RBI for tighter norms for digital payments

Mumbai: The Reserve Bank on Friday proposed to establish robust governance mechanisms for authorised non-bank payment system operators (PSOs) to effectively address emerging cybersecurity risks.

Towards this goal, the central bank has issued a ‘Draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators’.

The draft directions cover governance mechanisms for the identification, assessment, monitoring and management of cybersecurity risks, including information security risks and vulnerabilities. They also specify baseline security measures to ensure safe and secure digital payment transactions. The central bank said existing instructions concerning security and risk mitigation for card payments, prepaid payment instruments (PPIs) and mobile banking will remain in effect.

“To effectively identify, monitor, control and manage cyber and technology related risks arising out of linkages of PSOs with unregulated entities, who are part of their digital payments ecosystem, PSOs shall ensure adherence to these Directions by such unregulated entities as well, subject to a mutual agreement,” the draft directions said.

The RBI has invited stakeholders to provide comments and feedback on the draft by June 30. “The Board of Directors (Board) of the PSO shall be responsible for ensuring adequate oversight over information security risks.”