RBI Draft: The Reserve Bank of India (RBI) on Friday released a draft master directive on cyber resilience and digital payment safety controls for payment system operators.
The central bank has sought comments on this till June 30. These can be sent through email or post to the Chief General Manager, Department of Payment and Settlement Systems, Central Office, Mumbai, RBI.
RBI had already given information
The draft guidelines cover governance mechanisms for identifying, assessing, monitoring and managing cyber security risks, including information security risks and vulnerabilities, and specify baseline security measures to ensure secure digital payment transactions. The RBI had announced on April 8 that it would issue directions on cyber resilience and payment security controls of payment system operators (PSOs).
There are guidelines for these including payment gateway
The guidelines state, to effectively identify, monitor, control and manage cyber and technology related risks arising out of linkages of PSOs with unregulated entities that are part of their digital payments ecosystem (such as payment gateways. third party service providers, vendors, traders, etc.), the PSOs shall, subject to mutual agreement, ensure that such unregulated entities also comply with these directions.
What is PSO
It is the Board of Directors of the PSO that will be responsible for ensuring adequate monitoring of information security risks including cyber risk and cyber resilience. However, the primary oversight may be entrusted to a sub-committee of the Board which shall meet at least once in every quarter.
Also, RBI has asked PSOs to prepare a separate board-approved Cyber Crisis Management Plan (CCMP) to detect, control, respond to and recover from cyber threats and cyber attacks. In addition, the PSO will undertake cyber risk assessment exercises related to the launch of new products or services or technologies or making major changes to the infrastructure or processes of existing products or services.