Feature

Regulatory regime for BFSI: How information security will play a critical role

Regulatory agencies like RBI and IRDAI are taking steps to secure BFSI companies from cyber threats.

IDG Staff Feb 01st 2018
Cybersecurity-startup-hires-CIO-to-accelerate-growth.jpg

Financial policies and regulations for the BFSI sector are today more streamlined and detailed than ever before, helping enterprises raise calibrated defenses against perceived data threats. With clear guidelines on safeguarding technology, data privacy and security have ensured BFSI enterprises remain compliant and ready to brace any imminent threat.

The BFSI sector has been one of the pioneering sectors when it comes to adoption of technological innovations. It is no surprise that banks, financial enterprises, insurance companies, and Fintech startups are all allocating bigger budgets towards improving their IT infrastructure. Equally, cyber security remains a big challenge for the sector, along with ensuring regulatory compliance to ensure data privacy.

Data privacy and security in BFSI sector

While many countries have comprehensive legislations to ensure protection of a customer’s sensitive information, India has regulators like the Reserve Bank of India (RBI) and Insurance Regulator and Development Authority of India (IRDAI) for various BFSI enterprises. Data privacy in the BFSI sector is largely controlled as per the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) rules where BFSI enterprises need the consent of a customer before releasing any associated customer data.

With the introduction of the Insolvency and Bankruptcy Code, 2016 and creation of Information Utilities (IU), data security and privacy has been a prime focus of attention. While IU holds the financial information database of creditors, the data can only be shared with specific institutions, ensuring optimal data protection and privacy.

RBI’s IT Reforms: A boon for BFSI players

With the BFSI sector moving largely towards a paperless system, the RBI has initiated an IT reform specifically for this sector. The RBI has created an Information Technology (IT) subsidiary for monitoring and regulating internet-based services offered by the sector.

Such a dedicated IT subsidiary not only strengthens RBI’s cyber security preparedness, it also offers BFSI enterprises guidance on safety yardsticks and best practices.

Mapping the CISO’s role and responsibilities

The BFSI sector has been one of the major drivers of the economy as well as promoter of the growth of the IT security market in the country. Regulatory focus on security and privacy, which was something more confined to the rulebook, has today taken center stage.

The BFSI industry has been proactive in ensuring that a Chief Information Security Officer (CISO) manages all IT security compliances for the enterprises. The Ministry of Electronics and Information Technology (‘MeitY’) has also released a note detailing the exact roles and responsibilities of CISOs, with clear guidelines  regulatory compliance.

Skilled workforce for the BFSI Sector

The Government of India has set up an ambitious target of having 500 million skilled employees across various sectors by 2020. The Ministry of Finance has established the National Skill Development Corporation (NSDC).

For the BFSI sector, the Ministry has set up the BFSI Sector Skill Council of India with an aim to bring all leading organizations of the BFSI industry under a common platform.

This BFSI Sector Skill Council of India umbrella is poised to help in creation of both short and long term strategies and operational plans to help create standardized skill requirements. This is especially so in information security related roles, helping keep the guard up against any eventual technological, data, or security threats.