The Reserve Bank of India (RBI) has imposed, by an order dated July 02, 2021, a monetary penalty of ₹25.00 lakh (Rupees twenty five lakh only) on Punjab and Sind Bank for non-compliance with certain provisions of directions issued by RBI on ‘Cyber Security Framework in Banks’ dated June 2, 2016.
This penalty has been imposed in exercise of powers vested in RBI under the provisions of section 47 A (1) (c) read with sections 46 (4) (i) and 51 (1) of the Banking Regulation Act, 1949. This action is based on the deficiencies in regulatory compliance and is not intended to pronounce upon the validity of any transaction or agreement entered into by the bank with its customers.
The bank had reported a few cyber incidents to RBI on May 16 and May 20, 2020. Examination of the incident reports and the report of the forensic analysis of the said incidents, revealed, non-compliance with aforesaid directions. In furtherance to the same, a notice was issued to the bank advising it to show cause as to why penalty should not be imposed for non-compliance with the directions issued by RBI, as stated therein.
After considering the bank’s reply to the show cause notice, oral submissions made during the personal hearing and examination of further clarifications/documents furnished by the bank, RBI came to the conclusion that to the extent the charges of non-compliance with RBI directions were substantiated, it warranted imposition of monetary penalty.