IT Framework for NBFCs
As the NBFC industry matures and achieves scale, its Information Technology /Information Security (IT/IS) framework, Business continuity planning (BCP), Disaster Recovery (DR) Management, IT audit, etc.
To enhance the safety
Business Continuity Planning
Information Security Policy
IT Framework for NBFCs
As the NBFC industry matures and achieves scale, its Information Technology /Information Security (IT/IS) framework, Business continuity planning (BCP), Disaster Recovery (DR) Management, IT audit, etc. must also be benchmarked to best practices. To enhance the safety, security, efficiency in processes leading to benefits for NBFCs and their customers, the Reserve Bank of India (RBI) has come up with the Information Technology Framework for the NBFC Sector.
Applicability: The directions have been categorised into two parts:
- Directions applicable to all NBFCs with asset size above Rs500 crore
- Directions for NBFCs with asset size below Rs 500 crore
For an NBFC-SI, the following agenda items may be taken up by the Board in its upcoming meeting:
- Prepare a gap analysis between the current status of the IT framework and the guidelines laid down in the Directions.
- Formation of Committees:
- IT Strategy Committees and
- IT Steering Committees
- Information Technology Policy
- Information Security Policy
- Cyber Security Policy
- Change Management Policy
- Policy for Information System Audit (IS Audit)
- Business Continuity Planning Policy
Systemically Important NBFCs i.e. with asset size below Rs500 crore
The focus of the proposed IT framework is on IT Governance, IT Policy, Information & Cyber Security, IT Operations, IS Audit, Business Continuity Planning and IT Services Outsourcing. The Board has to take up the task of preparing the gap analysis before the end of the third quarter; accordingly, the background work for this has to be initiated at the earliest.
NBFCs with asset size below Rs500 crore
The RBI has laid down certain recommendations for NBFCs with smaller asset size to develop basic IT systems mainly for maintaining the database. The Action Points for such smaller NBFCs are as follows:
- To have a Board approved Information Technology policy/Information system policy in place
- IT Systems should be progressively scaled up as the size and complexity of NBFC’s operations increases