If a bank or NBFC has so far taken a casual approach to handling your personal information, that habit may soon become costly. The Reserve Bank of India has put out a set of draft rules aimed at strengthening the protection and proper management of customer data. These proposed norms will cover all banks, NBFCs and every other financial entity that falls under the Reserve Bank's regulation. Each of them will have to build a dependable system to spot data-related risks early, keep them under control, and secure the information they hold.
Data is now the most valuable asset
The Reserve Bank believes that with digital banking and online services expanding at a rapid pace, data has become one of the most important assets any financial institution owns. That is exactly why safeguarding this information, maintaining its quality and ensuring its correct use has turned into a pressing priority. Under the new proposal, every bank and NBFC will need to set up a dedicated data risk management system as part of its wider risk management framework, so that the room for slip-ups is kept to a minimum.
A data governance committee, with the board watching
According to the draft, every regulated entity will have to either form a new data governance committee or hand the responsibility to an existing senior committee. This committee will include officials drawn from data, IT, information security, business, risk management and compliance functions. Beyond that, the institution's board will oversee the entire data governance framework and review it from time to time, ensuring accountability reaches right to the top.
Guarded at every stage, from creation to deletion
The Reserve Bank has also proposed that data be kept secure at every stage, from the moment it is created to the point it is deleted. Institutions will have to ensure that customer information is gathered only for legitimate and clearly defined purposes. On top of that, this information must be used strictly within legal and regulatory boundaries and nowhere beyond them.
Feedback invited until August 17
The Reserve Bank has asked banks, financial institutions and other interested parties to send in their views and suggestions on these draft rules by August 17. The final guidelines will be issued only after these inputs are examined. The regulator is confident that strong data governance can go a long way in curbing cyber attacks, data leaks, financial losses and the threats that hang over customer trust. The direct outcome, it expects, will be digital banking that is far more secure and reliable than before.











