The Reserve Bank of India mandated to all Banks through its Circular letter dated 29th April 2011 that recommendations of the G Gopalakrishna Working group on Information Security and Electronic Banking shall be implemented during the year 2010-2011 and progress reported in the annual report of the coming year.
Further RBI advised that by October 31, 2011, meaning today, Banks should have put in place the initial compliance plan which does not require major budgetary changes.
RBI has also advised that there will be quarterly review meetings in which RBI would follow up the implementation of the recommendations.
Accordingly all Banks should have by this time created
a) The IT strategy committee chaired by an independent director
b) Designate a CISO
c) Create a Risk Management Committee at the executive level
d) Create GGWG implementation Committees at different levels
e) Conduct a formal “Gap Analysis” between the current status and stipulations laid down so that a detailed technology and financial budget can be approved before the beginning of the next financial year.
It is not clear if Banks have actually started any or all of the above activities.
Naavi is in the forefront of providing proactive guidance on GGWG implementation and keenly following the published activities of Banks. The general indication is that not much of activity has been undertaken even by generally progressive Banks such as Corporation Bank.
Hope we can look forward to some press conferences from Banks in the next week when some of the Banks would share with the public their action plan on implementation of the recommendations.
I suggest that some organization takes up a survey of all Banks to understand the extent of implementation of GGWG recommendations by October 31, 2011 and the planned implementation goals by March 2012.