The Reserve Bank of India (RBI) is heightening its scrutiny of how financial institutions manage information security. A new set of draft proposals, titled 'Guidance on Regulatory Expectations for Data Governance,' shifts the burden of responsibility directly onto banks and non-banking financial companies (NBFCs).
As digital integration deepens, institutions have increasingly relied on external technology vendors and cloud service providers. The RBI's directive aims to curb potential vulnerabilities by ensuring that firms cannot deflect accountability for breaches or data mismanagement originating from these third-party entities.
Key regulatory focus areas include:
- Strict oversight of data life cycles across vendor platforms.
- Enhanced risk assessment protocols for outsourced technology services.
- Clearer accountability frameworks for group-level data sharing.
Regulated entities and the general public have until August 17 to provide feedback on the proposed framework. Once finalized, these rules are expected to force a comprehensive audit of current vendor contracts and data protection strategies across the Indian financial sector.