Connect with us

Headlines of the Day

RBI unveils final guidelines on IT governance for regulated entities

The Reserve Bank of India (RBI) on Tuesday released final guidelines on information technology (IT) governance for regulated entities (REs) like banks, non-bank financial companies, credit information companies and other financial entities. These entities have been mandated to put in place a robust IT governance framework. As per the new guidelines, which will come into effect from April 1 next year, the REs will have to set up a board-level IT strategy committee (ITSC), which will be headed by an independent director and will have three directors as members.

“The chairperson of the ITSC shall be an independent director and have substantial IT expertise in managing/guiding IT initiative,” noted the guidelines.

The committee will ensure that the RE has put an effective IT strategic planning process in place and will guide in preparation of IT strategy and ensure that the IT strategy aligns with the overall strategy of the RE towards accomplishment of its business objectives.

The guidelines mandate REs to establish an IT steering committee with representation at senior management level from IT and business functions. This committee will assist the ITSC in strategic IT planning, oversight of IT performance and aligning IT activities with business needs, and will oversee the processes put in place for business continuity and disaster recovery. It will also ensure implementation of a robust IT architecture meeting statutory and regulatory compliance.

As per the guidelines, REs must appoint a sufficiently senior level, technically competent and experienced official in IT-related aspects as head of IT function.

“As a first line of defence, the head of IT function shall ensure effective assessment, evaluation and management of IT controls and IT risk, including the implementation of robust internal controls, to secure the RE’s information assets and comply with extant internal policies, regulatory and legal requirements on IT related aspects,” noted the guidelines.

The guidelines mandate REs to put in place a robust IT service management framework for supporting their information systems and infrastructure to ensure the operational resilience of their entire IT environment.

As per the guidelines, every IT application, which can access or affect critical or sensitive information, shall have necessary audit and system logging capability and should provide audit trails. The audit trails shall satisfy a RE’s business requirements apart from regulatory and legal requirements. The audit trails must be detailed enough to facilitate the conduct of audit, serve as forensic evidence when required and assist in dispute resolution, including for non-repudiation purposes. Financial Express

Click to comment

You must be logged in to post a comment Login

Leave a Reply

Copyright © 2024 Communications Today

error: Content is protected !!