EC No. 132/ DoS-12 /2021
Ref.No.NB. DoS /POL/ 772 / J-1 /2021-22 17 June, 2021
The Chairman /Managing Director/ Chief Executive Officers
All Regional Rural Banks / All State Co-operative Banks/
All District Co-operative Banks
Strengthening the controls of payment ecosystem between
Sponsor Banks and RRB/RCB/DCCB/UCB(s) as a corporate customer
Please refer to our circular EC.No.85/DoS-08/2021-22 dated 27 April 2021 wherein Regional Rural Banks (RRBs)/ Rural Co-operative Banks (RCBs) serving as sponsor banks for client RRBs/RCBs/Urban Co-operative Banks (UCBs) (for effecting payment transactions-fund transfers and/or providing internet banking services) were advised to ensure daily reconciliation of transactions by client RRB/RCB/UCB(s) and not to entertain any communication from the client RRB/RCB/UCB(s) over public email domains. However, amid evolving concerns with the payment ecosystem in current pandemic situation, it is advised as follows:
a. RRBs/RCBs offering sponsor bank services to client RRB/RCB/UCB(s) are hereby strictly advised not to entertain any communication from such client banks over public email domains (email domains that are not bank specific) with effect from 01 August 2021. RRBs/RCBs shall proactively take up with their RRB/RCB/UCB client(s) on secure email usage practices (including usage of bank specific email domain).
b. RRBs/RCBs shall not use/ accept email for sending/ receiving fund transfer request to/from client RRB/RCB/UCB(s) with immediate effect irrespective of the email domain used by the client banks.
c. RRBs/RCBs shall continue to follow up with the client RRB/RCB/UCB(s) to submit daily reconciliation as a prudent risk management practice. With effect from August 1, 2021, all RRBs/RCBs offering sponsor bank services to client RRB/RCB/UCB(s) should mandatorily disable corporate banking services to the client banks, if confirmation regarding daily reconciliation of transactions is not received from the client banks for three consecutive days. Services should be enabled only after receiving up to date confirmation of their transactions.
2. RBI has issued instructions related to reconciliation and bank specific email domain to the Scheduled Commercial Banks (SCBs) providing sponsor bank services to Urban Co-operative Banks (UCBs). The same needs to be followed by State Co-operative Banks, District Central Co-operative Banks and Regional Rural Banks availing such services from SCBs. In this connection, RRBs/StCBs/DCCBs availing such payment services from SCBs are advised as follows:
a. Mandatory compliance to our circular No.315/DoS-31/2019 dated 10 December 2019 on bank specific email domains, all RRBs/StCBs/DCCBs are advised to implement bank specific email domains by July 31, 2021. Failure to adhere to this instruction will invite supervisory actions including imposition of business restrictions.
b. As email phishing/spoofing attacks are most common attack vector seen across various cyber incidents, RRBs/StCBs/DCCBs are advised not to use/ accept email for sending/ receiving fund transfer request to/ from other SCB/RRB/StCB/DCCB/UCB(s) or within the bank branches with immediate effect irrespective of the email domain used by client banks / client RRB/RCB/UCB(s).
c. All RRBs/StCBs/DCCBs availing sponsor bank services from Scheduled Commercial Banks (SCBs) or any other RRB/StCB/DCCB/UCB are advised to mandatorily reconcile transactions put through the SCB/ RRB/StCB/DCCB/UCB(s) on a daily basis. A confirmation regarding the same shall be shared with the corresponding sponsor banks. The mandatory reconciliation of transactions shall also apply to all RRB/StCB/DCCB(s) who maintain their current account with SCB/ RRB/StCB/DCCB/UCB(s) and avail their internet banking services, even though they are not sub-members of such SCB/ RRB/StCB/DCCB/ UCB(s).
d. It is reiterated that sponsor banks are strictly advised not to entertain any communication from RRB/StCB/DCCB(s) received over public email domains.
4. A copy of this circular shall be placed before the Board in the ensuing meeting and a confirmation in this regard should be sent to our Regional Office thereafter
5. Please acknowledge receipt to our Regional Office concerned
(K. S. Raghupathi)
Chief General Manager