Financial Crime World

KENYA’S CENTRAL BANK ISSUES NEW GUIDELINES FOR FINANCIAL INSTITUTIONS ON CYBERSECURITY INCIDENT REPORTING

Nairobi, Kenya - New Guidelines Aim to Enhance Financial Stability and Protect against Cyber Threats

The Central Bank of Kenya has issued new guidelines requiring financial institutions to report any cybersecurity incidents on a quarterly basis. The move aims to enhance the country’s financial stability and protect against potential cyber threats.

Key Requirements

  • Financial institutions must submit a report within 24 hours after a cybersecurity incident, detailing:
    • Nature of the incident
    • Impact assessment
    • Actions taken to mitigate future occurrences
  • Quarterly reports must be submitted on the 10th day after the end of every quarter
  • Reports will be submitted to the Bank Supervision Department via email at fin@centralbank.go.ke

Robust Cybersecurity Framework

The Central Bank emphasized the importance of having a robust cybersecurity framework in place, which includes:

  • Governance
  • Identification
  • Protection
  • Detection
  • Resumption
  • Testing
  • Situational awareness
  • Learning and evolving
  • Collaboration
  • Organization and resources
  • Cybersecurity incident management

Guidelines for Financial Institutions

Financial institutions are required to:

  • Identify critical business functions and supporting information assets to safeguard them against compromise
  • Have effective security controls in place to protect the confidentiality, integrity, and availability of their assets and services

Growing Threats and Compliance

Kenya’s financial sector has been facing growing threats from cyber attacks. In recent years, several major banks have reported cybersecurity breaches, highlighting the need for enhanced measures to protect against these threats.

Financial institutions that fail to comply with the new guidelines may face penalties, including fines and suspension of their operations.

Positive Step towards Enhanced Cybersecurity

The Central Bank’s move is seen as a positive step towards enhancing cybersecurity in Kenya’s financial sector. Experts believe that increased reporting and transparency will help identify vulnerabilities and improve overall security measures.

“We welcome these new guidelines,” said a spokesperson for the Kenya Bankers Association. “We are committed to working with the Central Bank to ensure that our members comply with the guidelines and maintain high levels of cybersecurity.”