“Banks to report security breaches in two hours?”..Is it a Joke? or Fake News?

A report in the times group of papers today, it was stated that the Government has mandated that Banks need to report “Breaches” in their systems within 2 hours to the Government.

TOI in its article titled “Government asks banks to share IT breach info within 2 hrs” reported that the Government had sounded alert to all the top banks that any breach in their IT systems need to be informed to the Government. The report was attributed to IT Secretary Ms Aruna Sundararajan.

The secretary  reportedly made a statement that “More regulation is needed to make the laws tougher, especially to fix liabilities and responsibilities of the service providers towards their customers,”

She seems to have also stated that “Stringent penal provisions will be mandated for any breach, and steps have been initiated to overhaul the IT Law of the country to make provisions in tune with the present-day requirements. The review is being undertaken in consultation with the Finance and Home Ministries.”

These tough looking statements are welcome.

However, the approach of the  Government to bring in new law is un-necessary and  time consuming and will not address the immediate requirement.

Presently, the key to protecting the consumers from any digital transaction related frauds and simultaneously also instilling a sense of responsibility in the Banks lies with the RBI in the simple solution of confirming its “Draft Circular” of August 11, 2016 as “Final operative circular.”

But, as always, RBI is dragging its feet perhaps unable to counter the pressures from the major Banks such as SBI, ICICI Bank, HDFC Bank , Axis Bank and PNB for abandoning the circular altogether.

The key I am referring to is the issue of the Limited Liability Circular of August 11, 2016” which was first issued in draft form and should have been re-issued by this time as an operative instruction.

The undersigned has sent many letters to the Governor of RBI and other executives as well as the Prime Minister Mr Modi and Finance Minister Mr Arun Jaitely.

Unfortunately, neither Mr Modi nor Mr Jaitely seem to have been properly advised about the power of this circular or donot still feel that the push is called for and hence they are not focussing on this simple requirement that can go a long way in protecting the public who are being thrust into the digital payment system.

Despite a personal request from the undersigned, the Governor of RBI, Mr Urjit Patel, as well as their officials have failed to provide a satisfactory reply to my letter nor give an appointment to meet them personally and explain to them the urgency in this regard.

After several reminders and an RTI application, I have received a reply from Mr P.K. Mehrotra, Assistant General Manager, Department of Banking Regulation, Central Office, RBI, dated 23rd December 2016, stating as follows.


Please refer to your letter dated December 1, 2016 on the captioned subject.

In this connection, we advise that we are in the process of finalization of the circular taking into account the feedback received from public and banks.


 The public comments for the circular closed on August 31, 2016 and we are almost into the new year.  Hence the answer given by RBI can only considered as unsatisfactory and evasive.

It is clear that RBI, as always is unable to push through its regulatory measures on the influential Banks. In the meantime, Cyber Crime victims are waiting endlessly for justice when their hard earned money is siphoned off by fraudsters some of them exploiting the technical inadequacies in the system and some of them colluding with the Bankers.

The recent incidents where Bank employees have colluded with the black money operators in several parts of the country is a clear indication that Bank employees of today donot have the honesty which was once attributed to them by the public. If they can make money by laundering currency, it is eminently possible that many of them may be hand in glove with the fraudsters who commit cyber crimes. They are therefore not in favour of measures like the “Limited Liability for frauds for the customer”.

I have personal experience of Banks such as ICICI Bank, SBI, AXIS Bank and PNB supporting their fraudulent customers instead of the Cyber crime victims when they encounter a cyber crime.

The names of the three lady Chair Persons of prominent Banks such as Ms Arundathi Bhattacharya or Shika Sharma or Chanda Kochhar or the past Chairperson of PNB, Mr Kamat who became the head of IBA look responsible when they speak on CNBC TV.

But what public may not know is that all these Chair persons  have shown scant respect for Cyber Crime victims of their bank and donot deserve to be called “responsible”.

They seem to forget that the victims of bank frauds are their valued customers. On the other hand, they all seem to be more in favour of the “other” customer who has siphoned the money away from the victim and transferred it to their account. In most cases Banks have opened accounts for them  without following the KYC norms.

I urge Mr Arun Jaitely and Mr Modi to just check in how many cases of Bank frauds involving negligence of the Banks, these Chair persons have launched lengthy litigations to prolong justice to the victims. With the Government and CJI contributing to the delay in justice by closing down the Cyber Appellate Tribunal (CyAT), and the IT department floating fancy ideas of changing IT law and merging CyAT with TDSAT, there appears to be no room for optimism that the Cyber Crime victim’s plight will be addressed even by Mr Modi.

In this background the talk of  “Report incidents within 120 minutes” appear to be just a joke.

I wish the IT ministry or the RBI or even the FM and PM to challenge me on these comments and prove me wrong by doing the simple thing of getting the RBI’s draft “Limited Liability Circular of August 11” confirmed.

Can there be anything simpler than this in protecting the public from Cyber Frauds?

If you cannot do even this, how can we trust you will be able to implement the larger issues such as the “Cyber Security Framework” or “Security Operating Centers”?

…..The Nation wants to know..



Print Friendly, PDF & Email
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.