NRB to make BFIs spend certain share of profit on IT security

Kathmandu, September 19

Nepal Rastra Bank (NRB) is preparing to make it compulsory for banks and financial institutions (BFIs) to invest a certain percentage of their profit on information and technology (IT) security.

Citing that BFIs are reluctant to allocate the required budget to upgrade their IT security, NRB Governor Chiranjibi Nepal said that the central bank is planning to introduce a directive soon to make banks allocate a certain percentage of their profits to upgrade and standardise their IT security.

“Investing in IT security ultimately enhances the profit of BFIs in the long run. However, at present the BFIs have been taking the issue of IT security too lightly,” said Nepal while addressing the Cyber Financial Fraud Conference, organised by National Banking Institute (NBI) in the Capital today.

Citing that rising security risks in the banking sector is also one of the reasons behind instability of the financial sector, Nepal said that BFIs should not hesitate to invest in IT security. “Banks have been safeguarding billions of rupees of the public. Thus, they should not compromise on taking effective measures to safeguard people’s money,” he added.

As per the governor, new technologies are being developed and upgraded every month and BFIs should upgrade their IT security accordingly.

NRB has been tightening IT security provisions at BFIs especially after a recent heist in the banking system conducted by Chinese hackers, where they were able to withdraw millions of rupees through ATMs of different banks through malware attack.

On September 10, the central bank had issued a directive directing BFIs to regularly audit their IT system and promptly address the IT and security flaws that are detected. Similarly, NRB had also directed BFIs to adopt best international practices in the IT and security system at their respective organisations.

NRB had also directed BFIs to standardise technologies related to perimeter defence, access control, encryption, anti-virus and firewall, among others, to cope with possible risks of cyber attack, malware virus and ransomware at BFIs’ websites, mobile applications, authenticated social networks and entire IT system.

“Neglecting IT security risks today will prove to be a major nuisance for the BFIs in the future — a fact that they are well aware of. The central bank will ensure necessary facilitation to BFIs in maintaining proper IT security status,” said Nepal.