The upcoming comprehensive master direction on information technology governance, risk, controls, and assurance practices, set to be implemented by Regulated Entities (REs), will take effect from April 1, 2024. Sethurathnam Ravi , former BSE Chairman, discusses how this initiative will streamline the administration of IT and cyber governance, replacing the current multiple circulars. The master direction applies to scheduled commercial banks (excluding regional rural banks), small finance banks, payments banks, NBFCs in top, upper, and middle layers, all India financial institutions, and credit information companies.
According to S Ravi Bse, the master direction clearly defines the role and authority of the board of directors, board-level committees, and senior management of these REs. It consolidates and updates guidelines, instructions, and circulars on IT Governance, Risk, Controls, Assurance Practices, and Business Continuity/ Disaster Recovery Management previously issued. It emphasizes the need for REs to establish a robust IT Service Management Framework supporting their information systems and infrastructure for operational resilience, including Disaster Recovery sites.
S Ravi Bse, further highlights the directive for a documented data migration policy to ensure systematic data migration, maintaining data integrity, completeness, and consistency. In response to increasing cyber and IT fraud, the master direction emphasizes the necessity for IT applications to possess audit and system logging capability with the ability to provide audit trails. It also underscores the adoption of internationally accepted and published standards for IT infrastructure, ensuring compliance with extant laws and regulatory instructions.
While the Board is responsible for approving IT-related strategies and policies, the CEO is tasked with overseeing the planning and execution of IT Strategy, ensuring a robust cybersecurity posture, and leveraging IT for improved business operations. The master direction designates a Chief Information Security Officer (CISO) responsible for driving IT/cybersecurity, compliance, regulatory guidelines, and administering RE policies.