close
close

India’s central bank fines HP’s financial services unit • The Register

Posted on by darion

The Reserve Bank of India has imposed a fine of $12,400 on HP Financial Services for non-compliance with regulations (including KYC rules) and lack of necessary information technology committees.

In a notice (PDF) published last Friday, the RBI said it had brought the violations to HP’s attention and asked it to show cause as to why the penalty should not be imposed, but the response was found to be insufficient.

The full allegations include that HP failed to establish a system for regularly reviewing and updating the risk classification of accounts or explain its risk assessment methodology. It is also alleged that it failed to adequately disclose the interest rates charged or the reasons for varying rates for borrowers in its loan forms and sanctions letters.

HP India is also said to have not set up an IT strategy committee or a steering committee.

Reg has reached out to HP for comment on the fine and will let you know if it receives a specific response.

The $12,400 fine imposed on HP is even lower than the $27,500 fine imposed by the RBI on Japanese financial services group SMFG for cybersecurity violations.

Details of the fines were published the same day.

SMFG’s penalty was announced after a control gap assessment conducted in April 2023 revealed insufficient monitoring provisions in vendor contracts, SMFG’s failure to conduct an information security audit of its network and security solutions, insufficient retention and analysis of email gateway audit logs, and failure to take action on a critical alert generated by the Endpoint Detection & Response solution to detect malware from an infected server.

According to (PDF) RBI, SMFG was also given an opportunity to challenge the fine, but the central bank found these explanations insufficient to avoid the penalty.

It was a busy week for the RBI. It also sanctioned a bank for operating as a technology services provider. Axis Bank was fined ₹1.91 crore ($227,642.97), among other violations.

We have previously noted that the regulator is barring banks from opening new accounts due to lack of adequate information security measures – two years of warnings and outages saw regulators lose patience with Kotak Mahindra Bank in April this year.

RBI fines have increased by 88 percent in the last three years, driven by fines imposed for money laundering and KYC violations. Some attribute this increase to the merger of the financial sector with technology, which has led to the emergence of the fintech sector, where technology professionals lack the expertise to comply with extensive banking regulations. ®