Ultimatum for banks
CLOUDINE MATOLA
Government has given banks a 30-day deadline to submit new cyber incident management frameworks by September 30, 2024, Business Times can report.
The central bank governor Dr John Mushayavanhu, said lenders must be proactive and watchful when dealing with technology related risk since technology keeps on evolving.
“As technology continues to transform the financial services landscape, it is presenting both opportunities and challenges to the banking sector. To manage the risks which are posed by the new technologies, banking institutions are required to continually assess and fortify their cyber security measures, as well as maintain active surveillance and ensure that detection and prevention tools are primed to respond to any suspicious activity swiftly.
“In that regard, banking institutions are required to submit updated Cyber Incident Management Framework with a particular emphasis on recovery protocols to the Reserve Bank by 30 September 2024,” Dr Mushayavanhu said.
He continued by saying that the framework must demonstrate the institution’s readiness to handle cyber incidents and must be supported by the outcomes of recent simulation tests.
“This submission which should outline the institution’s preparedness to manage and recover from cyber incidents effectively and should be accompanied by simulation test results conducted in 2024,” he said.
He added that the banking institutions are required to review and enhance their cyber incident management frameworks to explicitly include comprehensive recovery activities, detailing procedures for returning to normal operations or to a pre-defined, acceptable level of functionality.
Mushayavanhu also said the central bank will continue to supervise activities that include banking sector anti-money laundering (AML), combating financing of terrorism (CFT) and proliferation of weapons of mass destruction (CPF).
“As part of measures to promote strong AML/CFT/CPF supervisory frameworks, the Bank continues to undertake various AML/CFT/CPF supervisory activities including banking sector AML/CFT/CPF risk assessments, as well as conducting onsite and offsite supervision of banks and microfinance institutions,” he said.
He added:”In this regard, banking and microfinance institutions should pay more attention to ensure collection and verification of ultimate beneficial ownership information for their legal person and other legal arrangements customers, enhance their transaction monitoring systems, both automated and manual systems to effectively detect suspicious transactions, and effectively evaluate the ML/TF/PF risks posed by new products including digital products.”