Skip to main content

RBI Guidelines for Cyber Security in the NBFC Sector


The Reserve Bank of India (RBI) has set out key cybersecurity guidelines for Non-Banking Financial Companies (NBFCs) to tackle modern cyber threats. These guidelines emphasize strong governance, risk management, and technical controls to protect sensitive financial data. NBFCs are required to create effective cybersecurity policies, establish oversight committees, and implement rigorous access controls and encryption methods. Continuous monitoring and regular employee training are also critical to maintaining a strong defense. Adhering to these guidelines helps NBFCs enhance their security and resilience against cyberattacks.

Get Audit Consultation

Key Provisions of the RBI Cyber Security Guidelines for NBFCs

Cyber Security Policy

NBFCs are required to establish a comprehensive cyber security policy approved by their Board of Directors. The policy should cover risk management, data protection, incident response, and align with the overall IT strategy of the NBFC.

Governance and Organizational Structure

Appointment of a Chief Information Security Officer (CISO) who reports directly to the Board or its sub-committee. The CISO is responsible for implementing and overseeing the cyber security framework.

[vc_row_inner column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”left” row_pLS

[/vc_column][/vc_row]

Stay up-to date with latest emerging threats

Close Menu