Understand how FinStack's No-Code Loan Origination System ensures complete compliance as per RBI's Master Directions.
On October 20, 2022 the Reserve Bank of India (RBI) released the Draft Master Direction on Information Technology Governance, Risk, Controls, and Assurance Practices. Following the draft guidelines, RBI came out with Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices on Nov 7, 2023 with an objective to tighten the governance framework for technology within banking segment. The Master Direction has been in effect since April 1, 2024.
The directions are applicable to the following Regulated Entities (REs):
- Scheduled Commercial Banks (excluding Regional Rural Banks)
- Small Finance Banks
- Payments Banks
- Non-Banking Financial Companies (except NBFC-Core Investment Companies)
- Credit Information Companies
- All India Financial Institutions (EXIM Bank, NABARD, NaBFID, NHB and SIDBI)
RBI's Master Directions are summarised over 7 chapters out of which the first (Chapter I - Preliminary) and last chapter (Chapter VII – Repeal and Other Provisions) cover the applicability and repeal of older instructions respectively.
Chapter II of the Master Directions cover the responsibilities of the RE in terms of establishing the board of directors, committees and members who will enforce and govern the company's technological functions.
Chapter III of the Master Directions mandates REs to show RBI that their IT infrastructure, vendors, people, and processes are robust, secure, scalable, and well-governed for daily operations as well as disaster recovery with clear accountability at every step.
FinStack's plug and play microservice architecture allows REs to scale their infrastructure vertically as well as horizontally for capacity management.
Chapter IV of the Master Directions mandates REs to show RBI that they:
- Continuously identify and reduce IT & Cyber risks
- Have clear governance & accountable roles
- Actively test for weaknesses
- Respond quickly to incidents
- Keep the Board, committees, and CISO always in the loop.
Chapter V of the Master Directions mandates REs to plan, test, and prove to RBI that they can continue critical operations securely and with minimal downtime even after major disruptions. FinStack's Disaster Recovery Management policy follows Active Passive Topology to provide near zero Recovery Point Objective (RPO) and near zero Recovery Time Objective (RTO).
Chapter VI - Information Systems (IS) Audit of the Master Directions mandates REs to establish an Audit Committee of the Board (ACB) for exercising oversight of IS Audit of the RE.
Read our blog for a summary of the Master Directions, along with details of how FinStack addresses every single point mentioned in the regulations.