The Reserve Bank of India (RBI) on Friday issued a draft master direction on cyber resilience and digital payment security controls for payment system operators.
The central bank has sought comments on the draft guidelines till June 30. These can be sent through email or post to the Chief General Manager, Department of Payment and Settlement Systems, Central Office, RBI in Mumbai.
The draft guidelines cover governance mechanisms for the identification, assessment, monitoring, and management of cybersecurity risks including information security risks and vulnerabilities, and specify baseline security measures for ensuring safe and secure digital payment transactions.
On April 8, the RBI had announced that it will issue directions on cyber resilience and payment security controls of payment system operators (PSOs).
“To effectively identify, monitor, control and manage cyber and technology related risks arising out of linkages of PSOs with unregulated entities who are part of their digital payments ecosystem (like payment gateways, third-party service providers, vendors, merchants, etc.), PSOs shall ensure adherence to these Directions by such unregulated entities as well, subject to mutual agreement. An organisational policy in this respect, approved by the Board, shall be put in place,” the guidelines say.
It is the board of directors of PSOs who will be responsible for ensuring adequate oversight over information security risks, including cyber risk and cyber resilience. However, primary oversight may be delegated to a sub-committee of the board which shall meet at least once every quarter.