What changed
RBI extended to Urban Co-operative Banks the guidelines on sharing IT resources originally issued to Scheduled Commercial Banks. These guidelines were announced in the Monetary Policy Statement 2013-14 to address the need for cost optimization through shared IT infrastructure while maintaining security and efficiency.
What it means for you
UCBs can now explore shared IT resources to reduce costs, but must strictly adhere to security, data integrity, and confidentiality norms. They must ensure that service provider agreements allow RBI audit access to all IT resources, even if not physically on bank premises.
What you must do
- Review the enclosed RBI circular on IT resource sharing for Scheduled Commercial Banks and adopt its guidelines.
- Ensure any shared IT arrangement fully addresses privacy, confidentiality, security, and business continuity.
- Include clauses in service provider agreements granting RBI audit/inspection access to all IT resources used by the bank.
- Verify that RBI can access all information resources even if they are not located on bank premises.
Who it affects
All Primary (Urban) Co-operative Banks, IT service providers to UCBs, RBI inspection and audit teams
What is the main purpose of these guidelines?
To enable banks to share IT resources for cost optimization while ensuring security, data integrity, and confidentiality, as announced in the Monetary Policy Statement 2013-14.
Do UCBs need to follow the same rules as commercial banks?
Yes, UCBs must take into account the same guidelines issued to Scheduled Commercial Banks regarding security, data integrity, and confidentiality when sharing IT resources.
What must UCBs include in agreements with service providers?
Agreements must ensure that RBI has audit/inspection access to all IT resources used by the bank, even if those resources are not physically located on bank premises.