Regulatory Alerts2020-02-06
Guidelines on Information and Cybersecurity Risk Management for Banks
Issued by the Registrar of Financial Institutions in Malawi, these guidelines establish minimum regulatory requirements for banks to systematically govern and manage information and cybersecurity risks. Banks must appoint a Chief Information Security Officer, implement board-approved risk frameworks, conduct regular vulnerability assessments and penetration testing, and ensure robust third-party and cloud outsourcing controls. Senior management is required to report cybersecurity incidents immediately to the Registrar, provide quarterly program updates, and maintain comprehensive business continuity and incident response plans to preserve operational resilience.
Share