The Reserve Bank of India (RBI) has imposed a monetary penalty of ₹2.66 crore on Bank of Bahrain & Kuwait BSC(India Operations) for non-compliance with regulatory directions on “Cyber Security Framework in Banks”.

The information technology examination of the bank conducted by RBI in October 2021, cyber security incident reported by the bank to RBI, and all related correspondences pertaining to the same, revealed non-compliance with aforesaid directions, per a central bank statement.

Extent of non-compliance

RBI said non-compliance with the aforesaid directions was to the extent, that the bank failed to: implement systems to detect unusual and unauthorised, internal or external activities in its database; enable audit logs for database and operating system of servers; implement multi-factor authentication for accessing critical servers; have a cyber crisis management plan; among others.

In furtherance to the same, a notice was issued to the bank advising it to show cause as to why the penalty should not be imposed on it for failure to comply with RBI directions, according to the statement.

Charge substantiated

After considering the bank’s reply to the notice, oral submissions made during personal hearing and additional submissions made by it, RBI concluded that the charge of non-compliance with the aforesaid RBI direction was substantiated and warranted imposition of monetary penalty, to the extent of non-compliance with such directions, it added.

“This penalty has been imposed in exercise of powers vested in RBI under the provisions of …the Banking Regulation Act, 1949 (the Act). This action is based on deficiencies in regulatory compliance and is not intended to pronounce upon the validity of any transaction or agreement entered into by the bank with its customers,” RBI said.

Related Topics
comment COMMENT NOW