Lessons from China to Indian Bankers and RBI

China Banking Regulations Commission (CBRC) has notified guidelines to the Banking industry to use “Secure and Controllable Technology” to strengthen the Internet based Banking system. This guideline has the potential to bring significant changes to the IT industry in China and also the vendors from outside China.

According to the guideline it would be mandatory for Banks in China to use “Secure and Controllable IT Products at a minimum rate of 15% increase each year and to reach 75%  by 2019. The criteria for determining the status of a product as  “Secure and Controllable” have been detailed in the guideline and includes the following.

1. IT Vendors are required to establish own R&D service cetners in China

2. Source code should be filed with CBRC

3. Risk of Product supply chain should be controllable. (i.o.w. there could be a need for more local production in the entire supply chain)

4.The IP rights in respect of certain products could be subordinated to the local requirements. (i.o.w. provisions similar to compulsory licensing may be used)

As a result of these regulations, it would be necessary for the following:

1.Supplier/Service Contracts will have to incorporate necessary compliance clauses.

2. Banks will have to deploy 5% of their R&D budget on deployment of Secure and Controllable IT products

3. Banks need to subject themselves to an annual audit by CBRC  to determine compliance.

As a result of these changes, Indian IT companies having operations in China with exposure to Banking industry need to be prepared for a compliance related modification of their business contracts.  If they fail to adapt, the supply contracts may be terminated.

I think RBI needs to pick up a few lessons from these guidelines since they have mindlessly allowed domination of Chinese products in the Indian Banking industry exposing the country to a great disadvantage in the event of a Cyber War. Banks should also understand that there is national interest beyond the need to increase their bottom line.

 We remember that during the UPA regime, a Security Certification Center was established under the guidance of IISC Bangalore to test IT products from China in particular which were suspected to have OEM-back doors, but was actually sponsored by Huawaei !

I hope the National Cyber Security team in India takes note of these developments and initiate appropriate actions.

REFER:

China Banking IT Regulation Tightened Up

China Issues new CBRC guidelines

CBRC issues clarifications

CBRC makes life difficult for MNC vendors

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Bank, RBI. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.