---

In response to escalating cyber threats targeting the financial sector, Bangladesh Bank has issued a comprehensive 17-point cybersecurity directive aimed at strengthening the digital defenses of banks, non-bank financial institutions (NBFIs), and mobile financial service (MFS) providers.

The directive was released on Tuesday through a circular by the central bank’s Information and Communication Technology (ICT) Department, warning that the frequency and sophistication of cyberattacks—both global and local—have sharply increased in recent months.

“Institutions must immediately reinforce their cybersecurity frameworks and align with internationally accepted best practices,” the circular said.

Key Measures in the Directive

The 17-point directive outlines both technical and procedural measures that financial entities must urgently implement to enhance resilience and protect sensitive financial data. Notable provisions include:

• Timely patching of all servers, applications, and network devices to fix known vulnerabilities
• Implementation of the Least Privilege Access model, limiting user access to only what is essential for job functions
• Adoption of the 3-2-1 backup strategy to safeguard data integrity, along with full encryption of data in transit, at rest, and during processing
• Multi-Factor Authentication (MFA) made mandatory for access to all critical systems
• Deployment of Security Information and Event Management (SIEM) and Network Intrusion Detection Systems (NIDS) for real-time threat monitoring
• Formulation and maintenance of Incident Response and Disaster Recovery Plans (DRP)
• Enhanced security protocols for VPNs and remote privileged access, particularly for off-site operations
• Appointment of dedicated cybersecurity personnel to ensure 24/7 monitoring
• Regular updates of Business Continuity Plans (BCP) to mitigate disruptions in the event of a breach

Sector-Wide Impact

Bangladesh Bank’s move comes amid a global surge in cyberattacks targeting financial institutions, putting critical systems and customer data at risk. The central bank’s latest directive is part of a broader effort to future-proof the country’s digital finance infrastructure against evolving threats.

Industry insiders say the enforcement of these directives will significantly raise the cybersecurity baseline across the sector and reduce systemic risk.

The central bank has instructed all regulated institutions to report compliance status regularly and submit action plans where applicable.