RBI’s Rao Warns Banks and Fintechs of Cybersecurity and Outsourcing Risks After Microsoft Outage

Reserve Bank of India (RBI) Deputy Governor M. Rajeshwar Rao has warned about the risks related to cybersecurity and the growing reliance of financial services on outsourcing. His comments come just days after a global Microsoft Windows outage disrupted operations in various sectors, including airlines, banks, and hospitals.

BFSI summit

Speaking at the BFSI summit organized by CareEdge Ratings, Rao highlighted the potential dangers of third-party dependence and outsourcing in regulated entities. He noted that while outsourcing can increase efficiency, reduce costs, and improve customer experience, it also brings challenges like ensuring the reliability, security, and compliance of outsourcing partners.

Rao pointed out that financial institutions must carefully choose their lending service providers (LSPs) and ensure they have suitable grievance redressal mechanisms. A recent RBI study found that many LSPs do not have the expected systems in place, leading to customer dissatisfaction and potential regulatory actions.

Cybersecurity

Cybersecurity is another critical concern, with financial institutions needing to assess and ensure that third-party service providers can protect their digital assets and customer information. Rao warned about the risk of vendor lock-in, where relying on a single vendor for critical services can limit flexibility and increase dependency risks.

Microsoft Outage

The recent Microsoft outage, caused by a routine update from cybersecurity software company CrowdStrike, affected 8.5 million computers worldwide. This incident underscores the importance of robust cybersecurity measures and the potential impacts of third-party failures.

Rao also addressed issues related to customer service and transparency in financial entities. He noted that slow response times, hidden fees, and misleading sales practices continue to frustrate customers and erode trust. The RBI has received numerous complaints about these issues, including difficulties in closing accounts and unclear documentation requirements.

Focusing on Customer Service

To improve customer service, Rao emphasized the need for a human touch in handling grievances and urged boards of financial entities to actively oversee control and assurance functions. He highlighted the importance of clear communication and a comprehensive approach to risk assessment within organizations.

The RBI’s recent instructions on fixing EMIs and providing a Key Fact Statement with the Annual Percentage Rate are examples of measures aimed at improving transparency and customer satisfaction. Rao called for financial institutions to take proactive steps in addressing these issues without waiting for regulatory intervention.