LogoRegulatory Alerts
2022-06-05

CBB Cybersecurity Requirements Consultation

The Central Bank of Bahrain proposes amended cybersecurity rules requiring financial licensees to use a single unified private email domain and prohibit third-party domains for customer communications. The consultation further mandates the exclusion of all URLs and clickable links from SMS, emails, and short messages to mitigate phishing risks and data breaches. Licensees must evaluate their communication methods and submit comments on these proposed measures by 5 June 2022.

Central Bank of Bahrain logo

Bahrain

Central Bank of Bahrain

Click to view thumbnail
Office of the Governor

OG/203/2022  
23rd May 2022

**Chief Executive Officer**  
All Banks  
All Insurance Licensees  
All Investment Firm Licensees  
All Money Changer Licensees  
All Ancillary Service Provider Licensees  
Manama  
Kingdom of Bahrain

Dear Sir/Madam,

## Consultation: Cybersecurity Requirements

With reference to the cybersecurity requirements in the CBB Rulebook - Volumes 1 to 5, regarding the use of email domains and URLs for communication with customers, the CBB is proposing the following amended requirements for better clarity:

1. **Licensees must use a single unified private email domain or its subdomains for communication with customers to prevent abuse by third parties. Licensees must not utilise third-party email domains for communication with customers.**

   Branches of foreign entities that use more than one email domain for transaction advice messages will be assessed on a case by case basis and allowed the use of more than one domain, if necessary.

2. **Licensees must not use URLs or any other clickable links in SMS, emails or other short messages sent to customers.**

   The reference to URL shortener services is removed as all types of URLs and clickable links are proposed to be prohibited in communication to customers.

The above proposed rules are intended to enhance customer protection measures and prevent frauds such as phishing scams that may lead to breach of confidential data or financial losses to customers.

With respect to 2 above, licensees are urged to assess their business models and customer communication methods and identify alternative ways of communication with customers and additional security measures to reduce the risk of phishing.

ص.ب: ٧، النَّظَام - مملكة البحرين  
هاتف: (+٩٧٣) ١٧٥٤٧٥٠٠ - فاكس: (+٩٧٣) ١٧٥٣٧٧٩٩  
P.O. Box : 27, Manama - Kingdom of Bahrain  
Tel: (+973) 17547500 - Fax: (+973) 17537799  
website: www.cbb.gov.bh  
E-mail: governor@cbb.gov.bh

---

Office of the Governor

All licensees to whom this circular is addressed are requested to provide their comments, including “nil comments”, on the proposed requirements in an editable format to consultation@cbb.gov.bh by 5th June 2022.

Yours faithfully,

Rasheed M. Al Maraj  
Governor  
cc: Bahrain Association of Banks
Share