DHAKA, March 29, (V7N) — Bangladesh Bank (BB) has issued a comprehensive Cybersecurity Framework to safeguard the country’s financial sector against increasingly sophisticated cyber threats.

The new guidelines, announced Sunday by the Banking Regulation and Policy Department (BRPD), are mandatory for all scheduled banks, finance companies, Mobile Financial Service (MFS) providers, Payment Service Providers (PSP), and Payment System Operators (PSO). Institutions must ensure full compliance by December 31, 2026.

The central bank noted that the rapid expansion of digital platforms, online transactions, and cloud services has significantly increased the “attack surface” for cybercriminals. The framework aims to protect national financial stability, establish a baseline for cyber resilience, and standardize detection and response to threats such as hacking, phishing, and ransomware.

Aligned with international NIST standards, the framework is built around seven core functions: Preparation & Govern, Identify, Protect, Detect, Respond, Recovery, and Reporting.

Key measures include:

Mandatory CISO: Each institution must appoint a qualified Chief Information Security Officer with industry‑recognized certifications, adequate budget, and resources.

Incident Reporting: Critical cyber incidents must be reported to Bangladesh Bank and the BGD‑CIRT within 72 hours.

Security Infrastructure: Banks must deploy advanced tools such as SIEM, Multi‑Factor Authentication (MFA), and Web Application Firewalls (WAF).

Data Protection: Strict protocols for encryption, least‑privilege access control, and regular audit log monitoring.

The framework was developed by a technical committee headed by Debdulal Roy, Executive Director (ICT) of Bangladesh Bank, with input from private and state‑owned banks.

Bangladesh Bank emphasized that the framework serves as a baseline, urging institutions to conduct their own risk analyses to achieve higher maturity levels. The ICT Audit, Inspection, and Compliance Wing will support organizations during implementation.

Caption: Bangladesh Bank issues mandatory Cybersecurity Framework for financial institutions, compliance deadline set for December 2026.