Search This Blog

Showing posts with label RBI. Show all posts

Indian Digital Currency Era – A Quick Look

Compared to more conventional forms of money like cash notes or coins, electronic money stored in bank accounts, mobile banking applications, and credit cards is quickly replacing the public's perception of finance.

The popularity of UPI demonstrates the preference for digital money systems. India has been pushing hard to become cashless, starting with the decision to implement demonetization in 2016. That same year also saw the launch of the real-time payments system known as the Unified Payments Interface (UPI). The paradox in the existing system is that although digital transactions are becoming more common, cash is still very popular in India.

In terms of transaction value, UPI executed 7.3 billion transactions in October, totaling Rs. 12.11 lakh crore, a record high. While volumes increased 73.3 percent during the same period, transaction values increased by 56.6 percent year over year.

Cryptocurrencies vs. Digital Rupee

A CBDC, as defined by the RBI, is "a legal tender issued by a central bank in digital form. It can be exchanged one-to-one for fiat money and is equivalent to it. All that has changed is its form. "

However, it is impossible to directly compare a CBDC to a cryptocurrency.

"A CBDC is not a commodity or a claim on a commodity or a digital asset, unlike cryptocurrencies. They are not money definitely not a currency in the sense that the term has historically been used, "according to the RBI's release.

According to the tracker maintained by the Atlantic Council, 98 nations are currently investigating CBDCs. Of these, 11 nations have started CBDCs. In light of this situation, the RBI is acting in a calibrated way to start CBDCs. It is currently looking into the possibility of implementing wholesale CBDCs based on accounts and retail CBDCs based on tokens.

"When something new enters the market, the old need to adapt, and the new need to control the change", says Nikhil Kamath, co-founder of Zerodha. "While many have been critical of #CBDC, we might be overlooking the big picture, remittances, unbanked economy, and minimizing subsidy leakage."

The increasing use of cryptocurrency stablecoins, which tie their value to another currency or asset, has also alarmed a number of central banks. According to a Press Trust of India report, RBI officials informed a parliamentary finance committee in 2022 that the 'dollarization' of a portion of the economy by cryptocurrencies could be detrimental to the nation's interests.

Money transfers via cell phones would be quick and easy, according to Sathvik Vishwanath, co-founder, and CEO of Unocoin, a rival cryptocurrency exchange. The digital rupee will most importantly aid in the eradication of problems with counterfeit money.

According to FIS's Cheema, adoption of the CBDC in the wholesale sector (CBDC-W) has large benefits and substantially fewer dangers than in the more complicated domain of retail CBDC (CBDC-R). In the future, CBDC-R will supplement existing payment structures, not replace them.

The digital rupee will therefore be available for use by all Indian citizens whenever the RBI begins to print it.

Reserve Bank Stress Tests Simulate Stagflation

As part of their latest Reserve Bank solvency stress test, New Zealand banks were asked to take into account a cyberattack for the first time. Despite a severe stagflation-like scenario, the Reserve Bank says most firms would have to raise capital, restrict dividends and cut expenses to be able to keep functioning, even though they will have to raise fresh capital, limit dividends, and cut expenses to do so. 

During the stagflation scenario considered in the model, high inflation, increasing interest rates, and a severe recession resulting in a surging unemployment rate are some of the features modeled. Since 2014, it has been the first time a reserve bank has conducted a stress test in which high-interest rates were present. 

Banks included in the annual stress test were ANZ NZ, ASB, BNZ, Westpac NZ, Kiwibank, Heartland Bank, TSB, ICBC, and Bank of China. They received instructions from the Reserve Bank in April. 

6% was the Consumer Price Index inflation rate for the NZ economy. According to Statistics NZ, this was below the 7.2% reported in the current year, as well as the 6.9% reported by Statistics NZ in May for March. 

As part of the arrangement, the Reserve Bank also had to increase the Official Cash Rate (OCR) from just 1% – the rate it had at that time – to 3% by the year 2022. Currently, the OCR stands at 3.5%. It is expected to increase to at least 4% on November 23, 2022. This is when it will be reviewed for the last time of the year. A significant part of this scenario includes the sale of the NZ dollar. This has been an element of inflation that has been imported, and which has been occurring this year as well. 

The Reserve Bank will incorporate a specific cyber risk event into the stress test that will be administered to participating banks in 2022 for the first time. Over time, this resulted in 1.3 billion dollars in aggregate costs. 

In addition to considering how a cyberattack would impact the banks' business, this year's solvency stress test also asked banks to consider how low the likelihood of such an attack was. This is in response to a one-in-25-year cyber risk event that may threaten the general banking system. 

To tackle this challenge, banks have come up with several strategies, such as modeling the impacts of different scenarios. These include distributed denial of service attacks, attacks that lock banks out of critical infrastructure, kill chain malware, ransomware, and other threats. These attacks are modeled to last for at least one to two months in the event of a significant attack.

It can be assumed, therefore, that the estimated losses resulting from each event will vary as expected. This is based on the benchmark and the operational risk of the bank at the time. There is an assortment of reasons why companies lose money, including reimbursements from customers, consultancy and legal fees, losses in business, technology upgrades, communications and media expenses, and technology upgrades, according to the Reserve Bank of Australia. 

Banks should be aware that multiple risks can crystallize and need to be managed during economic downturns, the Reserve Banks emphasize. The Reserve Bank also shared, "this is even though the aggregate cost of the cyber risk event was small compared with impairment expenses in this stress test. Our understanding of banks' handling and quantification of cyber-risk stress events was enhanced by the exercise." There is one thing in your life that you have no control over:

Last week, in an interview with, ANZ NZ CEO Antonia Watson told the website that attackers strive "all the time" to penetrate the bank's security system. 

According to Watson, "This is one of the things you cannot do anything about since there will always be someone who will find some way of finding a backdoor."

Cyberattacks can happen to organizations of all sizes, which is why it plays a crucial role in our risk management strategy as a business. Because of that, it is one of the key risks that we see as a business. This is why we invest so much money to help educate our customers regarding these types of attacks.

National Australia Bank's Ross McEwan, the CEO of the bank's parent company BNZ, revealed last week that NAB's digital channels receive approximately 50 million attacks every month. He further notes that this incident along with the recent cyber-attack on Optus in Australia is what keeps CEOs awake at night. 

The scenario

During the NZ economy's stress test scenario, the following scenarios will be experienced:

• In comparison to the peak in November 2021, house prices have fallen by 42% (47% from its peak in November 2021) 

• A 38% decline in equity prices has been recorded since December 2021 (42% in the past year). 

• At the same time, the unemployment rate rose from 3.3% to 9.3%. 

• During the period of the recession, the gross domestic product decreased by 5%. 

• A peak in the OCR has been recorded at 5.5%, as well as the peak in the 2-year mortgage rate of 8.4% (the average bank's 2-year rate at the moment is 5.8%, but the big five banks all have rates above 6%); 

• There is one more aspect of the economic scenario that banks must take into account and model as well, which is a cyber-risk event that occurs once every 25 years. 

A scenario like this has the potential to generate aggregate impairment expenses for banks of $20.8 billion over the next four years, which is higher than the $1.7 billion that has been incurred from the COVID-19 pandemic in the last four years, according to the Reserve Bank. During the second year of the four-year stress test, banks have been sinking into the red. 

During the stress test, the common equity Tier 1 ratio for the aggregate company fell by 3.3 percentage points to a minimum of 8.9% before mitigation. This is well above the regulatory minimum of 4.5% as shown in Figure 1 [below]. 

According to the Reserve Bank of Australia's report on its 2022 stress testing program, this annual solvency stress test was included in the Reserve Bank's stress testing program for the year 2022. Additionally, a liquidity stress test and a test to determine whether the residential mortgage portfolio is sensitive to flooding risks were also included in the study. As part of the Reserve Bank's Financial Stability Report released on Wednesday, the Reserve Bank will present a summary of the "high-level results" in these two areas. 

In its description of the stress test on solvency, the Reserve Bank thinks that it is predominantly a bottom-up exercise, where banks normally use their models, sometimes on a loan-by-loan basis, to estimate the impact of the Reserve Bank's specified scenario on capital ratios in the future. 

During the release of the instructions and templates for the solvency stress test, the company noted that it is the first time that these have been published publicly.

RBI Employs Tokenization to Combat Breaches


The RBI, the central bank of India, is now prepared to impose card tokenization in India after permitting customers to link credit cards with UPI. In the midst of all of this, many users are perplexed as to what card tokenization actually is and why applications and websites advise users to safeguard their credit and debit cards following the RBI's new rules.
What is tokenization? 

Tokenization is the process of replacing actual card information with a special alternate code called a 'token,' which must be different for each card, token requester, and device, i.e. the organization that accepts customer requests for card tokenization and forwards them to the card network to produce a corresponding token.

Researchers are still quite aware of the data exposures from MobiKwik and Domino's India. As users can see, the data becomes vulnerable to data breaches and leaks if you store your private card information on the cloud servers of numerous such online apps and websites.

Although some websites might have the highest levels of security in place to protect user credit card information, others may not be adhering to international security requirements. Having credit card information being dispersed over several servers with varying levels of security gives hackers more access points. The RBI now wants to alter the current state of digital payments and standardize 'tokenization' to increase the security of all online card transactions.

In September 2021, the RBI ordered that card-on-file (CoF) tokenization be used instead of retailers holding client card information on their systems beginning January 1, 2022. In addition, businesses such as apps, websites, payment processors like RazorPay, or banks will no longer be responsible for safeguarding your card information. Tokenization is a technique the RBI developed to protect domestic card transactions by employing random strings of tokens rather than disclosing the user's personal card information.

Since the regulation on tokenization was published, according to Deputy Governor Sankar, the central bank has been in close contact with all stakeholders to guarantee a smooth transition to the tokenization policy.

How does tokenization work? 

The process of tokenizing cards is straightforward. When a card is chosen to be tokenized, the card network such as Visa, MasterCard, etc. issues the token with the bank's approval and gives it to the retailer. For example, when you save an SBI Visa debit card on Paytm by RBI's requirements, Visa will create the token with SBI's permission and share it with Paytm.

If you decide to save the identical credit or debit card on some other app, let's say Amazon, a new token will be issued and shared with Amazon. The token will vary based on the merchant and device, even if it's the same card. From a security standpoint, it implies the tokens are unique and discrete, which is beneficial.

Potential effects of tokenization

The RBI was forced to develop card tokenization as a result of the constant data leaks, thefts, and breaches that occur in the digital age. Not to add that the various security standards used by apps, websites, payment processors, and other middlemen compromise users' online security.

Tokenization has very little of an effect on the customer. Customers simply need to submit their card information once to receive a token. The process of tokenization will then be initiated by the merchant at no further cost or customer effort.

According to experts, there are no drawbacks to card tokenization from the perspective of the end-user. The RBI standards must be implemented by merchants and payment systems, but aside from that, consumers benefit.

How Banks Evade Regulators For Cyber Risks


As of late, the equilibrium between the banks, regulators, and vendors has taken a hit as critics claim that banks are not doing enough for safeguarding the personally identifiable information of the clients and customers they are entrusted with. As there has been rapid modernization in internet banking and modes of instant payments, it has widened the scope of attack vectors, introducing new flaws and loopholes in the system; consequently, demanding financial institutions to combat the threat more actively than ever. 

In the wake of the tech innovations that have broadened the scope of cybercrime, the RBI has constantly felt the need to put forth reminders for banks to strengthen their cyber security mechanisms; of which they reportedly fell short. As financial frauds relating to electronic money laundering, identity theft, and ATM card frauds surge, banks have increasingly avoided taking the responsibility.  

It's a well-known fact that banks hire top-class vendors to circumvent cyber threats, however, not a lot of people would know that banks have gotten complacent with their reliance on vendors to the point of holding them accountable for security loopholes and cybersecurity mismanagement. Subsequently, regulators fine the third-party entity, essentially the 'vendors' providing diligent cyber security risk management to the banks.  

The question that arises is that are banks on their own doing enough to protect their customers from cyber threats? Banks need to understand monitoring and management tools available to manage cyber security and mitigate risks. Financial institutions have an inherent responsibility of aggressively combating fraud and working on behalf of their customers and clients to stay one step ahead of threats.  

Banks can detect and effectively prevent their customers' privacy and security from being jeopardized. For instance, banks can secure user transactions by proactively monitoring SMS using the corresponding mobile bank app. They can screen phishing links and unauthorized transactions and warn customers if an OTP comes during a call.  

Further, banks are expected to strictly adhere to the timeframe fixed for reporting frauds and ensuring that customer complaints regarding unscrupulous activities are timely registered with police and investigation agencies. Banks must take accountability in respect of reporting fraud cases of their customers by actively tracking the accounts and interrupting vishing/phishing campaigns on behalf of their customers as doing so will allow more stringent monitoring of the source, type, and modus operandi of the attacks. 

“We are getting bank fraud cases from the customers of SBI and Axis Bank also. It is yet to be verified whether the data has been leaked or not. There might be data loss or it could be some social engineering fraud,” Telangana’s Cyberabad Crimecrime police said. 

“Police said that the fraudsters had updated data of the thousands of customers who received new credit cards and it was a bank’s insider who is the architect of this whole fraud,” reads a report pertaining to an aforementioned security incident by The Hindu.  

“This is a classic case to explain the poor procedure practised by the network providers while issuing SIM cards, and of course the data security system at the banks,” a senior police officer said. 

In relation to the above stated, banks should assume accountability for their customers’ security and shall review and strengthen the monitoring process, while meticulously following the preventive course of action based on risk categorization like checking at multiple levels, closely monitoring credits and debits, sending SMS alerts, and (wherever required) alerting the customer via a phone call. The objective, essentially, is for banks to direct the focus on aspects of prevention, prompt detection, and timely reporting for the purpose of aggregation and necessary corrective measures by regulators which will inhibit the continuity of crime, in turn reducing the ‘quantum’ of loss.  

Besides, vigorously following up with police and law authorities, financial institutions have many chances to detect ‘early warning signals’ which they can not afford to ignore, banks should rather use those signals as a trigger to instigate detailed pre-investigations. Cyber security is a ‘many-leveled’ thing conception, blaming the misappropriations on vendors not only demonstrates the banks’ tendency to avoid being a defaulter but also impacts the ‘recoverability aspects’ like effective monitoring for the customers to a great degree.

The RBI Warns Patrons of Unauthorized Money Lending Apps


Reserve Bank of India has forewarned Indians against unauthorized money lending apps that are increasingly rising day by day, consequently subjecting customers to fraudulent deeds. The threat actors lure the patrons with instant loans, capitalizing on their needs, and then trouble victims for the dues.

What are unauthorized money lending apps?

Money lending apps are rackets where you could get an instant personal loan offered through mobile apps at inflated interest rates by some unauthorized lenders. These apps are easily available on Google Play Store and do not have any tie-up with any banks or Non-Banking Financial Institutes. Any patron can avail the loan within a few weeks or less after updating all the personal information like Aadhar Card, PAN card, etc., details in the app. 

The company misguides the patrons into fraud by drastically reducing the original amount of the loan. The modus operandi of the app includes taking and feeding all the personal information of the patron in one particular app and then circulating the phone number across other such fraud apps. The other apps would now call the patrons and lure them into availing more loans. The lender would claim that the patrons are eligible for the loan as they have already verified the credentials from the previous app from which they borrowed the loan. Notably, ‘n’ number of patrons fell into this trap and later regretted the same. In the entire process, there comes a time when the patron needs to pay more than the borrowed amount due to the high-interest rate, GST fees, and other penalties for overlooking the due date. 

The worst part comes when these lenders circulate the patrons' private and confidential information on the internet and various other media platforms. They threaten the patron and also their relatives via various social media platforms. 

In the last few months especially after the COVID-19 situation where a lot of people have lost their jobs, such cases of fraud have seen a significant surge. A lot of them have registered a complaint against the money lenders. These apps are under the media scanner of law enforcement officials of India for indulging in unlawful practices, especially while colleting the dues from the patrons. 

On the other hand, The Digital Lenders Association of India (DLAI) trusts that there is a clear demarcation between legally regulated entities and unreliable firms. In this regard, they added, “we have been proactive in ensuring our members follow a strict code of conduct that serves as a guideline. It covers multiple aspects such as interest rates, recovery mechanism, and data privacy”. 

While warning the patrons of such fraudsters, RBI stated in its press release, “Moreover, consumers should never share copies of KYC documents with unidentified persons, unverified/unauthorized Apps and should report such Apps/Bank Account information associated with the Apps to concerned law enforcement agencies or use Sachet portal to file an online complaint.”

RBI's new guidelines for Debit and Credit Cards, effective today

To combat the ever increasing financial frauds and to make online payments safer, RBI (Reserve Bank of India) has issued new guidelines for debit and credit cards effective from 1st October 2020.

 The new guideline for Debit and Credit Card by RBI-

  •  International Transactions to be Optional-

According to this users can now either opt in Or opt out for International Transactions. The bank can disable old cards for international payments or issue new cards for the customers choosing to indulge in international exchange. 

Gaurav Chopra, CEO, IndiaLends says, “For new cards being issued, the users will only be able to use these services after registering for them. The main reason for this is to prevent card fraud and misuse and give the consumer better power to manage his or her finances. With spend and withdrawal caps, even if an individual becomes a victim of cyber or ATM fraud, the damage will be limited.” 

  • Disable cards that have never been used for online payment- 

RBI has directed banks to disable the online payment service for all those debit and credit cards that have never been used for online money exchange. This does not include gift cards or prepaid cards.

Rajesh Mirjankar, MD and CEO, InfrasoftTech, says, “RBI has mandated banks to incorporate risk-mitigation features in customers’ debit cards and credit cards from 1st October. With this new feature, consumers can set up a limit on their credit cards and debit cards. Cardholders will have the option to switch on and off their debit and credit cards for any facility – ATM, NFC, POS, or eCommerce (card-not-present) transaction.” 

  • NFC (Near Field Communication) Or Contactless payment will also be optional- 

Users will now be able to switch on and off their NFC payment whenever they want. Suppose on a trip to Korea they switched on NFC, they can opt out of it on returning to India. Cardholders can also set a limit to NFC payment, earlier it was Rs.2000 per day now they can increase or decrease as per to their preference.

 Mirjankar, of InfrasoftTech, says “The apps that banks have already rolled out with these features allow customers to set separate limits for each channel such as ATM, PoS, card-not-present, and NFC, in addition, to be able to revise downward their overall card limit.”

Reserve Bank of India Experiences a Technical Glitch; NEFT and RTGS Go Down for Half a Day!

Electronic money transfer is something that has changed the way people used to transact. It has offered a way more convenient method that goes along the lines of modernity and the need of recent times.

The most widely used and popular mediums of transferring money between bank accounts in India are NEFT and RTGS. While NEFT has neither minimum nor maximum limits, RTGS is designed for heavier sums of money with 2 lac being the minimum amount and 10 lac being the maximum per day.

Per reports, National Electronic Funds Transfer (NEFT) and Real-Time Gross Settlement (RTGS) were disrupted for more than half a day. The signs of this started to show from Monday midnight.

Sources mention that this happened because of a technical glitch in the systems of the Reserve Bank of India. Nevertheless, NEFT and RTGS have been reinstated after inactivity of 12 hours.

Several reports reveal that the main issue allegedly was grappled by the Indian Financial Technology and Allied Services (IFTAS), which is an RBI affiliated branch when the “disaster recovery site” was being moved from locale A to B.

Sources impart that the NEFT transactions have as of now been brought back. The “end-of-day” RTGS transactions of the previous day are being worked on to get them to reach completion but the “start-of-day” for RTGS hasn’t ensued yet. Still, the restoration of RTGS is expected soon.

The setup for NEFT was established and supported by the Institute for Development and Research in Banking Technology. People will now be able to use this medium for online transferring of funds and money 24x7. Meaning that holidays or weekends would never come in the way of money transfers and funds would be transferred any day and at any time at all.

NEFT and RTGS are the most commonly used routes for online transfer of funds.

The former medium facilitates a provision for limitless one-to-one transfer of money from and to individuals and corporates with an account in any bank branch in the country. The latter, however, has the aforementioned limits and is a continuous and real-time settlements of fund transfers.

RBI AnyDesk Warning; here's how Scammers Use it to Steal Money

In February, Reserve Bank of India (RBI) issued warning regarding a remote desktop app known as 'AnyDesk', which was employed by scammers to carry out unauthorized transactions from bank accounts of the customers via mobile or laptop.

In the wake of RBI's warning, various other banks such as HDFC Bank, ICICI Bank and Axis Bank along with a few others, also issued an advisory to make their customers aware about AnyDesk's fraudulent potential and how it can be used by the hackers to steal money via Unified Payments Interface (UPI).

However, it is important to notice that Anydesk app is not infectious, in fact, on the contrary, it is a screen-sharing platform of extreme value to the IT professionals which allows users to connect to various systems and mobiles remotely over the internet.

How the Scam Takes Places? 

When a customer needs some help from the customer care, he gets in touch via a call and if he gets on line with a scammer, he would ask him to download AnyDesk app or a similar app known as TeamViewer QuickSupport on his smartphone.

Then, he would ask for a remote desk code of 9-digit which he requires to view the customer's screen live on his computer. He can also record everything that is been shown on the screen. Subsequently, whenever the victim enters the ID and password of his UPI app, the scammer records it.

Users are advised not to download AnyDesk or any other remote desktop applications without fully understanding their functioning.

You should also be highly skeptical of the additional apps that customer support executives may ask you to download as besides fraudsters, no one asks for codes, passwords or any other sensitive information.

The Indian Government Reportedly Worried Of Cryptocurrencies Destabilizing the Rupee

The Indian government panel entrusted with drafting the crypto regulation is supposedly "fixated" with the effect they might have on the rupee in the event if they are permitted to be utilized in payments. The panel was set up in November 2017 headed by the top bureaucrat Subhash Chandra Garg, Secretary of the Department of Economic Affairs. The board is as of now said to be in the propelled phases of drafting the regulations for cyrptocurrency utilization in India.

One of the representatives from the crypto currency background who as of late met the ministers, asking for obscurity says that

“If bitcoin and other digital currencies are going to be allowed to be used for payments then whether it will end up destabilising the fiat currency is a major concern for them (the Garg panel), the overall impact on the financial ecosystem that it is likely to have is still unclear and it has been a challenge to convince them on this particular point.”

While Garg's panel  is settling its report containing the proposals for the country's crypto regulation , the Ministry of Finance told the Parliament that  “It is difficult to state a specific timeline to come up with clear recommendations”  furthermore that Garg’s panel is “pursuing the matter with due caution.”

The Financial Stability Board (FSB) has effectively distributed a report in October a year ago on the financial stability implications of crypto assets, which expresses that “crypto assets do not pose a material risk to global financial stability at this time.”

In any case, it most likely notes that 'vigilant monitoring' is required keeping in mind the rapid market developments and should the utilization of 'crypto-assets' keep on advancing, it could have some implications for financial stability later on.

The Reserve Bank of India (RBI) also emphasized in its Trend and Progress of Banking in India 2017-18 report that cryptocurrencies are not a risk right now, but rather they do require steady observing on the overall financial strength contemplations, given the fast extension in their utilization.