RBI consolidates directions on IT Governance, Risk, Controls, and Assurance Practices

Brief Overview:

RBI has, pursuant to the draft guidelines published in October 2022, issued the final Reserve Bank of India (Information Technology Governance, Risk, Controls and Assurance Practices) Directions, 2023 (“Directions”). The Directions aim to incorporate, update and consolidate the instructions relating to Information Technology (“IT”) Governance and Controls, Business Continuity Management, and Information Systems Audit.

Technical Details:

The Directions are applicable to:
1)  Banking Companies
2)  Non-Banking Financial Companies
3)  Credit Information Companies
4)  All India Financial Institutions

(collectively the “Regulated Entities”)

Focus Areas:
The key focus areas of the Directions are:
1)  IT Governance
2)  IT Infrastructure & Services Management
3)  IT and Information Security Risk Management
4)  Business Continuity and Disaster Recovery Management,

5)  Information Systems Audit.

Effective Date: 1st April 2024

Exceptions: The Directions are not applicable to Local Area Banks and NBFC – Core Investment Companies.

JC takeaway:

With the increasing use of digital channels by banking customers and outsourced IT service arrangements by Regulated Entities, the comprehensive Directions issued by the RBI are a step towards mitigating the associated financial and operational risks.

For further details, please see:


For any queries/clarifications, please feel free to ping us and we will be happy to chat:

●  Mr. Ankit Sinha (ankit.sinha@jclex.com)
● Ms. Rupul Jhanjee (rupul.jhanjee@jclex.com)

Similar Articles

Subscribe to our Newsletter



The Bar Council of India prohibits advocates from soliciting work or advertising. By clicking ‘AGREE’ below, the user acknowledges that no solicitation has been made, and this website serves as a resource for general information about Juris Corp at the user’s own risk. The information provided here neither constitutes legal advice nor creates a lawyer-client relationship. The links provided are not endorsements by Juris Corp, and Juris Corp is not responsible for any linked content. Users are advised to seek independent legal advice for any legal issues.