KATHMANDU, Feb 19: Nepal Rastra Bank (NRB) has enforced the ‘Cyber Resilience Guidelines’ since August 2023 targeting to improve the measures implemented by the banks and financial institutions (BFIs) to safeguard their clients from possible risks to online transactions.
With the growing use of digital payment platforms for transactions, the people in general are also exposed to high risks of scamming, cryptocurrency and wallet hacks, among others. However, most of the BFIs, except commercial banks, have not been able to incorporate the NRB’s guidelines in their system mainly due to the stringent rules included in the guidelines.
The guidelines covers five key risk management categories — Governance, Identification, Protection, Detection, and Response & Recovery. It also includes three overarching components — Testing, Situational Awareness, and Learning & Evolving that should be addressed throughout the cyber resilience framework.
The key aspects of the guidelines include developing a cyber resilience strategy and framework approved by the central bank, conducting risk assessments to identify critical operations, assets, and threats; implementing strong security controls aligned with standards like ISO 27001; establishing capabilities for continuous monitoring and early detection of cyber incidents; having comprehensive incident response, resumption and recovery plans, including coordination with ecosystem entities; testing the cyber resilience posture through vulnerability assessments, penetration testing and red team exercises and participating in industry-wide cyber resilience exercises and information sharing platforms.
Controlling cyber conflict
According to the government records, the authorities concerned registered a total of 13,330 cases related to cyber crime. Of them, 40 percent were related to financial scams.
While over 150,000 households are connected to the fixed broadband system, 24 million are connected to 3G and 4G mobile connectivity and 21.6 million have subscribed to mobile banking.
Bijay Limbu, cyber security expert, said the risks related to cyber security have also gone up with an increasing use of online transactions modules.
“Unlike in the past when hackers based in foreign countries used to create a threat to the digital transaction system of Nepal, they have now developed a tendency to run it as organized crime while residing in the country,” said Limbu, speaking at a program organized by the Female Economic Journalist Association on Sunday.
The records with the NRB show there are a total of 97 institutions working as payment service providers (PSPs) and payment service operators (PSOs). Gunakar Bhatta, executive director of the NRB, said the central bank has prioritized governance of digital transactions through enforcement of the rules like multiple authentications, two-factor authentication, provision of disaster recovery sites and mandatory system audit every two years for the PSPs and PSOs.
Expert Limbu stressed the need for awareness at the users’ level for the effective security measures. He urged on being cautious on digital transactions at the spots that offer ‘free public wifi.’
According to Limbu, free public wifi permits intersection by the intruder. “This gives rise to the risk of hacking,” said Limbu, stressing on the need for enacting Cyber Security Act and Bridge Notification Act to address the growing problems of cyber security in digital transactions.
Meanwhile, members of parliament on Sunday criticized a bill on the amendment to the Banking Offenses and Punishment Act 2008 introduced by the government.
Speaking at a meeting of the House of Representatives, Lawmaker of Rastriya Swatantra Party Swarnim Wagle said the new bill is limited to the old system of transactions while it failed to include the issues of digital system.
Lawmaker of CPN-UML Bidya Bhattarai said the bill does not incorporate financial offense through the use of bitcoin and cryptocurrency. Bhattarai sought the need for increasing financial literacy to minimize the cases of financial theft in the digital transactions platforms.