The Reserve Bank of India (“RBI”) has issued Master Directions on Information Technology Governance, Risk, Controls and Assurance Practices (“ITGRCA Directions” or the “Directions”) (available, here) on November 7, 2023, pursuant to powers granted under Section 35A of the Banking Regulation Act, 1949 read with Section 45L of the Reserve Bank of India Act, 1934 and Section 11 of the Credit Information Companies (Regulation) Act, 2005. The directions came in furtherance of the Statement on Developmental and Regulatory Policies in February 2022 and invitation for comments from all stakeholders on the Draft Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices in October 2022.
The ITGRCA Directions aim to update, integrate and consolidate the instructions relating to information technology, governance and controls, business continuity management and information system audits.
The Directions are applicable to regulated entities including a) all banking companies; b) NBFCs; c) Credit Information Companies; d) EXIM Bank; e) NABARD; f) National Housing Bank; and g) SIDBI.
Further, foreign banks operating in India through branch mode, reference to the board of directors in these Directions should be read as reference to the controlling office/ Head office which has the oversight over the branch operations in India. Further, such foreign banks shall be subject to a ‘comply or explain’ approach.
The Directions won’t be applicable to (a) Local Area Banks; (b) NBFC-Core Investment Companies and (c) Base layer NBFC’s.
The key highlights of the Directions are stated below:-
The Directions are being structured in a manner to keep the financial sector at pedestal with the information technology sector. These Directions will make sure that the Regulated Entities including the NBFC’s shall ensure governance & control framework at par with Banks. It is a challenging move for NBFC’s as earlier there no robust and stringent assessment and implementation control framework applicable to them. Overall, the Directions will strengthen the Regulated Entities’ IT defenses, in a way contribute to the momentum toward improved consumer safety, transparency and governance in the financial system.
Please find a copy of the RBI’s Master Directions here.
This update has been contributed by Jitendra Soni (Partner) and Harsh Garg (Associate).
Argus Knowledge Centre is now on WhatsApp! Send us a message on +91 8433523504 to receive updates from our Knowledge Centre.
11, 1st Floor, Free Press House
215, Nariman Point
Mumbai – 400021
9 – 10 Bahadur Shah Zafar Marg
Delhi – 110002
+91 11 23701284/5/7
155, ESC House, 2nd floor,
Okhla Industrial Estate, Phase 3,
New Delhi – 110020
68 Nandidurga Road
Bengaluru – 560046
3rd Floor, 27B Camac Street
Kolkata – 700016
The rules of the Bar Council of India do not permit advocates to solicit work or advertise in any manner. This website has been created only for informational purposes and is not intended to constitute solicitation, invitation, advertisement or inducement of any sort whatsoever from us or any of our members to solicit any work in any manner. By clicking on 'Agree' below, you acknowledge and confirm the following:
a) there has been no solicitation, invitation, advertisement or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
b) you are desirous of obtaining further information about us on your own accord and for your use;
c) no information or material provided on this website is to be construed as a legal opinion and use of this website will not create any lawyer-client relationship;
d) while reasonable care has been taken in ensuring the accuracy of the contents of the website, Argus Partners shall not be responsible for the results of any actions taken on the basis of information provided in this website or for any error or omission in the website; and
e) in cases where the user has any legal issues, the user must seek independent legal advice.