What is a Non-Banking Financial Companies (NBFCs)?

All NBFCs are bound by RBI’s master directions DNBS.PPD.No. 04/ 66.15.001/2016-17 as declared in June 2017 to mitigate risks of use of information technology in their financial operations. 

These Master direction guidelines are mainly driven by the demand and need for mitigating the cyber threats coming out of evolving technology adopted by these corporations. 

RBI issued The Master Direction DoS.CO.CSITE.SEC. No.1852 / 31.01.015/2020-21 in Feb 2021 that provides necessary guidelines for the regulated entities to set up a robust governance structure and implement common minimum standards of security controls for digital payment products and services.

Applicability

NBFCs are required to comply with the guidelines as laid by RBI to continue with financial operations. The NBFCs must follow the terms and conditions of the license and audit these can include: 

  1. Customer Protection
  2. Data Security
  3. Audit Function
  4. Grievance Redressal
  5. Data Security
  6. Audit Control
  7. Corporate Governance and 
  8. Risk Management Framework

Objective

  1. To builds confidence that the systems are suitable and operating securely as designed.
  2. To obtain an independent third-party opinion.
  3. To steer the organization’s operations to offer better services.
  4. To provide assurance to user organizations who outsource any IT systems performing critical operations that their service organizations have procedures and controls in place to provide constant and reliable services.
  5. To ensure NBFCs enhance safety, security, efficiency in processes leading to benefits for NBFCs and their customers are enclosed. 
  6. To ensure NBFCs conduct a formal gap analysis between their status and stipulations as laid out in the circular and put in place a time-bound action plan to address the gap and comply with the guidelines.

Approach

Our approach has been covered in  4 phases as mentioned below 

Phase 1: Audit Planning
Planning and preparation of the audit scope and objectives. 

Phase 2: Risk Assessment and Business Process Analysis
Assessment, measuring, managing, and controlling IT-related risks, thus enhancing the reliability of processes and the entire information system. 

Phase 3: Audit Performance (Compliance and System Review) 
Assessment of controls over critical system platforms, network and physical components, IT infrastructure supporting relevant business processes.

Phase 4: Reporting
Report audit findings, conclusions, and recommendations of the audit in terms of conformance, non-conformance, and opportunities to improve. 

      Why CyberSRC®?

      1. We are team of qualified professionals with rich experience of multiple industries such as Manufacturing, BFSI, Insurance, Healthcare, NBFCs & others. Our consultants are industry experts and have proven track records, some of the renowned certificates that our consultants hold such as CISA, CISSP, COBIT, CEH, CCNA, OSCP, ISO 9001 LA/LI, ISO 27001, ITIL LA/LI, PMP, to name a few. 
      2. We believe in adding value to your business which is enabled through our Centre of Excellence (Coe) and, we have end-to-end capability for Program Build – Operations – Transformation. We can jump start and execute projects in Managed Services mode globally and flexible delivery models. 
      3. Our Vision is to be one of the World’s most trusted advisory & solution provider for Cyber Security, Data Protection an Assurance practices.