In view of the massive fraud at Punjab and Maharashtra Co-operative (PMC) Bank, the Reserve Bank of India (RBI) is proposing to issue guidelines to reduce concentration risk in the exposure of urban co-operative banks (UCBs).

Further, it will bring UCBs with assets of ₹500 crore and above under the Central Repository of Information on Large Credits (CRILC) reporting framework. In its statement on developmental and regulatory policies, issued along with the 5th bi-monthly monetary policy statement, the RBI said that with a view to reducing concentration risk in the exposures of UCBs and to further strengthen the role of UCBs in promoting financial inclusion, it is proposed to amend certain regulatory guidelines related to these banks.

The guidelines would primarily relate to exposure norms for single and group/interconnected borrowers, promotion of financial inclusion, priority sector lending, among others. These measures are expected to strengthen the resilience and sustainability of UCBs and protect the interest of depositors, the central bank said.

An appropriate timeframe will be provided for compliance with the revised norms. A draft circular proposing the above changes for eliciting stakeholder comments will be issued shortly. With a view to building a database of large credits extended by UCBs, the RBI has been decided to bring such banks with assets of ₹500 crore and above under the CRILC reporting framework. Detailed instructions in this regard will be issued by December 31.

The central bank has decided to prescribe a comprehensive cyber security framework for UCBs, as a graded approach, based on their digital depth and interconnectedness with the payment systems landscape, digital products offered by them and assessment of cyber security risk. It had prescribed a set of baseline cyber security controls for these banks in October 2018.

The framework would mandate implementation of progressively stronger security measures based on the nature, variety and scale of digital product offerings of banks. Such measures would, among others, include implementation of bank-specific email domain; periodic security assessment of public facing websites/applications; strengthening the cybersecurity incident reporting mechanism; strengthening of governance framework; and setting up of security operations center (SOC).

The RBI said this would bolster cyber security preparedness and ensure that the UCBs offering a range of payment services and higher Information Technology penetration are brought on a par with commercial banks in addressing cyber security threats. Detailed guidelines in this regard will be issued by December 31, 2019.