IT Framework Policy

COMPANY PROFILE

SGS Fintech Private Limited (Formerly known as SGS Udyog Private Limited) is a private Limited Company incorporated on 31st January, 2001 registered as a Non-Banking Financial Institution on 17th January, 2025 in terms of the provisions of Master Direction issued by Reserve Bank of India.

SGS is classified as a Non-Systemically Important Non-Deposit Accepting (ND-NSI) Non-Banking Financial Company.

SGS being a registered NBFC with RBI has been primarily engaged into (a) Investing in securities of listed and unlisted companies and (b) Lending activities.

                                                                            PREAMBLE

In terms of Master Directions – Information Technology Framework for the NBFC Sector, 2017 dt June 08, 2017 issued by the Reserve Bank of India (RBI), The Company hereby adopt this Section B of the such IT Framework issued by RBI being Company with asset size of less than 500 Crore to ensure proper compliance and adherence to the good corporate governance.

IT GOVERNANCE

IT Governance is an integral part of corporate governance. It involves leadership support, organizational structure and processes to ensure that the NBFC’s IT sustains and extends business strategies and objectives. Effective IT Governance is the responsibility of the Board of Directors and Executive Management.

Well-defined roles and responsibilities of Board and Senior Management are critical, while implementing IT Governance. Clearly-defined roles enable effective project control. People, when they are aware of others’ expectations from them, are able to complete work on time, within budget and to the expected level of quality. IT Governance Stakeholders include: Board of Directors, IT Strategy Committees, CEOs, Business Executives, Chief Information Officers (CIOs), Chief Technology Officers (CTOs), IT Steering Committees (operating at an executive level and focusing on priority setting, resource allocation and project tracking), Chief Risk Officer and Risk Committees.

The basic principles of value delivery, IT Risk Management, IT resource management and performance management must form the basis of governance framework. IT Governance has a continuous life-cycle. It’s a process in which IT strategy drives the processes, using resources necessary to execute responsibilities. Given the criticality of the IT, NBFCs may follow relevant aspects of such prudential governance standards that have found acceptability in the finance industry.

IT FRAMEWORK FOR OUR COMPANY WITH ASSET SIZE BELOW 500 CRORE

Our NBFC with the asset size of than 500 Crore is developing basic IT systems mainly for maintaining the database. NBFCs having asset size below ₹ 500 Crore shall have a Board approved Information Technology policy/Information system policy. The IT systems is having:

  • Basic security aspects such as physical/ logical access controls and well defined password policy;
  • A well-defined user role;
  • A Maker-checker concept to reduce the risk of error and misuse and to ensure reliability of data/information;
  • Information Security and Cyber Security;
  • Requirements as regards Mobile Financial Services, Social Media and Digital Signature Certificates
  • System generated reports for Top Management summarizing financial position including operating and non-operating revenues and expenses, cost benefit analysis of segments/verticals, cost of funds, etc.;
  • Adequacy to file regulatory returns to RBI;
  • A (Business Continuity Policy(BCP) duly approved by the Board ensuring regular oversight of the Board by way of periodic reports (at least once every year);
  • Arrangement for backup of data with periodic testing.
  • Proper system of storing data on cloud which can be accessible by everyone including top management to ensure proper governance and prevent any kind of discrepancy

IT Systems should be progressively scaled up as the size and complexity of NBFC’s operations increases.