Bangladesh bank: Bangladesh Bank (BB) on Sunday issued a comprehensive ‘Cybersecurity Framework’ to safeguard the financial sector against increasingly sophisticated cyber threats.
According to United News of Bangladesh, the new guidelines are mandatory for all scheduled banks, finance companies, Mobile Financial Service (MFS) providers, Payment Service Providers (PSP), and Payment System Operators (PSO) operating in the country.
A circular issued by the Banking Regulation and Policy Department (BRPD) stated that all relevant financial entities must ensure full compliance with the new framework by December 31, 2026.
The central bank highlighted that the rapid expansion of digital platforms, online transactions, and cloud-based services has significantly increased the “attack surface” for cybercriminals. The framework aims to protect national financial stability, establish a minimum baseline for cyber resilience and governance, standardize the approach to detecting and responding to threats such as hacking, phishing, and ransomware, and define clear roles and responsibilities for all relevant parties.
Aligned with the international NIST standards, the framework is built around seven core functions: Preparation and Govern, Identify, Protect, Detect, Respond, Recovery, and Reporting. Under these functions, the framework mandates several critical measures.
One of the mandates is the appointment of a qualified Chief Information Security Officer (CISO) with industry-accepted certifications, who will be provided with a sufficient budget and human resources. For any critical cyber incident, organizations are required to report to both internal and external stakeholders, including Bangladesh Bank and the BGD-CIRT, within 72 hours.
Additionally, banks must implement advanced solutions such as Security Information and Event Management (SIEM), Multi-Factor Authentication (MFA), and Web Application Firewalls (WAF) as part of their security infrastructure. Strict protocols for data encryption, access control based on “least privilege,” and regular audit log monitoring have also been established.
The framework was developed by a technical committee headed by Debdulal Roy, Executive Director (ICT) of Bangladesh Bank, with contributions from various private and state-owned banks. Bangladesh Bank warned that these guidelines act as a “baseline” and that organizations should perform their own risk analysis to achieve higher maturity levels. The ICT Audit, Inspection, and Compliance Wing of the central bank will provide support to institutions during the implementation phase.