Banks are underutilising their IT budgets, which reflects that they are not sufficiently building against cyber risks, RBI Deputy Governor Swaminathan J said on Thursday.

“This is the industry-wide trend that we see. While there is no lack of budget, we find the utilisation ranges from 40 to 60 per cent of the Budget, which means we are behind the curve in augmenting our systems,” he said at SBI’s Banking and Economic Conclave.

‘Not enough’

Highlighting some recent incidents of unscheduled downtimes at banks, which Swaminathan said that the central bank has observed that many banks have not been spending fully on the budget earmarked for the procurement of IT systems and IT security systems.

Banks need to proactively commit adequate resources for augmenting their IT infrastructure, commensurate with their business plans and also monitor them for continued availability and stability, he said, adding that it is imperative for banks and payment system participants to ensure uninterrupted availability of various online and mobile banking channels at all times.

He also called for banks and other ecosystem participants to have robust disaster recovery and business continuity plans in place and to test them periodically, saying that IT infrastructure and channels need to be protected from emerging cyber threats to ensure operational resilience.

“The boards and IT strategy committees of the banks need to step up their oversight in this matter,” he said, calling on banks to use “good times like these” to build adequate risk buffers, augment capital, build provisions, and strengthen their risk management to understand in advance any risk building up and so that both expected and unexpected losses can be absorbed.

“Invest in technology as if there is no tomorrow because ensuring operational and business resilience is going to be purely dependent on our ability to maintain a sturdy, safe, secure, and scalable IT architecture,” he said.

Consumer protection

Speaking on consumer protection, Swaminathan said that while the RBI issued the digital lending guidelines last year, it is still coming across instances of non-compliance with these guidelines. This has forced the RBI to take appropriate supervisory action, including the imposition of business restrictions where warranted, he said urging the industry to review and strengthen compliance with all regulatory instructions on customer protection and grievance redressal.

Swaminathan also reiterated the need for vigilance regarding accompanied risks from outsourced and third-party services, such as the potential loss of control over critical operations, data security breaches, heightened dependency on third-party providers, and the possibility of reputation damage stemming from the misconduct of service providers.

He also cautioned against risks emanating from climate change, saying that India, due to its geographic, environmental, and economic characteristics, is particularly vulnerable to climate change.

“Variability in monsoon patterns coupled with temperature change impacts crop production and affects our food security. Apart from agriculture, even in other sectors, the economic impact of climate change in India could be substantial,” he said, adding that such risks pose both micro- and macro-prudential concerns, and thus there is a need for an appropriate framework to identify, assess, and manage climate-related risks.

Related Topics
comment COMMENT NOW