LogoRegulatory Alerts
2025-11-24

Circular No. 03/EFI/2025, of November 19 – Cyber Risk Self-Assessment

The Bank of Mozambique mandates credit institutions and financial companies to conduct an annual cyber risk self-assessment and submit a completed report alongside a remediation plan detailing corrective measures, deadlines, and responsible parties by March 31. The directive establishes a standardized reporting model via the Banking Supervision Application portal, with fallback email procedures for operational disruptions, and requires institutions to evaluate intrinsic risk across organizational, technological, channel, product, and threat categories. Compliance is measured against a nine-domain framework covering governance, identification, protection, detection, response, awareness, testing, outsourcing, and learning, with responses categorized from fully compliant to non-compliant.

Banco de Mocambique logo

Mozambique

Banco de Mocambique

Click to view full text
Share