Topics In Demand
Notification
New

No notification found.

Nasscom’s Feedback on RBI's Draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators
Nasscom’s Feedback on RBI's Draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators

July 3, 2023

70

0

In June 30, we submitted feedback to Reserve Bank of India (RBI), on Draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (draft Master Directions). 

Our feedback included the following points:

  1. Requirements must be made less prescriptive, to allow industry the flexibility to decide their preferred method of achieving the intended objective. For example, security testing of applications can be done by many ways, and not necessarily by qualified agencies only (as prescribed in the draft master directions).
  2. Unnecessary duplication of compliance by the industry must be avoided. For example, reporting cyber security incidents to RBI within 6 hours of detection, is a duplication of the similar reporting that the industry does to CERT-In. This can be resolved by RBI coordinating access to this information with CERT-In.
  3. Some requirements need clarifications, to facilitate compliance with certainty for the industry. For example, the responsibility of payment system operators towards unregulated entities’ compliance with the draft Master Directions with their mutual agreement, is not clear.
  4. Onerous requirements must be made feasible. For example, the requirement to conduct Disaster Recovery drills half-yearly is onerous as it requires serious time and effort from the industry. This can be eased out by making it mandatory per-year, thereby bringing it in line with the industry’s practices.
  5. Industry should be given more time to comply with the draft Master Directions. This is needed to ensure effective compliance with minimum disruption to digital payments.

 

To resolve for this, we have sought clarifications from the RBI and proposed alternatives which are intended to make the Master Directions more feasible while not compromising on the intended objective of ensuring cyber resilience in digital payments.

Our detailed comments on the Draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators can be downloaded from below.

For more information, kindly write to garima@nasscom.in and policy@nasscom.in.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


Download Attachment

20230630-CyberResillience-nasscomsubm.pdf

images
Garima Prakash
Manager, Public Policy and Government Affairs

Reach out to me for all things policy about e-commerce, international trade, export controls, start-ups and fintech

© Copyright nasscom. All Rights Reserved.