Non-bank financial institutions (NBFIs) or non-bank financial companies (NBFCs) have been an integral part of the Indian financial system. These are financial institutions that do not have a banking license or regulated by an agency but can still carry out financial services ranging from asset finance, investment, loans, infrastructure finance and much more. They complement the banking sector by connecting the vast unbanked segments of the society, especially small and medium enterprises (MSMEs).
NBFCs have seen great growth in the last few years. According to a report from The Associated Chambers of Commerce and Industry of India (ASSOCHAM), their contribution to the economy grew from 8.4% in 2006 to above 14% in March 2015. NBFCs also recorded a compound annual growth rate (CAGR) of 19% over the past few years.
Regulating NBFCs
Of course, with their sustained success, it has also become important to regulate NBFCs in terms of cybersecurity and information technology. After all, NBFCs are financial institutions which deal with the financial details of millions of individuals in a country like India. Since they may not have the power or financial clout of an international bank, they may not have the resources to invest in a cybersecurity framework which can be disastrous. On the other hand, the financial services sector is an extremely attractive target for hackers. According to PricewaterhouseCoopers’ Global Economic Crime and Fraud Survey 2018, cyber crime was the third most reported fraud across the financial sector.
Recognizing this need for NBFCs to have a secure framework, India’s Reserve Bank of India (RBI) came out with a Master Direction for an Information Technology Framework in the NBFC sector in June, 2017. While the direction of the proposed IT framework was on various divisions, Information & Security Policy also played an important part.
The RBI directed that all NBFCs were required to have a board-approved information security policy with the following basic tenets:
- Confidentiality – Ensuring access to sensitive data to authorized users only
- Integrity – Ensuring accuracy and reliability of information by ensuring that there is no modification without authorization.
- Availability – Ensuring that uninterrupted data is available to users when it is needed.
- Authenticity – For IS it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine.
To ensure that NBFCs are compliant with these rules regarding information security, they can consider Seqrite Encryption Manager which protects corporate data that resides on endpoints with strong encryption algorithms such as AES, RC6, SERPENT and TWOFISH. Supported on all laptops and desktops running Microsoft Windows, data loss is prevented to occur from loss/theft of endpoint. It provides a powerful solution to issues like unauthorized access or protecting private data by maximizing data protection options. Two of the most important advantages of endpoint encryption include exceptional policy administration and key management followed by highly functional remote device management.
Some of the key benefits of SEM that make it a good option for NBFCs are:
- Centralized management and control
- Full disk encryption with assured data protection and compliance
- Encryption of removal media devices providing security across multiple removal media devices
- Ease of deployment and rescue methods
On the topic of cybersecurity, the RBI outlined the need for a board-approved cybersecurity policy, vulnerability management, cybersecurity preparedness indicators, the need for a cyber crisis management plan, sharing of information on cybersecurity incidents with RBI along with various tenets. Recognizing the importance of the mobile in today’s day and age and the role it plays, the RBI also outlined directions for it:
Mobile Financial Services
NBFCs that are already using or intending to use Mobile Financial Services should develop a mechanism for safeguarding information assets that are used by mobile applications to provide services to customers. The technology used for mobile services should ensure confidentiality, integrity, authenticity and must provide for end-to end encryption.
If NBFCs want to take heed of this and opt for a Mobile Device Management solution that can secure mobile devices, they can consider Seqrite Mobile Device Management, a comprehensive, state-of-the-art solution which offers all basic and advanced features enabling NBFCs to defend themselves from malicious attacks whilst not impacting their resource utilization. The solution can be deployed and modulated over cloud within a very short span of time. Its easy enrollment makes the user registration, setup and policy syncing a seamless efficient experience irrespective of the location of the end user. A unified management console enables the organization to view, manage and synchronize all the subscribed devices through a central GUI.
As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more
