Indian banks lax in reporting cyber attacks to the regulator

The Reserve Bank of India says that Indian banks were lax in reporting cyber attacks to the regulator, which put the financial system and at risk

According to the RBI state run banks are at a higher risk of such crimes than their private peers, ET reported.

Indian banks did not necessarily have the skilled human resources to tackle the rising frauds – both online and in physical transactions – though they were hiring people, said SS Mundra, deputy governor at the RBI.

"RBI has mandated that all unusual cyber-incidents have to be reported within 2 to 6 hours invariably. We observe that banks take much longer time in reporting the incident," Mundra said at a seminar on Financial Crimes Management recently.

"Barring a few banks the gaps are indeed significant, more so in respect of public sector banks. This warrants immediate and continued attention of the Board and the senior management of the banks."

Cyber attacks on Indian banks were increasing and the past few months had seen about four banks' systems being compromised. Also data on 3.2 million cards had been compromised recently exposing customers to losses. However, the problem for the regulator had also been that banks hid information about cyber attacks fearing negative publicity which made it difficult to prevent such attacks in the future.

The Central Bank had also detected delays of up to four years by some banks in reporting financial frauds related to bad loans and warned that bankers indulging in such acts could be charged with abetment of the offence.

The 2015-2016 period had seen loan-related frauds comprise nearly 92 per cent of the total frauds reported by all banks. This was more pronounced in case of public sector banks and less in case of private and foreign banks.

"Banks and bankers could be charged for abetting the criminal offence. My call to you therefore, is to identify and declare the account as fraud without wasting time,'' he said.