This website is only for informational purposes. Visitors are requested to note that the information is intended to be correct, complete, and up-to-date. Juris Corp does not warrant that the information contained on this website is accurate or complete, and disclaims any and all liability to any person for any loss or damage caused by errors or omissions, whether such errors or omissions result from negligence, accident or any other cause.

This website is not intended to be a source of advertising or solicitation. The reader must not consider the information contained herein to be an invitation for a lawyer-client relationship, must not rely on information provided herein and must seek independent advice. Transmission, receipt or use of any information on this website does not constitute or create a lawyer-client relationship. No recipients of content from this website should act or refrain from acting, based upon any or all of the contents of this website.

Furthermore, Juris Corp does not wish to represent anyone desiring representation based solely upon viewing this web site. Finally, the reader is warned that the use of e-mail for confidential or sensitive information is susceptible to inherent risks of lack of confidentiality associated with sending e-mail over the internet.

By clicking on the "I understand and agree" button below, the user acknowledges that:

  • This website is not a mode of advertisement, promotion, personal communication, or solicitation of any sort whatsoever and the user wishes to gain information about us for his/her own reasons;
  • Entering into this website does not establish a lawyer-client relationship.

We are not liable for any consequence of any action taken by the user relying on information provided under this website. In cases where the user has any legal issues, he/she must seek independent legal advice.

JC - Legal Updates - RBI consolidates directions on IT Governance, Risk, Controls, and Assurance Practices

Legal Updates

08 Nov 2023

RBI consolidates directions on IT Governance, Risk, Controls, and Assurance Practices

Brief Overview:
RBI has, pursuant to the draft guidelines published in October 2022, issued the final Reserve Bank of India (Information Technology Governance, Risk, Controls and Assurance Practices) Directions, 2023 (“Directions”). The Directions aim to incorporate, update and consolidate the instructions relating to Information Technology (“IT”) Governance and Controls, Business Continuity Management, and Information Systems Audit.
Technical Details:
The Directions are applicable to:
1)  Banking Companies
2)  Non-Banking Financial Companies 
3)  Credit Information Companies 
4)  All India Financial Institutions
(collectively the “Regulated Entities”)
Focus Areas:
The key focus areas of the Directions are:
1)  IT Governance
2)  IT Infrastructure & Services Management
3)  IT and Information Security Risk Management
4)  Business Continuity and Disaster Recovery Management,
5)  Information Systems Audit.
Effective Date: 1st April 2024
Exceptions: The Directions are not applicable to Local Area Banks and NBFC - Core Investment Companies.
JC takeaway:
With the increasing use of digital channels by banking customers and outsourced IT service arrangements by Regulated Entities, the comprehensive Directions issued by the RBI are a step towards mitigating the associated financial and operational risks.
For further details, please see:  
For any queries/clarifications, please feel free to ping us and we will be happy to chat:

●   Mr. Ankit Sinha (ankit.sinha@jclex.com)
●   Ms. Rupul Jhanjee (rupul.jhanjee@jclex.com