Regulatory Alerts2015-06-15
Instruction No. 009-06-2015 of June 15, 2015 on the IT Security Devices of Credit Information Bureaus
The Governor of the Central Bank of West African States (BCEAO) issued Instruction No. 009-06-2015 to mandate Credit Information Bureaus, including their subsidiaries and branches, to establish comprehensive IT security frameworks. The directive requires these entities to develop, approve, and regularly update an IT security policy aligned with international standards and UMOA data protection laws, while implementing continuous risk assessment, robust physical and logical access controls, malware protection, and secure off-site data backup. Furthermore, it obligates Credit Information Bureaus to conduct annual external audits, report security incidents and compliance status to the BCEAO annually, and face sanctions for non-compliance with these IT security obligations.