RBI proposes to bring cooperative banks with assets over Rs 500 cr under CRILC

Mumbai: The Reserve Bank of India on Thursday announced a slew of measures, including bringing all urban cooperative banks (UCBs) with an asset base of Rs 500 crore and more under the ambit of the CRILC reporting framework, a development that will help in curbing PMC Bank type of frauds.

The RBI has created a Central Repository of Information on Large Credits (CRILC) of scheduled commercial banks, all-India financial institutions and certain non-banking financial companies with multiple objectives, which, among others, include strengthening offsite supervision and early recognition of financial distress, according to the RBI's Statement on Developmental and Regulatory Policies.

"With a view to building a similar database of large credits extended by primary UCBs, it has been decided to bring such entities with assets of Rs 500 crores and above under the CRILC reporting framework," it said.

Detailed instructions in this regard will be issued by the end of the month, it said.

With a view to reduce concentration risk in the exposures of UCBs and to further strengthen the role of them in promoting financial inclusion, it is proposed to amend certain regulatory guidelines related to them.

The guidelines would primarily relate to exposure norms for single and group/interconnected borrowers, promotion of financial inclusion, and priority sector lending, among others, it said.

These measures are expected to strengthen the resilience and sustainability of UCBs and protect the interest of depositors, it said.

"An appropriate timeframe will be provided for compliance with the revised norms. A draft circular proposing the above changes for eliciting stakeholder comments will be issued shortly," it said.

The central bank has also prescribed a set of baseline cybersecurity controls for UCBs, in October 2018.

On further examination, it has been decided to prescribe a comprehensive cybersecurity framework for the UCBs, as a graded approach, based on their digital depth and interconnectedness with the payment systems landscape, digital products offered by them and assessment of cybersecurity risk, it said.

The framework would mandate implementation of progressively stronger security measures based on the nature, variety and scale of digital product offerings of banks, it said.

"Such measures would, among others, include implementation of bank-specific e-mail domain; periodic security assessment of public facing websites/applications; strengthening the cybersecurity incident reporting mechanism; strengthening of governance framework; and setting up of Security Operations Center (SOC)," it said.

This would bolster cybersecurity preparedness and ensure that the UCBs offering a range of payment services and higher information technology penetration are brought at par with commercial banks in addressing cybersecurity threats, it added.