Financial Crime World

Cybersecurity Measures Mandated for Oman Banks and Financial Firms

The Central Bank of Oman (CBO) has issued a new regulatory framework requiring licensed banking and financial institutions to meet minimum security requirements. This move aims to strengthen cybersecurity defenses in the country’s financial sector, which is seen as increasingly vulnerable to cyber threats.

New Regulatory Framework Takes Effect Immediately

The new framework applies to banks, financing and leasing companies, payment service providers, and money exchange companies operating in Oman. The institutions must implement a set of minimum requirements to build resilience against cybersecurity risks.

Six Key Pillars for Cybersecurity

The regulatory framework is structured around six key pillars, or “Control Domains,” which include:

  • Governance: Ensures that financial institutions have a robust governance structure in place to manage cybersecurity risks.
  • Compliance & Audit: Requires institutions to conduct regular audits and compliance checks to ensure adherence to cybersecurity standards.
  • Technology & Operations: Focuses on ensuring the security of technology infrastructure, including networks, systems, and applications.
  • Third Party Supply Chain Management: Mandates that financial institutions assess and mitigate risks associated with third-party vendors and service providers.
  • Online Financial Services: Aims to ensure the security of online financial services, including mobile banking and e-payments.
  • Risk Management: Requires institutions to identify, assess, and manage cybersecurity risks in a proactive manner.

Oman’s Financial Sector Remains Vulnerable to Cyber Threats

The CBO has warned that Oman’s financial sector is still a potential target for cybercriminals. Although the country has not experienced any significant disruptions from cyber risks in recent times, the bank cited a global surge in cyberattacks targeting financial institutions.

  • A staggering 46% increase in attacks was reported in 2022 compared to the previous year.
  • The CBO emphasizes that Oman’s financial sector is vulnerable to cyber threats and that cybersecurity remains a top strategic priority.

Preparations for Authorizing Crypto-Currencies and Virtual Assets

Oman is preparing to authorize transactions involving crypto-currencies and other virtual assets for the first time. A regulatory framework is being formulated to govern these activities, which are seen as potentially increasing the risk of cyber fraud.

Introduction of New Digital Products

The Central Bank is exploring the introduction of new digital products, including Central Bank Digital Currencies (CBDCs). A task force has been commissioned to study the roll-out of CBDCs, while separate groups are focused on other digital innovations.