Financial Crime World

Financial Stability Review – 2021: Supervision and Regulation of Financial Institutions in Pakistan

Revised Guidelines for Outsourcing

The State Bank of Pakistan (SBP) has revised guidelines for outsourcing core operations to Cloud Service Providers (CSPs). This allows financial institutions (FIs) to use both domestic and off-shore CSPs for non-core operations.

  • Domestic CSPs: FIs can now use local CSPs for non-core operations, reducing reliance on international services.
  • Off-Shore CSPs: Off-shore CSPs are also permitted for non-core operations, providing FIs with greater flexibility in their outsourcing arrangements.

Licensing and Regulatory Framework for Digital Banks

SBP has launched a licensing and regulatory framework for digital banks. This ensures the safety and soundness of the banking sector by setting clear guidelines for these new financial institutions.

  • Safety and Soundness: The framework prioritizes the safety and soundness of digital banks, protecting customers and maintaining public trust.
  • Regulatory Oversight: SBP will provide regulatory oversight to ensure that digital banks comply with the licensing and operational requirements.

Cybersecurity Supervision Framework

SBP has established a dedicated division for continuous oversight and supervision of cybersecurity risks in FIs. A Cybersecurity Supervision Framework based on Risk-Based Supervision (RBS) methodology is used to assess emerging cyber risks and related controls.

  • Risk Assessment: The framework involves regular risk assessments to identify potential vulnerabilities.
  • Control Measures: Based on the assessment, control measures are implemented to mitigate identified risks.

Measures Against Digital Banking Frauds

To prevent digital banking frauds, several measures have been taken:

  1. Awareness Campaigns: Public awareness campaigns have been conducted to educate customers about potential scams.
  2. Oversight and Coordination: SBP has enhanced oversight and coordination with regulatory authorities to ensure swift action against fraudulent activities.

Way Forward

The way forward emphasizes the importance of several key factors:

  • Robust Cybersecurity Measures: FIs must have robust cybersecurity measures in place to deal with various types of cyber incidents.
  • Human Resources: Human resources are a crucial part of any defense protocol against cyberattacks, and resources should be spent on building capacity within the organization.
  • Effective Coordination: Effective coordination between industry members and regulators is essential for responding to cyberattacks effectively.
  • International Collaboration: International collaboration among states, regulatory authorities, law enforcement agencies, and FIs is vital for managing and mitigating risks arising from cyber-attacks.