Here’s the converted article in markdown format:

State Bank of Pakistan (SBP) Initiatives: Outsourcing, Cybersecurity, Digital Payments, and Combating Cyber-Attacks

Outsourcing Guidelines

The State Bank of Pakistan has issued guidelines on outsourcing to Cloud Service Providers (CSPs). Here are the key points:

• Initially, CSPs had to be located in Pakistan, but revised guidelines allow FIs to use domestic as well as off-shore CSPs.
• FIs need to have satisfactory internal controls and security systems in place.

Cybersecurity

The SBP has taken significant steps to ensure cybersecurity oversight and supervision of risks. The key points include:

• A dedicated division for cybersecurity oversight and supervision of the risks is established.
• A Cybersecurity Supervision Framework based on Risk-Based Supervision (RBS) methodology is used to assess emerging cyber risks and related controls.
• The framework covers areas such as governance, risk management, access controls, data security, and incident detection and response.

Digital Payments

The SBP has introduced innovative digital payment instruments through Electronic Money Institutions (EMIs). Here are the key points:

• EMIs offer wallets, prepaid cards, and contactless payment instruments.
• EMIs are expected to provide interoperable and secure digital payment products and services.
• SBP has issued guidelines for the licensing and regulation of digital banks as a separate category in the banking business.

Combating Cyber-attacks

The SBP is working on establishing a Computer Emergency Response Team (FinCert) under the National Cyber Security Policy 2021. Here are the key points:

• FinCert will coordinate with industry members, regulators, law enforcement agencies, and FIs to effectively respond to cyber-attacks.
• International collaboration is essential for managing and mitigating risks arising from cyber-attacks.

If you have any specific questions or need further clarification on any of these points, please let me know!