC), announced that it will issue these guidelines.

The release further added, "These directions aim to improve safety and security of the payment systems operated by PSOs by providing a framework for overall information security preparedness with an emphasis on cyber resilience."

The decision was taken to ensure the safety and security of payment systems, which is a key objective of the RBI. These directions for draft rules will also cover baseline security measures for ensuring system resiliency as well as safe and secure digital payment transactions, the RBI said. 

The release also added that the board of directors of the PSOs will be responsible to ensure adequate oversight over information security risks, which includes cyber risks and cyber resilience.

The PSOs have also been directed to prepare a unique Board approved Cyber Crisis Management Plan (CCMP) to detect, contain, respond, and recover from cyber threats and cyber-attacks.

The PSOs shall also maintain a record of all the key roles, information assets, critical functions, processes, third-party service providers, and their interconnections and classify and document their levels of usage, criticality, and business value. 

A comprehensive data leak prevention policy shall also be put in place, the RBI added.