RBI flags risks emerging from over-reliance on third party vendors
The Reserve Bank of India has warned banks about the dangers of relying too heavily on third-party vendors. Deputy Governor J. Swaminathan mentioned a recent ransomware attack as a cautionary example and proposed linking insurance premiums to the ...
By Saloni Shukla, ET Bureau | Updated:
The Reserve Bank of India has flagged risks associated with increasing over-dependence on third party vendors by financial institutions. Speaking at a convention organised by the International Association of Deposit Insurers, RBI deputy Governor J Swaminathan called upon banks to exercise caution to guard them against potential vulnerabilities while working with third party vendors. He also called upon deposit insurers to tie insurance premiums to the level of risk posed by individual financial institutions.
“The digital transformation in banking has also led to a multitude of distinct third-party entities getting involved in the provision of a single product or service, creating a complex web of technical and operational dependencies,” said J Swaminathan, DG, RBI. “The impact of failure in any link in this chain can often be catastrophic as was seen in a global IT services outage incident last month. Third parties could be points of intrusion for ransomware and other cyber threats.”
Last month, C-edge Technologies a third party IT vendor jointly owned by Tata Consultancy Services and State Bank of India faced a
ransomware attack by the RansomEXX group.
The attack had primarily impacted Brontoo Technology Solutions, a key collaborator with C-EDGE. The attack had led to several Co-operative banks and regional rural banks getting disconnected from the retail payments network.
Swaminathan added that financial institutions have the primary responsibility to preserve the confidentiality, integrity, and availability of data.
“With the rapid pace of innovation, it is often observed that regulatory gaps, can be exploited, either intentionally or unintentionally, by entities that may not be subject to the same stringent standards as regulated financial institutions,” Swaminathan added. “This situation creates an uneven playing field and increases systemic risk, as failures or misconduct in these unregulated areas can have far-reaching consequences across the financial system.”
Swaminathan who was addressing a gathering of deposit insurers, called upon them to be vigilant in adapting to the evolving risk landscape.
The deputy governor said that the implementation of risk-based premium for deposit insurance merits consideration.
“This approach not only enhances the overall stability of the financial system but also ensures that institutions with higher risk profiles contribute more to the insurance fund.”
“The digital transformation in banking has also led to a multitude of distinct third-party entities getting involved in the provision of a single product or service, creating a complex web of technical and operational dependencies,” said J Swaminathan, DG, RBI. “The impact of failure in any link in this chain can often be catastrophic as was seen in a global IT services outage incident last month. Third parties could be points of intrusion for ransomware and other cyber threats.”
Last month, C-edge Technologies a third party IT vendor jointly owned by Tata Consultancy Services and State Bank of India faced a
ransomware attack by the RansomEXX group.
The attack had primarily impacted Brontoo Technology Solutions, a key collaborator with C-EDGE. The attack had led to several Co-operative banks and regional rural banks getting disconnected from the retail payments network.
Swaminathan added that financial institutions have the primary responsibility to preserve the confidentiality, integrity, and availability of data.
ADVERTISEMENT
The deputy governor also highlighted that the rise of fintech companies and the entry of entities that operate outside the traditional regulatory and supervisory framework have introduced new dimensions of risk to the financial sector.“With the rapid pace of innovation, it is often observed that regulatory gaps, can be exploited, either intentionally or unintentionally, by entities that may not be subject to the same stringent standards as regulated financial institutions,” Swaminathan added. “This situation creates an uneven playing field and increases systemic risk, as failures or misconduct in these unregulated areas can have far-reaching consequences across the financial system.”
Swaminathan who was addressing a gathering of deposit insurers, called upon them to be vigilant in adapting to the evolving risk landscape.
The deputy governor said that the implementation of risk-based premium for deposit insurance merits consideration.
ADVERTISEMENT
“By tying insurance premiums to the level of risk posed by individual financial institutions, deposit insurers can incentivize banks to adopt stronger risk management practices,” he said.“This approach not only enhances the overall stability of the financial system but also ensures that institutions with higher risk profiles contribute more to the insurance fund.”
Start a SIP with as low as ₹500 with ET Money App!
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
MSMEs are India's entrepreneurship nursery, RBI to continue strong support: Governor MalhotraADVERTISEMENT
