Banks told to report fraud within 2 hours

Banks and mobile money firms will from October be required to furnish the Central Bank of Kenya (CBK) with information on cyber-attacks on a real-time basis.

This latest measure follows a decision by the banking regulator to step up surveillance on cyber fraud.

In the new regulations, CBK wants banks and mobile money companies to submit a report within two hours of a cyber-fraud incident.

SEE ALSO :Rid Kenya of unlicensed forex dealers

The guidelines on cyber-security for payment service providers that became effective this month require firms with systems that clear huge amounts such as bank-to-bank transfers to immediately file reports.

Firms with systems that move huge volumes of cash such as mobile money will also be required to file a preliminary report.

CBK noted that banking systems that it referred to as Systemically Important Payment System (SIPS) were sensitive and their failure ‘could potentially endanger the operation of the entire economy.’

For More of This and Other Stories, Grab Your Copy of the Standard Newspaper.

The failure of mobile money platforms or System-Wide Important Payment Systems ‘could also create disruptions due to a large number of users relying on the system, thus affecting public confidence’.

“PSPs should notify CBK within 24 hours, and SWIPS and SIPS within two hours, of any cyber-security incident(s) that could have a significant and adverse impact on the PSP’s ability to provide adequate services to its customers, its reputation or financial condition... this should be followed by a comprehensive report on the incident,” reads CBK guidelines, which PSPs have 90 days to implement.

SEE ALSO :Regulator caps private stake in mortgage firm

“On a quarterly basis, PSPs shall provide CBK with a report… concerning its occurrence and handling of cybersecurity incidents.”

The apex bank has also given payment service providers, including telcos operating mobile money and traditional mobile cash platforms, up to December 31 to file strategies on how they have protected themselves against cyber fraud.

It includes having their personnel well versed with cybersecurity and the strategies to ward off possible threats.

Between January and March this year, the Kenya – Computer Incident Response Team (KE-CIRT) detected 11.2 million cyber threats.

In 2018, the economy lost Sh29.5 billion to cybercrime.

SEE ALSO :Kenyans return Sh25b hidden in old bank notes

Do not miss out on the latest news. Join the Standard Digital Telegram channel HERE.

CBKcyber-securityCentral Bank of Kenya