Page 50 - Banking Finance January 2020
P. 50
RBI CIRCULAR
Extension of relaxation on the guidelines IT ecosystem (such as physical infrastructure, hardware,
software, reconciliation system, network interfaces,
to NBFCs on securitisation transactions security solutions, hardware security module,
RBI/2019-20/131 middleware, associated people, processes, systems,
December 31, 2019 data, information, etc.,) providing ATM switch services
as well as any other type of payment system related
1. Please refer to the circular DNBR (PD)CC.No.95/ services to the RREs.
03.10.001/2018-19 dated November 29, 2018 on
“Relaxation on the guidelines to NBFCs on securitisation 3. The regulatory instructions issued from time to time in
transactions” and the circular DNBR (PD)CC.No.100/ terms of circulars/advisories/alerts, as applicable to the
03.10.001/2018-19 dated May 29, 2019 extending the ATM switch ecosystem shall be shared with the ASPs
dispensation till December 31, 2019. for necessary compliance.
2. On a review, it has been decided to extend the 4. A copy of this circular may be placed before the Board
relaxation provided therein till June 30, 2020. All other of Directors in its ensuing meeting.
instructions governing securitisation and direct
assignment transactions remain unchanged. 5. Please acknowledge receipt.
(Chandan Kumar) (R. Ravikumar)
General Manager Chief General Manager
Cyber Security controls for Third party Constitution of Board of Management
ATM Switch Application Service Providers (BoM) in Primary (Urban) Co-operative
RBI/2019-20/130 Banks (UCBs)
December 31, 2019 RBI/2019-20/128
December 31, 2019
1. Please refer to para I (8) of the Statement on
Developmental and Regulatory policies of the Fifth Bi- 1. Reserve Bank of India had released draft guidelines on
constituting BoM in UCBs on June 25, 2018 inviting
monthly Monetary Policy Statement for 2019-20 dated
December 5, 2019 (extract enclosed). comments from banks and other stakeholders. Taking
into consideration the responses received, it has been
decided to issue the guidelines on BoM as per Annex I.
2. It is observed that a number of RBI Regulated Entities
(RREs) manage their ATM Switch ecosystem through 2. UCBs shall constitute a BoM by making suitable
shared services of third party ATM Switch Application amendments in their bye-laws. The BoM shall comprise
Service Providers (ASPs). Since these service providers of persons with special knowledge and practical
also have exposure to the payment system landscape, experience in banking to facilitate professional
it is felt that some cyber security controls are required management and focused attention to the banking
to be put in place by them. In view of this, the RREs related activities of the UCBs through appropriate
shall ensure that the contract agreement signed amendments to their bye-laws, in accordance with the
between them and the third party ATM Switch ASP enclosed guidelines following the due process. While
shall necessarily mandate the third party ATM Switch constituting the BoM, the Board of Directors (BoD) of
ASP to comply with the cyber security controls given in UCB shall carry out a process of due diligence to
the Annex on an ongoing basis and to provide access determine the suitability of the person for appointment
to the RBI for on-site/off-site supervision. To this effect, as the member of the BoM, based upon qualification,
the contract agreements shall be amended at the expertise, track record, integrity and other ‘fit and
earliest or at the time of renewal, in any case not later proper’ criteria as set out in Appendix I. Similar process
than March 31, 2020. The list of prescribed controls is of due diligence shall be carried out for determining
indicative but not exhaustive. It may be mentioned that the suitability of a candidate for appointment as CEO.
these controls are applicable to the ASPs limited to the For this purpose, banks shall obtain declaration-cum-
50 | 2020 | JANUARY | BANKING FINANCE
