Share
The Reserve Bank of India (RBI) imposed a monetary penalty of ₹2.66 crore on Bank of Bahrain & Kuwait BSC, India Operations on December 12, 2022, for non-compliance with RBI’s directions on the “Cyber Security Framework in Banks.” The penalty was levied under Sections 47 A (1) (c) and 46 (4) (i) of the Banking Regulation Act, 1949.
An RBI IT examination in October 2021, along with a reported cybersecurity incident and related correspondence, revealed multiple lapses. The bank failed to implement systems to detect unusual activities in its database, set up a Security Operations Centre, maintain audit logs for servers, restrict administrative rights on endpoints, enforce multi-factor authentication for critical servers, manage access to critical servers, maintain a Cyber Crisis Management Plan, integrate real-time alerts with monitoring solutions, and ensure the integrity of critical files. These deficiencies allowed an unauthorized intrusion to go undetected.
After reviewing the bank’s submissions and conducting a personal hearing, RBI concluded that the non-compliance was substantiated and warranted the imposition of the penalty.
[RBI]