Malawi Banks Told to Boost Security Measures as Cyber Risks Increase

The Reserve Bank of Malawi (RBM) has issued new guidelines for banks to enhance their data management capabilities in the face of rising cyber security threats. The ‘Information and Cyber Security Risk Management Guidelines’ were finalized last October, replacing an existing IT risk management policy that had been in place since 2016.

Background

New Guidelines

The new guidelines, issued under Section 96 of the Financial Services Act of 2010, require banks to implement more robust measures for managing information and cyber security risks. Banks are also expected to establish an effective Information and Cyber Security Risk Management Framework, led by a Chief Information Security Officer.

Key Requirements

Regularly conduct vulnerability assessments (VAs) to detect security vulnerabilities in their IT environments.
Adopt effective encryption algorithms that are in line with international standards and best practices for e-banking services.
Establish an effective Information and Cyber Security Risk Management Framework, led by a Chief Information Security Officer.

Benefits

Industry experts welcome the new regulations, saying they will help protect consumers from illicit financial transactions and major threats such as theft of money and intellectual property. Bram Fudzulani, president of the Information and Communications Technology Association of Malawi, notes that the guidelines will also strengthen banks’ information system security and protection of critical infrastructure.

Consumers are also expected to benefit from the new regulations. John Kapito, executive director for Consumers Association of Malawi, says constant reviews on policies guiding and protecting consumers from illicit financial transactions is paramount in today’s high-risk banking environment.