Regulatory Alerts2021-12-09 | Banking Act Direction No. 16 of 2021Regulatory Framework on Technology Risk Management and Resilience for Licensed Banks
The Monetary Board of the Central Bank of Sri Lanka issued Banking Act Directions No. 16 of 2021 to mandate a comprehensive technology risk management and resilience framework for all licensed commercial and specialized banks. The directive requires institutions to establish an Information Security Committee and a qualified Chief Information Security Officer, integrate technology risk into capital adequacy assessments, and enforce strict governance, data protection, and third-party oversight standards. Licensed banks must implement these controls through defined transitional timelines, with Domestic Systemically Important Banks facing accelerated compliance deadlines and mandatory annual internal audits to ensure continuous regulatory adherence.