CASE STUDIESEVENTS
NEWSLETTERBLOG
Picture of the author
Picture of the author
Contact Us
Regulatory Compliance

RBI Guidelines

  • Overview
  • Methodology
  • Purpose
  • Our Approach
  • Benefits
  • Clients
  • FAQs

Overview : RBI Guidelines Security Audit for NBFC Sector

In India, Non-Banking Finance Corporations (NBFCs) are regarded as important players in the economy. The demand for Information Technology (IT), Information Security Framework, and IT Audit has evolved as the country develops and matures over time. To ensure the safety and security of the NBFCs and their consumers, NBFCs are expected to improve security measures. On a regular basis, a CERT-IN empanelled institution must perform an annual information Security Audit. Data security, audit control, corporate governance, risk management, and other terms and conditions of the license will be followed by the NBFC. While proceeding with the NBFC sector, which includes cyber security and information audits, and more, the RBI published new updated information related to information technology framework.Read continue...

Methodology

The RBI has established a standardized framework for information and cyber security, as well as a governance structure to ensure that all security issues are to be addressed on a regular basis. The main purpose is to establish universally applicable standards and procedures. The Reserve Bank of India (RBI) released a Master Direction on IT Framework to achieve the necessary security practices by the NBFCs. There are two parts to the direction:

NBFCs with more than 500 crores - The IT framework requirement would include IT Governance, operations, Business Continuity Planning and Disaster Recovery, IT service Outsourcing.

NBFCs with less than 500 crores - The IT framework needed would involve data backup and testing, having a well-defined function in the IT system, filing regulatory returns with the RBI, and generating crucial financial reports for top management and Read More

Why do organizations need it?

The goal of information security is to limit the access to sensitive data. NBFCs must have a comprehensive information security
policy that includes the following essential principles:

data authorization

Confidentiality

Ensuring access to sensitive data to authorized users only.

integrity

Integrity

Assuring information accuracy and reliability by preventing.

data access

Availability

Make sure that users have access to data whenever they need it.

authenticity

Authenticity

It is vital for Information Security to ensure that data, transactions.

Our Approach

To understand data flow in your business, we review your Information Security Policies that are to be updated considering the ever-changing Information Security needs. Evidence is requested on the architecture, implementation, and controls. The organization's policies, procedures, and other documentation are further assessed.

To understand data flow in your business, we review your Information Security Policies that are to be updated considering the ever-changing Information Security needs. Evidence is requested on the architecture, implementation, and controls. The organization's policies, procedures, and other documentation are further assessed.

An initial audit to understand the organization's infrastructure and to assist our clients in identifying evidence for all audit points Wherever possible, options for improvement are offered once these gaps are identified.

Kratikal will give appropriate recommendations for compliance with the RBI Mandate based on the evaluation results and data identification.

Kratikal will review your evidence on the closing of the Action phase as indicated during the audit after we complete the assessment and remediation.Upon Successful closure of the identified issues, we will submit an audit report.

Benefits

certin empanelled
nbfc audit
qualified experts

Clients

convin logo
finbit logo
kogta logo
procap logo
square yards logo
suco bank logo

Kratikal Insights

+

Enterprise
Customers

+

Organizations’ Security
Compliant

K+

Small and mid-size
enterprises (SMEs)

K+

Threats Recorded in
GCTx Database

FAQs

What are NBFCs Assets above 500 crore?

a) IT Governance
b) IT Policy
c) Information and Cyber Security
d) IS Audit
e) IT Services Outsourcing

Every NBFC must register with the RBI before starting or carrying on any non-banking financial institution business.

Systemically important NBFCs are those with assets of Rs500 crore or more as of their most recent audited balance sheet.