Banks need to be cautious with 3rd-party vendors: RBI’s Swaminathan, ET CISO
The Reserve Bank of India seems concerned about the risks from increasing dependence of financial institutions on third-party vendors.
Speaking at a convention organized by the International Association of Deposit Insurers, RBI deputy governor J Swaminathan called upon banks to exercise caution to guard them against potential vulnerabilities while working with third-party vendors. He also urged deposit insurers to tie insurance premiums to the level of risk posed by individual financial institutions.
“The digital transformation in banking has also led to a multitude of distinct third-party entities getting involved in the provision of a single product or service, creating a complex web of technical and operational dependencies,” said Swaminathan. “The impact of failure in any link in this chain can often be catastrophic as was seen in a global IT services outage incident last month. Third parties could be points of intrusion for ransomware and other cyber threats.”
Last month, a widespread Windows outage disrupted operations of airlines, banks and other businesses globally.
Financial institutions have the primary responsibility to preserve the confidentiality, integrity and availability of data, the deputy governor said.
Swaminathan, who was addressing a gathering of deposit insurers, called upon them to be vigilant in adapting to the evolving risk landscape.
“By tying insurance premiums to the level of risk posed by individual financial institutions, deposit insurers can incentivize banks to adopt stronger risk management practices,” he said. “This approach not only enhances the overall stability of the financial system but also ensures that institutions with higher risk profiles contribute more to the insurance fund.”