The Standing Committee on Finance has proposed the establishment of a centralised and empowered ‘cyber protection authority’, particularly for the financial services ecosystem, similar to the Directorate General of Civil Aviation (DGCA), to tackle the rising instances of white-collar crimes in cyberspace.
The committee, chaired by Jayant Sinha, has based its recommendations on extensive discussions with industry bodies, corporations, and banking authorities. Contributions were sourced from the Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), CERT-In, and private companies like RazorPay and Flipkart.
Click here to connect with us on WhatsApp
The committee also recommended the institution of a white-listing framework for digital lending agencies and other financial intermediaries. The committee believes that this measure will combat illicit practices and promote a standardised code of conduct in the digital lending sector.
According to the committee, introducing a white-listing framework would necessitate thorough evaluation of digital lending agencies to ensure regulatory compliance, operational transparency, and adherence to ethical practices. “This will eliminate fraudulent or unscrupulous digital lending agencies from the market, and promote borrowers from predatory lending practices and other illicit activities," stated the committee report.
The committee also advised that third-party service providers, including big tech and telecom companies, should be regulated. App stores, such as Apple's iStore and Google's Play Store, have been advised to share comprehensive metadata about all apps with the relevant authorities for security checks.
“This data repository will empower regulators to conduct in-depth analysis, identify potential security vulnerabilities and institute appropriate measures to fortify the digital landscape,” said the committee in its recommendations.
The panel was formed to investigate the escalating instances of cyberattacks and develop methods to mitigate them. According to information provided by CERT-In, the organisation observed and managed 1.15 million cyber security incidents in 2020, 1.4 million in 2021, and 1.39 million in 2022.
More From This Section
As cyberattacks rise, so do financial frauds. In FY23, there were 1.99 million instances of fraud, amounting to Rs. 2,537.35 crore, which is an 87 per cent increase from the Rs. 1,357.06 crore reported in FY22, and significantly more than the Rs. 542.7 crore reported in FY21. Most payment frauds are in the form of phishing attacks.
The committee also noted that the current compensation mechanism is complex and time-consuming and places the onus on victims to prove a connection between the cybercrime incident and the financial loss.
“The committee strongly believes in the establishment of an automatic compensation system as designed by the RBI. It should be the sole responsibility of financial institutions to promptly compensate the affected customer...” the report stated.
The committee also emphasised the need for enhancing enforcement capabilities and collaborating with international counterparts to adopt best practices.