United News of Bangladesh

Bangladesh Bank (BB) on Sunday issued a comprehensive ‘Cybersecurity Framework’ to safeguard the financial sector against increasingly sophisticated cyber threats. The new guidelines are mandatory for all scheduled banks, finance companies, Mobile Financial Service (MFS) providers, Payment Service Providers (PSP), and Payment System Operators (PSO) operating in the country. According to a circular issued by the Banking Regulation and Policy Department (BRPD), all relevant financial entities must ensure full compliance with the new framework by December 31, 2026. The central bank stated that the rapid expansion of digital platforms, online transactions, and cloud-based services has significantly increased the "attack surface" for cybercriminals. The framework aims to protect national financial stability, establish a minimum baseline for cyber resilience and governance, standardize the approach to detecting and responding to threats such as hacking, phishing, and ransomware and define clear roles and responsibilities for all relevant parties. Aligned with the international NIST standards, the framework is built around seven core functions: Preparation & Govern, Identify, Protect, Detect, Respond, Recovery, and Reporting. Under these functions, the framework mandates several critical measures, including: Mandatory CISO: Every organization must recruit a qualified Chief Information Security Officer (CISO) with industry-accepted certifications and provide them with a sufficient budget and human resources. Incident Reporting: For any critical cyber incident, organizations are now required to report to both internal and external stakeholders—including Bangladesh Bank and the BGD-CIRT—within 72 hours. Security Infrastructure: Banks must implement advanced solutions such as Security Information and Event Management (SIEM), Multi-Factor Authentication (MFA), and Web Application Firewalls (WAF). Data Protection: Strict protocols for data encryption, access control based on "least privilege," and regular audit log monitoring have been established. Oversight and Implementation The framework was developed by a technical committee headed by Debdulal Roy, Executive Director (ICT) of Bangladesh Bank, with contributions from various private and state-owned banks. Bangladesh Bank warned that these guidelines act as a "baseline" and that organizations should perform their own risk analysis to achieve higher maturity levels. The ICT Audit, Inspection, and Compliance Wing of the central bank will provide support to institutions during the implementation phase.