Bangladesh Bank (BB) on Sunday issued a new guideline titled ‘Guidelines on Partner Network, Version 1.0 (2026)’ to ensure secure, seamless and efficient digital communication among financial institutions.

In a circular, the central bank said it remains electronically connected with various licensed entities including scheduled banks, non-bank financial institutions, mobile financial service providers, payment service providers and payment system operators to facilitate clearing, settlement and other financial services.

Bangladesh Bank also maintains connectivity with different government agencies to deliver IT-enabled services to citizens.

According to the guideline, information exchange between the central bank and participating institutions is conducted through an extranet-based ‘Partner Network’.
 
“In the evolving technological and financial landscape, ensuring effective and secure digital communication has become increasingly critical,” BB said.

The new policy aims to guarantee uninterrupted connectivity, efficient system operations and secure data exchange between Bangladesh Bank and its partner institutions.

Under the guideline, all banks, financial institutions and other entities regulated or licensed by the central bank will be eligible to connect to Bangladesh Bank’s services subject to full compliance with the prescribed requirements.

Partner Network Guidelines

The ‘Guidelines on Partner Network’ set out a structured framework enabling organizations such as finance companies, MFSPs, PSPs, PSOs, WLAMA and other licensed financial service providers collectively termed as “the Organization”.

Each organization is required to designate a dedicated team or focal entity to implement and monitor the extranet, while the central bank may flag any non-compliance.

The guideline categorises organizations into two groups: Category-A, which must ensure both security and high availability with redundancy, and Category-B, which must ensure security and is encouraged to adopt high availability where feasible, with a pathway to upgrade to Category-A.

It defines minimum control requirements to ensure baseline security standards and infrastructure readiness for connectivity with Bangladesh Bank, with strict provisions on network segregation, firewall zoning and monitoring of abnormal traffic within critical systems.

Detailed controls have been outlined for change management, including documented processes, audit trails, rollback plans and mandatory testing before deployment, alongside strict access restrictions, prohibiting internet access in extranet zones and limiting access to authorised personnel only.

The guideline also mandates robust remote connection security, including encryption, authentication, logging and restrictions on privileged access, while requiring VPN-based connectivity compliant with cryptographic standards.

Organizations must ensure continuous monitoring, vulnerability assessments, patch management and secure configuration of devices, including disabling unused ports, filtering traffic and maintaining regular backups.

It also prohibits the use of personal devices in the partner network and requires updated antivirus protection for all connected systems.

Further, organizations must appoint trained focal persons, maintain proper documentation of network architecture and configurations, and follow Bangladesh Bank’s ICT security controls for monitoring and auditing.

In case of incidents, entities are required to report service disruptions with detailed information on affected infrastructure, causes and impacts.

The guideline also emphasises formal service level agreements and requires organizations to use approved, preferably redundant, network service providers with prior approval needed for any changes.

The central bank instructed all concerned institutions to follow the guideline when conducting any activities related to the Partner Network. All relevant entities have been asked to ensure compliance with the guideline by December 31, 2026.