Rapid strides in Information Technology (IT) and its swift adoption by the commercial banks in India have enabled banks to use IT extensively to offer products and services to customers apart from automating internal processes. Some opportunities arising from intensive use of IT are multiple delivery channels to customers, development of new products and processes, reduction in service delivery costs and potential for financial inclusion initiatives.

Developments in IT have also brought along a whole set of challenges to deal with. Rapid changes in technology, complexities, high costs, security and data privacy issues, new laws and regulations and inadequacy of trained manpower are some challenges faced by banks. Inadequate IT controls could result in cyber frauds and poor implementation of technology could lead to unsound decision making based on inaccurate information/data. The cyber threat landscape is also changing over the years and this needs to be factored in while considering mitigating measures.

Given this context, there was a need to enhance the governance of IT and institute robust information security measures in the Indian banking sector based on extant international standards and best practices. Information technology (IT) risk assessment and management was required to be made a part of the risk management framework of a bank, while internal audits/information system audits needed to independently provide assurance that IT-related processes and controls were working as intended. Given the instances of cyber fraud in banks recently, it was necessary to improve controls and examine the need for pro-active fraud risk assessments and management processes in commercial banks. With the increase in transactions in electronic mode, it was also critical to examine the legal implications for banks arising out of cyber laws and steps that were required to be taken to suitably mitigate the legal risks.  To consider these issues, the Governor had announced, in the Annual Monetary Policy Statement 2010-11 in April, 2010, the creation of a Working Group on Information Security, Electronic Banking, Technology Risk Management and Tackling Cyber Fraud.

The Group was composed of the following members:

Members

1. Shri G Gopalakrishna, Executive Director (Chairman)

2. Shri P K Panda, Chief General Manager (Member Secretary)

3. Prof H Krishnamurthy, Principal Research Scientist, IISc, Bangalore

4. Dr. G.Sivakumar, Professor, IIT Mumbai

5. Shri Pavan Duggal, Advocate, Supreme Court of India

6. Shri Patric Kishore, GM and CISO, SBI, Mumbai

7. Shri Nandkumar Saravade, GM,ICICI Bank, Mumbai

8. Shri Sanjay Sharma, MD & CEO, IDBI Intech Ltd

9. Shri Akhilesh Tuteja, Executive Director, IT Advisory Practice, KPMG, Mumbai

10. Shri Abhay Gupte, Senior Director, Deloitte Touche Tohmatsu, New Delhi

11. Dr. K Ramakrishnan, Chief Executive, IBA

12. Shri. B. Sambamurthy, Director, IDRBT, Hyderabad

13. Dr. K.K. Bajaj, CEO, Data Security Council of India

Invitees from RBI

1. Shri B. Mahapatra, CGM-in-Charge, DBOD

2. Shri G. Padmanabhan, CGM-in-Charge, DPSS

3. Shri G.S. Hegde, Principal Legal  Advisor, Legal Department

4. Shri.Salim Gangadharan, CGM-in-Charge, FED

The Fraud Monitoring Cell of the Department of Banking Supervision, Central Office RBI, Mumbai provided secretarial support to the High Level Group.