- Japan views Bangladesh as key dev partner: Jamaat Ameer |
- Credit cards emerge as a financial lifeline for middle-class |
- Call for a radical shift to solar, LNG to overcome energy crisis |
- Measles Death Toll in Children Surpasses 350 |
- Global Eid on Same Day ‘Not Practical’: Mufti Malek |
New ‘Cybersecurity Framework’ to safeguard financial sector
Bangladesh Bank logo
Bangladesh Bank (BB) on Sunday issued a comprehensive ‘Cybersecurity Framework’ to safeguard the financial sector against increasingly sophisticated cyber threats.
The new guidelines are mandatory for all scheduled banks, finance companies, Mobile Financial Service (MFS) providers, Payment Service Providers (PSP), and Payment System Operators (PSO) operating in the country.
According to a circular issued by the Banking Regulation and Policy Department (BRPD), all relevant financial entities must ensure full compliance with the new framework by December 31, 2026.
The central bank stated that the rapid expansion of digital platforms, online transactions, and cloud-based services has significantly increased the "attack surface" for cybercriminals.
The framework aims to protect national financial stability, establish a minimum baseline for cyber resilience and governance, standardize the approach to detecting and responding to threats such as hacking, phishing, and ransomware and define clear roles and responsibilities for all relevant parties.
Aligned with the international NIST standards, the framework is built around seven core functions: Preparation & Govern, Identify, Protect, Detect, Respond, Recovery, and Reporting.
Under these functions, the framework mandates several critical measures, including:
Mandatory CISO: Every organization must recruit a qualified Chief Information Security Officer (CISO) with industry-accepted certifications and provide them with a sufficient budget and human resources.
Incident Reporting: For any critical cyber incident, organizations are now required to report to both internal and external stakeholders—including Bangladesh Bank and the BGD-CIRT—within 72 hours.
Security Infrastructure: Banks must implement advanced solutions such as Security Information and Event Management (SIEM), Multi-Factor Authentication (MFA), and Web Application Firewalls (WAF).
Data Protection: Strict protocols for data encryption, access control based on "least privilege," and regular audit log monitoring have been established.
Oversight and Implementation
The framework was developed by a technical committee headed by Debdulal Roy, Executive Director (ICT) of Bangladesh Bank, with contributions from various private and state-owned banks.
Bangladesh Bank warned that these guidelines act as a "baseline" and that organizations should perform their own risk analysis to achieve higher maturity levels. The ICT Audit, Inspection, and Compliance Wing of the central bank will provide support to institutions during the implementation phase.