EC No. 85/ DoS -08 /2021
NB. DoS.HO. CSITE/ 227/ CS-01/2021-22 27 April, 2021
The Chairman and Managing Director/ Chief Executive Officers
All Regional Rural Banks / All State Co-operative Banks/
All District Co-operative Banks
Strengthening the controls of payment ecosystem between Sponsor Banks and RRBs/RCBs/UCB(s) as a corporate customer
1. Please refer to our circular EC.No.32 and 33 /DoS-07/ dated 06 February 2020 on Comprehensive Cyber Security Framework and circular No.315/DoS-31/2019 dated 10 December 2019 on domain email wherein Regional Rural Banks (RRBs) and Rural Co-operative Banks (RCBs) were advised, inter alia, to implement bank specific email domains within three months of the issue of the circular. However, it has been observed that many RRBs and RCBs have still not complied with this requirement as on date.
2. To specifically address the concern observed as above as well as risks associated with the payment ecosystem, RRBs / RCBs who may be serving as sponsor banks (for effecting payment transactions-fund transfers and/or providing internet banking services) for other RRBs/RCBs/UCBs are advised the following:
(a) Ensure to obtain confirmation from the RRB(s)/RCB(s)/UCB(s), that they have reconciled the transactions initiated by them (at least on a daily basis). In case the RRB/RCB/UCB does not provide confirmation, based on its risk assessment, the sponsor bank may consider putting its services on hold till confirmation is received from the RRB/RCB/UCB.
(b) Not to entertain email communication from the RRB(s)/RCB(s)/UCB(s) to whom they are providing sponsor bank services, if the email is originating from a domain other than that of the bank (e.g. gmail, rediff). If the RRB(s)/RCB(s)/UCB(s) have not complied with the requirement, the sponsor bank may, based on its risk assessment, consider to keep their services on hold with the RRB(s)/RCB(s)/UCB(s). However, in case RRB(s)/RCB(s)/UCB(s) have not complied with the said requirement by April 30, 2021, the sponsor bank may put their services (which necessarily require email id for functioning) on hold till they have complied with the requirement.
3. We also enclose a copy of the Advisory No. UCB_1/2021 dated 24 February 2021 issued by RBI.
4. Please acknowledge receipt to our Regional Office concerned
(K. S. Raghupathi)
Chief General Manager
Encl: As above