RBI circular RBI/2015-16/418 mandates a Board-approved cyber security policy and a baseline of 24 requirements for every bank. Our platform codifies all 24 requirements and 106 controls into role-based workflows โ making your posture measurable, auditable and defensible before a supervisory assessment.
Unlike a flat fine schedule, RBI consequences are supervisory and regulatory. Gaps in your baseline controls surface during RBI inspections, IT examinations and incident reviews โ and carry real financial, legal and reputational weight.
RBI can impose monetary penalties on banks for contravention of its directions, including the Cyber Security Framework. Penalties are accompanied by public disclosure โ a direct reputational hit with customers and the market.
Banks must report unusual cyber-security incidents to the RBI within two to six hours (Annex 3 template), and to CERT-In / NCIIP / IB-CART. Late or incomplete reporting compounds supervisory concern during follow-up.
The framework places cyber-security squarely with the Board and its IT Sub-Committee. A Board-approved policy, gap assessment and SOC are required โ leadership is accountable for material control gaps during examination.
Spreadsheets cannot produce the structured, auditable evidence an RBI examination demands. The Cognisec RBI Cyber Security Engine codifies all 24 Annex-1 requirements and 106 controls into role-based workflows mapped to your bank's assets.
Build your inventory of business IT assets and classify by criticality, aligned to Requirement 1 of Annex 1. Coverage is computed per asset, not as a vague composite score.
Compliance Owners assess inherent and residual risk per asset. Identify gaps against the baseline and prioritise remediation under IT Sub-Committee oversight.
Owners submit control evidence; the CISO reviews, validates and approves. Every action is logged โ exactly the audit trail RBI inspections expect.
Live coverage = approved pairs รท required pairs (active assets ร 24 requirements). Board Members see compliance posture, audit findings and submissions in one view.
One platform, three dedicated panels โ CISO, Compliance Owner and Board Member. Each role sees exactly what the framework expects of them.
The central owner of the bank's cyber-security programme. The CISO builds the policy, manages users, reviews Compliance Owner submissions, validates controls and reports the gap assessment to the Board โ as named in the circular.
Responsible for day-to-day implementation. Compliance Owners build the asset inventory, assess risk per asset, implement controls across the 24 requirements, and submit evidence to the CISO for validation.
Read and oversight access for the Board and IT Sub-Committee. Approve the cyber-security policy, review audit findings and reports, and view compliance posture and risk โ the Board accountability the framework demands.
Issued on 2 June 2016 and reinforced by subsequent RBI directions, the Cyber Security Framework applies to every scheduled commercial bank. The baseline is the floor โ not the ceiling โ for examination.
Circular RBI/2015-16/418 โ Department of Banking Supervision
Lock in your discounted rate permanently. Price never increases for early subscribers.
30-day free trial. All features. All 3 panels. 24 requirements, 106 controls ready.
๐ฆ No charge during trial ยท Cancel anytime ยท Early bird pricing locked for first 5 subscribers
We are actively seeking partners โ IT vendors, audit firms and compliance consultants serving co-operative banks, regional and scheduled commercial banks โ to represent the Cognisec RBI Cyber Security Engine. If you work in banking technology or cyber-compliance, let's talk.