What changed
Earlier, banks needed RBI's prior nod to offer transactional internet banking. Now, no prior approval is required, but banks must ensure their internet banking policy is board-approved, aligns with IT and security policies, addresses operational risk, and meets KYC norms as per the June 2001 circular.
What it means for you
Banks can now launch internet banking faster without waiting for RBI clearance, reducing time-to-market. However, they must independently ensure robust security and compliance, as RBI will hold them accountable for any lapses. This shift places greater responsibility on banks' boards and management.
What you must do
- Get your internet banking policy approved by the board before launch.
- Ensure the policy integrates with your overall IT and information security framework.
- Explicitly address operational risk and KYC procedures in the policy.
- Align the policy with parameters from the June 2001 circular on internet banking.
Who it affects
All scheduled commercial banks offering or planning internet banking, Bank boards and senior management, IT and compliance teams
Do we still need to follow the June 2001 circular?
Yes, the June 2001 circular remains in force. Your internet banking policy must broadly meet its parameters, though prior approval is no longer needed.
What happens if our policy doesn't cover operational risk?
RBI requires the policy to explicitly account for operational risk. Non-compliance could lead to regulatory action, so ensure your policy includes risk assessment and mitigation measures.