Financial Crime World

Cybersecurity Risks on the Rise in Nepal’s Finance Sector

Growing Concerns in Digital Transactions

Kathmandu, February 19 - As Nepal Rastra Bank (NRB) has enforced the “Cyber Resilience Guidelines” since August 2023 to improve measures implemented by banks and financial institutions (BFIs) to safeguard clients from online transaction risks, the country is grappling with growing cyber threats. With digital payment platforms gaining popularity, users are increasingly exposed to scams, cryptocurrency hacks, and wallet breaches.

Key Risk Management Categories

The guidelines cover five key risk management categories:

  • Governance: Establishing a clear framework for cybersecurity
  • Identification: Identifying potential vulnerabilities in systems and networks
  • Protection: Implementing measures to prevent cyber attacks
  • Detection: Detecting and responding to cyber incidents
  • Response & Recovery: Responding to and recovering from cyber incidents

Lack of Implementation

Despite the guidelines, most BFIs except commercial banks have failed to incorporate them due to stringent rules. The guidelines also include three overarching components:

  • Testing: Regularly testing systems for vulnerabilities
  • Situational Awareness: Maintaining awareness of potential threats and vulnerabilities
  • Learning & Evolving: Continuously learning from incidents and evolving cybersecurity strategies

Growing Cyber Crime Cases

According to government records, 40 percent of registered cyber crime cases (13,330) were related to financial scams. With over:

  • 150,000 households connected to fixed broadband
  • 24 million people connected to 3G/4G mobile connectivity
  • 21.6 million subscribers to mobile banking

the risks are escalating.

Expert Insights

Cyber security expert Bijay Limbu warns that hackers have shifted from foreign countries to organized crime within Nepal, making it more challenging to combat cyber threats. He stresses the need for awareness at the user level, cautioning against digital transactions on free public Wi-Fi, which permits intersection by intruders and increases hacking risks.

Regulatory Measures

NRB Executive Director Gunakar Bhatta emphasizes the central bank’s focus on governing digital transactions through enforcement of rules such as:

  • Multiple authentications
  • Two-factor authentication
  • Disaster recovery sites
  • Mandatory system audits every two years for payment service providers and operators

Urgent Need for Action

Experts urge enacting Cyber Security Act and Bridge Notification Act to address growing cyber security issues in digital transactions. Meanwhile, lawmakers have criticized a bill amending the Banking Offenses and Punishment Act 2008, citing its failure to incorporate digital transaction issues and lack of measures against financial offenses involving bitcoin and cryptocurrency.

Call for Financial Literacy

They also stress the need for increasing financial literacy to minimize cases of financial theft. With cyber security risks on the rise, it is essential that individuals take steps to protect themselves from online threats and stay informed about best practices in digital transactions.