RBI ISSUES DIRECTIONS ON IT FRAMEWORK FOR THE NBFC SECTOR
The NBFC (Non-Banking Finance Company) sector has grown in size and complexity over the years. As the NBFC industry matures and achieves scale, its Information Technology /Information Security (IT/IS) framework, Business continuity planning (BCP), Disaster Recovery (DR) Management, IT audit, etc. must be benchmarked to best practices. Accordingly, directions on IT Framework for the NBFC sector that are expected to enhance safety, security, efficiency in processes leading to benefits for NBFCs and their customers are released by RBI. NBFCs may have already implemented or may be implementing some of the requirements indicated below. NBFCs are therefore required to conduct a formal gap analysis between their current status and stipulations as laid out in the master directions on Information Technology Framework for the NBFC Sector and put in place a time-bound action plan to address the gap and comply with the guidelines. Such an analysis may be submitted to the Board of the company within six months of the issuance of these directions.
The focus of the proposed IT framework is on IT Governance, IT Policy, Information & Cyber Security, IT Operations, IS Audit, Business Continuity Planning and IT Services Outsourcing. The directions are categorized into two parts, those which are applicable to all NBFCs with asset size above Rs 500 crore (Section A) and for NBFCs with asset size below Rs. 500 crore (Section B).
Section A
IT Governance–IT Governance is an integral part of corporate governance. It involves leadership support, organizational structure and processes to ensure that the NBFC’s IT sustains and extends business strategies and objectives. Effective IT Governance is the responsibility of the Board of Directors and Executive Management. Well-defined roles and responsibilities of Board and Senior Management are critical, while implementing IT Governance. Clearly-defined roles enable effective project control. People, when they are aware of others’ expectations from them, are able to complete work on time, within budget and to the expected level of quality. IT Governance Stakeholders include: Board of Directors, IT Strategy Committees, CEOs, Business Executives, Chief Information Officers (CIOs), Chief Technology Officers (CTOs), IT Steering Committees (operating at an executive level and focusing on priority setting, resource allocation and project tracking), Chief Risk Officer and Risk Committees.
The basic principles of value delivery, IT Risk Management, IT resource management and performance management must form the basis of governance framework. IT Governance has a continuous life-cycle. It’s a process in which IT strategy drives the processes, using resources necessary to execute responsibilities. Given the criticality of the IT, NBFCs may follow relevant aspects of such prudential governance standards that have found acceptability in the finance industry.
1.1 IT Strategy Committee: NBFCs are required to form an IT Strategy Committee. The chairman of the committee shall be an independent director and CIO & CTO should be a part of the committee. The IT Strategy Committee should meet at an appropriate frequency but not more than six months should elapse between two meetings. The Committee shall work in partnership with other Board committees and Senior Management to provide input to them. It will also carry out review and amend the IT strategies in line with the corporate strategies, Board Policy reviews, cyber security arrangements and any other matter related to IT Governance. Its deliberations may be placed before the Board.
1.2 Roles and Responsibilities of IT Strategy Committee: Some of the roles and responsibilities include:
· Approving IT strategy and policy documents and ensuring that the management has put an effective strategic planning process in place;
· Ascertaining that management has implemented processes and practices that ensure that the IT delivers value to the business;
· Ensuring IT investments represent a balance of risks and benefits and that budgets are acceptable;
· Monitoring the method that management uses to determine the IT resources needed to achieve strategic goals and provide high-level direction for sourcing and use of IT resources;
· Ensuring proper balance of IT investments for sustaining NBFC’s growth and becoming aware about exposure towards IT risks and controls.
IT Policy: NBFCs may formulate a Board approved IT policy, in line with the objectives of their organisation comprising the following:
· An IT organizational structure commensurate with the size, scale and nature of business activities carried out by the NBFC;
· NBFCs may designate a senior executive as the Chief Information Officer (CIO) or in-Charge of IT operations whose responsibility is to ensure implementation of IT Policy to the operational level involving IT strategy, value delivery, risk management and IT resource management.
· To ensure technical competence at senior/middle level management of NBFC, periodic assessment of the IT training requirements should be formulated to ensure that sufficient, competent and capable human resources are available.
· The NBFCs which are currently not using IPv6 platform should migrate to the same as per National Telecom Policy issued by the Government of India in 2012. (As per Circular DNBS(Inf.).CC.No 309/24.01.022/2012-13 November 08, 2012)
Information and cyber security : Information Security–Information is an asset to all NBFCs and Information Security (IS) refers to the protection of these assets in order to achieve organizational goals. The IS Policy must provide for a IS framework with the following basic tenets:
· Identification and Classification of Information Assets. NBFCs shall maintain detailed inventory of Information Asset with distinct and clear identification of the asset.
· Segregation of functions: There should be segregation of the duties of the Security Officer/Group (both physical security as well as cyber security) dealing exclusively with information systems security and the Information Technology division which actually implements the computer systems. The information security function should be adequately resourced in terms of the number of staff, level of skill and tools or techniques like risk assessment, security architecture, vulnerability assessment, forensic assessment, etc. Further, there should be a clear segregation of responsibilities relating to system administration, database administration and transaction processing.
· Role based Access Control – Access to information should be based on well-defined user roles (system administrator, user manager, application owner etc.), NBFCs shall avoid dependence on one or few persons for a particular job. There should be clear delegation of authority for right to upgrade/change user profiles and permissions and also key business parameters (eg. interest rates) which should be documented.
· Personnel Security – A few authorized application owners/users may have intimate knowledge of financial institution processes and they pose potential threat to systems and data. NBFC should have a process of appropriate check and balance in this regard. Personnel with privileged access like system administrator, cyber security personnel, etc should be subject to rigorous background check and screening.
· Physical Security – The confidentiality, integrity, and availability of information can be impaired through physical access and damage or destruction to physical components. NBFCs need to create a secured environment for physical security of IS Assets such as secure location of critical data, restricted access to sensitive areas like data center etc.
· Maker-checker is one of the important principles of authorization in the information systems of financial entities. For each transaction, there must be at least two individuals necessary for its completion as this will reduce the risk of error and will ensure reliability of information.
· Incident Management – The IS Policy should define what constitutes an incident. NBFCs shall develop and implement processes for preventing, detecting, analysing and responding to information security incidents.
· Trails- NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail.
· Public Key Infrastructure (PKI) – NBFCs may increase the usage of PKI to ensure confidentiality of data, access control, data integrity, authentication and nonrepudiation.
IS Audit: The objective of the IS Audit is to provide an insight on the effectiveness of controls that are in place to ensure confidentiality, integrity and availability of the organization’s IT infrastructure. IS Audit shall identify risks and methods to mitigate risk arising out of IT infrastructure such as server architecture, local and wide area networks, physical and information security, telecommunications etc. IS Audit should form an integral part of Internal Audit system of the NBFC. While designing the IS framework, NBFCs shall refer to guidance issued by Professional bodies like ISACA, IIA, ICAI in this regard. ICAI has published “Standard on Internal Audit (SIA) 14: Internal Audit in an Information Technology Environment” on the subject. NBFCs shall adopt an IS Audit framework duly approved by their Board. Further, NBFCs shall have adequately skilled personnel in Audit Committee who can understand the results of the IS Audit.
IT Services outsourcing: Outsourcing of IT related business process can provide an NBFC the opportunity to realise valuable strategic and economic benefits. However, prior to commencement of any outsourcing arrangement, careful consideration of risks, threats of contractual arrangements and regulatory compliance obligations must take place. Companies usually outsource their IT related business process to a third party vendor because of higher efficiency, inadequate resources and lack of specialized knowledge.
Section B
Recommendations for NBFCs with asset size below Rs 500 crore
It is recommended that smaller NBFCs may start with developing basic IT systems mainly for maintaining the database. NBFCs having asset size below Rs 500 crore shall have a Board approved Information Technology policy/Information system policy. This policy may be designed considering the undermentioned basic standards and the same shall be put in place by September 30, 2018. The IT systems shall have:
· Basic security aspects such as physical/ logical access controls and well defined password policy;
· A well-defined user role;
· A Maker-checker concept to reduce the risk of error and misuse and to ensure reliability of data/information;
· Information Security and Cyber Security;
· Requirements as regards Mobile Financial Services, Social Media and Digital Signature Certificates as indicated in para 3.18, 3.10 & 3.11 above;
· System generated reports for Top Management summarising financial position including operating and non-operating revenues and expenses, cost benefit analysis of segments/verticals, cost of funds, etc.;
· Adequacy to file regulatory returns to RBI (COSMOS Returns);
· A BCP policy duly approved by the Board ensuring regular oversight of the Board by way of periodic reports (at least once every year);
· Arrangement for backup of data with periodic testing. PHD
68TH JUNIOR NATIONAL BASKETBALL CHAMPIONSHIP :KNOCKOUT STAGES TO COMMENCE TOMORROW
Noida, 8th June 2017: The final day of the league stages at the 68th Junior National Basketball Championship threw no major surprises. The Punjab boys continued to dominate outclassing the defending champs Tamil Nadu. Role players Mandeep Singh (20 points) and Gurwinder Singh (18 points) stepped up to lead the charge for Punjab. 6-foot 10-inch Punjab centre Princepal Singh held the fort in the middle and put up 12 points. Despite Tamil Nadu staying within reach for the first three quarters, the fourth period was a one-sided affair with Punjab outscoring TN 32 to 7 on their way to a 68-45 win.
The Rajasthan boys handed Chhattisgarh their fourth straight loss, knocking them out of the tournament. Chhattisgarh’s Salim Ali fought hard with his 25 points, but he had little support. Rajasthan’s Rajeev led all scorers with 28 points and helped to cement his team’s place in the quarterfinals tomorrow where they will face Chandigarh.
The Punjab girls pulled off a close win against Rajasthan, who fell to a 71-69 defeat. Forward Rajandeep was on fire with 30 points in the game. She was ably supported by Punjab centre Aakarshan who put up 14 points. Despite Rajasthan’s 31 points fourth quarter, Punjab held on to a slim lead to clinch a decisive victory, placing them in the quarterfinals tomorrow against defending champions Karnataka.
Later in the day, the Chhattisgarh girls ran past the defending champions Karnataka in a surprisingly one-sided game. Chhattigarh led from start to finish, behind Gulabsha Ali’s 26 points and forward Megha Singh’s 20 points. The fourth quarter was the icing on the cake for Chhattisgarh, as they clamped down on the defensive end, not allowing Karnataka to score even a single point. Chhattisgarh ended the game up 30 points to seal a 75-45 win.
The undefeated teams in girls’ Group B squared off to decide the pool toppers today evening. Tamil Nadu and Maharashtra were evenly matched, until an explosion of offense in the third quarter pushed Tamil Nadu ahead. TN’s Pushpa had a game-high 36 points, helping her team to a 91-78 win, finishing the league stages with a perfect record. TN forward Avanti (16 points) and point guard Nishanthi (13 points) also contributed.
Both the UP teams won their qualifying matches against the Madhya Pradesh teams to decide their pre-quarterfinal opponent tomorrow. The UP girls have chosen to face Rajasthan in their pre-quarterfinal game, while the boys will play against Haryana.
Results from 8th June 2017
Women:
Level 1
Group A
- Gujarat (Tavleen 33, Riya 12) bt Delhi (Meena 25, Shubham 13, Sushantika 11) 56-55 (9-20, 12-9, 14-2, 21-24)
- Chhattisgarh (Gulabsha Ali 26, Megha Singh 20, Mahima 17) bt Karnataka (Rajvi Jain 12, Sanjana Ramesh 11) 75-45 (23-13, 12-20, 19-12, 21-0)
Group B
- Punjab (Rajandeep 30, Aakarshan 14) bt Rajasthan (Ishika 21, Yashvani 16, Yashika 11, Kanika 11) 71-69 (19-20, 15-10, 13-8, 24-31)
- Tamil Nadu (Pushpa 36, Avanti 16, Dharshini 13, Nishanthi 13) bt Maharashtra (Shreya 14, Anshika 6, Sakshi 6) 91-78 (22-23, 14-18, 30-18, 25-19)
Qualifying match from Level 2 to Level 1*
* Both these teams have already qualified for Level 1 from Level 2. This match is played for the only reason that the winning team gets to choose its pre-quarterfinals opponents.
- Uttar Pradesh (Vaishnavi Yadav 28, Reena Patel 15) bt Madhya Pradesh (Isha Chouhan 23, Vanshita 14) 81-60 (24-18, 19-15, 22-6, 16-21)
Loser Knockout Semi-Finals
- Odisha (Lipramayee 33) bt Telangana (Nashita 15, BS Rivani 10) 53-39 (17-8, 6-12, 14-7, 16-12)
- Chandigarh (Amrit 18, Nisha 16) bt Himachal Pradesh (Arunima 4) 61-12 (27-4, 11-2, 9-2, 14-4)
Men:
Level 1
Group A
- Punjab (Mandeep Singh 20, Gurwinder Singh 18, Princepal Singh 12) bt Tamil Nadu(Shanmugam M. 15, Arvind Kumar 10) 68-45 (12-6, 9-17, 15-15, 32-7)
- Rajasthan (Rajeev 28, Ataol 16, Ashish 12) bt Chhattisgarh (Salim Ali 25, Jatin Kumar 14) 68-52 (16-8, 24-15, 11-16, 17-13)
Group B
- Maharashtra bt Chandigarh 24-14 [Match stopped and awarded to Maharashtra]
- Delhi (Manik 21, Aditya 17, Nitesh 14) bt Telangana (Srinivasa 14, Dinesh 13) 84-54 (21-15, 22-11, 21-17, 20-11)
Qualifying match from Level 2 to Level 1*
* Both these teams have already qualified for Level 1 from Level 2. This match is played for the only reason that the winning team gets to choose its pre-quarterfinals opponents.
- Uttar Pradesh (Shivendra Pandey 23, Akshay Sharma 18, Bhagyansh Gulati 17, Prasun Mishra 16) bt Madhya Pradesh (Puneet Tripathi 26, Yogesh J 16) 90-60 (11-15, 22-14, 27-16, 30-15)
Loser Knockout Semi-Finals
- West Bengal (Binod 20, Saddam 16, Aditya 13) bt Himachal Pradesh (Jatin 20, Gurkaran 12) 75-54 (15-19, 26-14, 23-15, 11-6)
- Gujarat (Karan 17, Harsh 15, Krishna Pal 7) bt Jammu and Kashmir (Sumit 18, Abhinav 11) 68-44 (32-9, 8-8, 15-17, 13-10)
About the 68th Junior National Basketball Championship 2017
The 68th Junior National Basketball Championship for Men and Women is being held at Shiv Nadar University in GautamBudh Nagar District, Noida, Uttar Pradeshfrom 4th to 11th June 2017. The Championship features 25 men’s teams and 24 women’s teams in the U18 age group, from various Indian States and Union territories, and is being played in a league cum knockout format. Tamil Nadu boys and Karnataka girls are the defending champions from the previous edition held in Puducherry in May 2016.
The teams are grouped into two levels –Level 1 features the top 10 teams from the previous championship divided into two groups of five teams each (Group A and B), while Level 2 features the remaining teams divided into four groups (Group C, D, E, F).
In the league stages, all the teams play each of the other teams in their group once. The top three teams from each of the groups in Level 1 advance directly to the quarterfinals, while the fourth placed teams play pre-quarterfinal games against the top two teams from Level 2.
Over the years, this Championship has provided a platform for the country’s best players in the U18 category to showcase their talents. This allows selectors to identify and shortlist the most promising players and coaches to parachute into national team training camps with an eye towards participation in international events.
UK CONSERVATIVES LOSE MAJORITY
Britain’s ruling party Conservative Party in-spite of garnering the largest force in parliament, still is short its majority in Thursday’s general election.
Home Secretary Amber Rudd has held on in Hastings and Rye by just 300 votes.Labour has unseated the Conservatives in Canterbury which has been Tory since 1918. Jeremy Corbyn: “Politics has changed and politics isn’t going back into the box that it was in before”. Ben Gummer, the author of the Conservative manifesto, has lost his Ipswich seat to the Labour Party.Nick Clegg has lost his Sheffield Hallam seat to the Labour Party. Vince Cable returns to Parliament after unseating the Conservatives in Twickenham.The SNP’s Tasmina Ahmed-Sheikh has lost her seat to the Scottish Conservatives. SNP’s deputy leader, Angus Robertson, has lost his seat to the Scottish Conservatives. The SNP’s John Nicholson has lost his seat to Jo Swinson of the Liberal Democrats.Esther McVey returns to Parliament after being elected in George Osborne’s former seat of Tatton
Mostly all the ballots have been counted, 646 of the 650 seats have been decided.The ruling conservative won 315, the opposition Labour Party won 261. Regional the Scottish National Party secured 35 seats and the Liberal Democrats have 12.Nicola Sturgeon admits to ‘disappointing losses’ and vows to ‘reflect’ on the issue of a second referendum.
The Conservatives suffered a sharp drop from their pre-election total of 330 seats. Majority stands in parliament with number 326 seats are needed .
This is the third British election with no clear winner since the end of World War Two.The Conservative Party will now consider whether to form a coalition.
The party’s poor performance is expected to heighten criticism of Prime Minister Theresa May for her decision to call a snap general election.
Theresa May faced pressure to resign on Friday after losing her parliamentary majority, plunging the country into uncertainty as Brexit talks loom.
May called the snap election in April in an attempt to extend her majority and strengthen her position, but her gamble backfired spectacularly after she failed to win enough seats to form a Conservative government.
Sterling sank against the dollar and the euro as investors questioned who was now going to control the Brexit process.
EU Economy Commissioner Pierre Moscovici said May had “lost her bet”, while the timetable for Brexit talks, due to begin in 10 days time, has been thrown into disarray, raising suggestions that it could be extended.
She also faced pressure to quit from inside and outside her party after a troubled campaign overshadowed by two terror attacks, although British media quoted party sources saying she had “no intention” of doing so.
The result is also likely to have an impact on Britain’s negotiations to leave the European Union.
Theresa May has no intention of resigning, Sky sources say, despite a disastrous night for her in #GE2017 #GeneralElection