Call this the effect of UCO Bank’s recent ₹820-crore IMPS glitch. The Finance Ministry will convene a crucial meeting on November 28 to discuss issues related to the increasing cybercrimes in the financial sector.

This meeting assumes significance as it comes at a time when cybercrime, powered by Artificial Intelligence (AI), is taking root around the world with huge implications for the Indian financial sector. 

There is also growing clamour for far more cogent steps from banks to guard themselves from cyber attacks and related financial frauds.

Several cyberlaw and cybersecurity experts are now making a case for India to enact a dedicated legislation on cybersecurity, or at least introduce specific provisions in law to drive accountability among those at the helm of banks.

The meeting, which will be chaired by Department of Financial Services (DFS) Secretary Vivek Joshi, will see participation from the chiefs of various regulatory bodies, including the RBI, said official sources. 

Among those invited are the RBI Governor nominee (not below the rank of Executive Director); TRAI Chairperson; Secretary in Department of Economic Affairs (DEA); Revenue Secretary; Telecom Secretary; MeitY Secretary; Chairman of Unique Identification Authority of India (UIDAI); and CEO of National Payments Corporation of India (NPCI), they added.

The Finance Ministry has also invited the chief executives of Google Pay and Razorpay, besides the MD & CEOs of certain large public sector banks (State Bank of India, Canara Bank, Punjab National Bank and Bank of Baroda) and certain private sector banks (ICICI Bank, HDFC Bank and IDFC First Bank), sources added.

The chief executives of banks have been requested to attend the meeting in person, they said.

During the meeting, Indian Cyber Crime Coordination Centre (I4C) will make a presentation on the latest statistics of digital payment frauds as reported in National Cyber Crime Reporting Portal (NCRP), including challenges and issues faced in countering financial cybercrimes. 

Also, State Bank of India (SBI) will make a brief presentation on the Proactive Risk Monitoring strategy implemented by them. 

Need Accountability

Cyberlaw experts feel that banks, especially public sector banks, today need to take number of steps to beef up their cybersecurity preparedness. 

“Right now the law is behind in respect of banks. With so much of cyber attacks by State and non State actors and misuse of AI, Cyber security has to be top most agenda of every Board of every bank”, Pavan Duggal, a Cyberlaw expert, told businessline.

India needs a dedicated legislation on cybersecurity as the current Information Technology Act 2000 is not capable of addressing the issues of cybersecurity, he said.

“Lot of other countries have started coming up with dedicated cybersecurity laws. In case we do not want to do that, then amend the IT Act to incorporate all aspects of cybersecurity”, Duggal added.

Aniket Bhosle, Cybersecurity Consulting Partner, EY India, said that the Indian legal framework should at the organisation level drive accountability and ensure that right set of cybersecurity controls are in place. “Accountability on cybersecurity should come at the senior management level also and not only at the Board. It should be there not only for financial sector but also for other critical sectors like healthcare. This accountability should be introduced in the law through amendments,” said Bhosle.