The Reserve Bank of India (RB

The Reserve Bank of India (RBI) has issued guidelines for regulated entities (REs), including banks and finance companies related to Information Technology (IT), which will come into effect from April 1, 2024.    REs have to put in place a robust IT Governance Framework to cover focus areas like strategic alignment, risk and resource management performance, and Business Continuity/Disaster Recovery Management.  The framework will specify the roles (including authority) and responsibilities of the Board of Directors, board-level Committee, and Senior Management. It will also address the issue of adequate oversight mechanisms to ensure accountability and mitigation of IT and cyber/information security risks.  The board of RE would approve the strategies and policies related to IT, Information Assets, Business Continuity, Information Security, and Cyber Security (including Incident Response and Recovery Management/Cyber Crisis Management). They should review such strategies and policies at least annually. The RE will establish a Board-level IT Strategy Committee (ITSC), which will comprise a minimum of three directors.