Financial Crime World

Here’s the rewritten article in Markdown format:

Cybersecurity Risks in Nepal’s Finance Sector: A Growing Concern

======================================================

Nepal’s fintech ecosystem continues to grow, but it remains vulnerable to cybersecurity threats that can compromise sensitive financial information and leave individuals and businesses exposed. This article highlights the urgent need for the Nepal Rastra Bank (NRB) to address cybersecurity and data protection gaps.

Regulatory Gaps in Nepal’s Fintech Sector

In 2019, hackers stole nearly Rs18.9 million from 13 Nepali banks using ATM terminals, highlighting the country’s vulnerability to cyber-attacks. The incident underscores the importance of robust cybersecurity measures to prevent such breaches in the future. However, a detailed investigation into the root cause of the hack was not conducted, leaving questions unanswered.

Lack of Clear Guidelines on Liability

The NRB’s Payment and Settlement Bylaw 2077 (First Amendment, 2080) addresses liability in case of cyber-attacks, but lacks explicit guidance on the extent of liability. This raises concerns for payment system operators (PSO) and payment service providers (PSP), who must be provided with clear guidelines on their liability in the worst-case scenario.

Absence of Government Guarantee Fund

The absence of a government guarantee fund to protect the public from losses arising from data breaches and cyber-attacks is another area of concern. The lack of insurance products in Nepal also leaves companies vulnerable to hacking and losses, making it essential for the regulator to open a pathway for companies to obtain cyber insurance, even from foreign providers.

Unclear Implementation of Security Standards

The NRB’s Unified Directive Related to Payment Systems 2079 requires payment card industry data security standard (PCI DSS) and International Organization for Standardization (ISO) 27,000 certifications across all financial institutions involved in payment processing. However, the implementation of these standards is unclear, and a mechanism to ensure compliance is lacking.

Stakeholder Collaboration

The country’s payment industry is still in its infancy, and it is crucial that stakeholders join hands to protect the public’s interest. The NRB must take immediate action to address cybersecurity risks and ensure the integrity of Nepal’s financial sector.

Conclusion

===============

Awareness of cyber threats and cybersecurity is a pressing need today, as most occur due to human negligence. Social engineering is a common way for intruders to gather data and find loopholes in payment systems. To improve cyber risk measures, visibility on an organisation’s risk dashboard covering all inherent risk levels is required, providing a picture of what is being defended. Continuous monitoring and proactive approach to risk management are the only ways against cyber-attacks.

The country’s payment industry must be protected from these growing threats before it’s too late. It is essential for stakeholders to work together to prevent the devastating consequences of cyber-attacks and ensure the security and integrity of Nepal’s financial sector.