The Reserve Bank of India has fined HP Financial Services the equivalent of $12,400 for not complying with regulations – some related to Know Your Customer (KYC) measures – and failing to have necessary IT committees.
In a notice [PDF] published last Friday, RBI asserted it had notified HP of violations and asked it to show cause as to why a penalty shouldn't apply, but found its response insufficient.
The full allegations include that HP failed to establish a system for regularly reviewing and updating the risk classification of accounts, or explaining its risk assessment method. It's also alleged not to have adequately disclosed interest rates it charged, or the reasons for varying rates to borrowers in its loan forms and sanction letters.
The Indian limb of HP is also said to have failed to form IT strategy and steering committees.
The Reg has asked HP to comment on the fine, and will report if a substantial reply materializes.
The $12,400 fine levied on HP is even smaller than the $27,500 fine imposed on Japanese financial services group SMFG by RBI for cyber security related infractions.
Details of the fines were released on the same day.
SMFG's penalty was announced after an April 2023 control gap assessment revealed inadequate monitoring provisions in vendor contracts; that SMFG had never conducted an infosec audit for network and security solutions; insufficient storage and analysis of email gateway audit logs; and not taking action on a critical alert generated from Endpoint Detection & Response solution for malware detection from an infected server.
SMFG was also given a chance to dispute the fine, according to [PDF] RBI, but the central bank found its explanation insufficient to avoid a penalty.
It's been a busy week for the RBI. It also sanctioned a bank for operating as a technology service provider. A penalty of ₹1.91 crore ($227,642.97) was levied against Axis bank, in addition to other violations.
We've previously spotted the regulatory authority banning banks from opening new accounts for just not having adequate infosec – two years of warnings and outages left regulators out of patience with Kotak Mahindra Bank in April of this year.
RBI penalties increased 88 percent over the past three years, thanks to fines issued for anti-money laundering and KYC violations. The increase has been attributed by some to the merging of the financial industry with technology to become the fintech industry, with technology professionals lacking the expertise needed to comply with the extensive regulations of banking. ®
Source: The register