top of page

RBI imposes penalty on Punjab and Sind Bank for non-compliance of Cyber Security Framework in banks

The Reserve Bank of India (RBI) has imposed, by an order dated 2 July 2021, a monetary penalty of ₹25.00 lakh (Rupees twenty-five lakh only) on Punjab and Sind Bank (the bank) for non-compliance with certain provisions of directions issued by RBI on ‘Cyber Security Framework in Banks’ dated 2 June 2016.

This penalty has been imposed in the exercise of powers vested in RBI under the provisions of section 47A(1)(c) read with sections 46(4)(i) and 51(1) of the Banking Regulation Act, 1949. This action is based on the deficiencies in regulatory compliance and is not intended to pronounce upon the validity of any transaction or agreement entered into by the bank with its customers.

The bank had reported a few cyber incidents to RBI on 16 May and 20 May 2020. Examination of the incident reports and the report of the forensic analysis of the said incidents, revealed, non-compliance with aforesaid directions. In furtherance to the same, a notice was issued to the bank advising it to show cause as to why penalty should not be imposed for non-compliance with the directions issued by RBI, as stated therein.

After considering the bank’s reply to the show-cause notice, oral submissions made during the personal hearing and examination of further clarifications/documents furnished by the bank, RBI came to the conclusion that to the extent the charges of non-compliance with RBI directions were substantiated, it warranted imposition of monetary penalty.


bottom of page