Online Banking:Regulatory framework in India

This particular post is a modified version of an abstract prepared for a conference on Online banking. During the research I could found that the literature on regulatory aspect on online baking is very less. I thank Kalpit for working with me for this post.

Shedding the conventional brick and mortar banking style, the Indian banking has entered the new forte of online/internet banking, though of late. This being the transition period, the banking community is facing immense challenge and issues of feasibility also pop-up.

I. Feasibility of Online banking in India

The redtapism in public sector banking and lesser consumer base is being attributed to as the reasons for the Indian banks to enter into the online banking this late. With the rapid development in the technological infrastructure (security, confidentiality is being mainly referred to) and the legal framework being better equipped, the online bank has become a feasible mode of banking in India.

Regulatory framework in India has gone a long way forward, with the Information Technology Act 2000 attempting to address a number of e-commerce regulatory issues, address the need for banks to go online and have laid out security measures to be adopted (since online baking is overlapping with e-commerce on most occasions and having to deal with cross-border jurisdictions), and with the comprehensive and forward looking guidelines brought out by the RBI.

Along with the favorable scenario in the techno-legal aspect and the increasing internet consumer base has taken the trend of online banking from basic information dissemination service to fund-based transactions on their accounts, hinting at the ample growth prospect of online banking in India.

II. Challenges

In the Internet banking system, information is considered as an asset and so worthy of protection. However, the present system of authentication does not address the security aspect in full. This calls for an urgent need to acclimatize the whole system.

According to Online Banking Association, member institutions rated security as the most important issue of online banking. There is a dual requirement to protect customers' privacy and protection against fraud. Another major issue is that of Data Protection and the need for a legal and regulatory framework.

Currently, India has no law on data protection. Information security in e-banking presents two main areas of risk: preventing unauthorized transactions and maintaining integrity of customers’ transactions. Data protection falls in the latter. Data protection laws primarily aim to safeguard the interest of the individual whose data is handled and processed by others. ‘Interests’ are usually expressed in terms of privacy, autonomy and/or integrity.

The Information Technology Act, 2000 does not address this issue. India should take cue from nations, which have favored ad hoc enactment of sectoral laws over omnibus legislation. Along with these issues, the contradictory issues present in the Banking Regulations Act, 1949, the Reserve Bank of India Act, 1934 and the Foreign Exchange Management Act, 1999 need also to be looked into.

On the technological front the Indian Internet banking system is facing many hurdles. The problems include operational risks, security risks, system architecture risks, reputational risks and legal risks. Phishing is another issue that needs attention. Experts suggest that simple rules such as not sharing login IDs and passwords with anyone, would keep customers safe.

III. Future

It would obviously take much time before the online banking could be called a fully alternative banking mode to the conventional one. Legal and cross-border risks can be avoided through proper customer identification devices, information screening techniques, periodic reviews on compliance with various laws, and gaining knowledge of various national laws (applicable) and guide the customers through their cross-border dealings. The compliance part and policy regulation part should be assured by the RBI and the need for a data protection law cannot be denied.

The security issues can be tackled by having the bank's systems technologically equipped to evade operational and security risks. Reputational risks can be prevented by testing of the system before implementation, developing contingency plans (to handle system disruptions, system hackers, security lapses and virus attacks) and creating back-up facilities. Customer education and awareness also need to addressed, as unless the customers are taken into confidence and made comfortable with the working of online banking all the technological development will go in vain.