Monetary Policy Statement 2012-13 - IT and IS Governance structures

RBI/2011-12/600 
DIT Cir. No.2833/09.63.025/2011-12

June 13, 2012

The Chairmen/Chief Executive Officers,
All Scheduled Commercial Banks (excluding RRBs)

Madam / Dear Sir,

Monetary Policy Statement 2012-13 - IT and IS Governance structures

Please refer to the paragraphs 121-123 of the Monetary Policy Statement 2012-13, wherein we have emphasized the importance of implementing IT and IS Governance structure in banks. It is expected that all banks adopt appropriate frameworks for both IT and IS Governance and put in place the proper structure and systems. Accordingly, we request you to take up suitable steps at your end in this regard and ensure that the issues relating to governance, information security and business continuity get adequate attention at the Board level. In this regard, the document prepared by IDRBT on the ‘Organizational Structure for IT in the Indian Banking Sector’ can serve as a reference manual.

2. We also draw your attention to Para 124 on automated data flow and request you to develop and deploy suitable systems to meet the deadline of March 2013 for its total implementation.

3. Please acknowledge receipt.

Yours faithfully

(G Padmanabhan)
Executive Director

Extracts of the Annual Policy Statement for the year 2012-13

IT and IS Governance

121. Information Technology Vision Document 2011-2017, which was released in February 2011, also sets priorities for commercial banks to move forward from usage of CBS for front-end customer service to areas such as management information system (MIS), regulatory reporting, overall risk management, financial inclusion and customer relationship management. Recognising that possible operational risks arising out of adopting technology in the banking sector could have some impact on financial stability, the document has emphasised the need for internal controls, risk mitigation systems and BCPs. Towards this, banks may work in improving their IT governance structures; and evolve well defined information technology policies as well as information security (IS) frameworks.

122. Adoption of well-structured IT governance models will assist banks in enabling better alignment between IT and business, create efficiencies, enhance conformity to internationally accepted best practices and improve overall IT performance, as also enable better control and security. IT governance objectives may be translated effectively and efficiently into improved performance. In order to achieve the above, banks need to move towards adoption of well-structured IT governance models. At its own level, the Reserve Bank has set up an IT Sub-Committee of the Central Board, chaired by an external director, in order to strengthen its IT governance mechanism.

123. Banks are increasingly relying on various IT based channels to operate their businesses and market interactions. Ability of banks to take advantage of new opportunities would largely depend on their capability to provide accessible and secure service channels. However, this would also increase their exposure to technology and operational risks, which have potential implications for individual banks as also for the entire financial sector. Adoption of comprehensive IS frameworks suiting the prevalent banking environment, business goals, processes, people and technology will be imperative to meet these challenges

Automated Data Flow from Banks

124. Following the announcement in the Monetary Policy Statement of May 2011, banks have undertaken to bring returns to be submitted to the Reserve Bank under Automated Data Flow (ADF). A working group comprising representations from banks and the Reserve Bank has been constituted for guiding and monitoring the implementation of the ADF project. Banks are adopting different strategies for putting in place systems and processes required for achieving automation of internal data flow to generate returns without manual intervention. Banks are required to implement suitable solutions to generate all the returns to be submitted to the Reserve Bank by end-March 2013. The Reserve Bank has been closely monitoring the progress of implementation.