Regulatory Alerts2023-01-01
Bank of Zambia Cyber and Information Risk Management Guidelines 2023
The Bank of Zambia has issued the 2023 Cyber and Information Risk Management Guidelines to mandate minimum cybersecurity and operational resilience standards for all regulated financial entities. The framework requires institutions to establish formal governance structures with explicit board oversight, appoint an independent Chief Information Security Officer, and implement a five-phase risk management cycle aligned with NIST standards covering identification, protection, detection, response, and recovery. Regulated entities must conduct continuous risk assessments, enforce strict access and third-party controls, and adhere to an apply-or-explain approach to safeguard critical information assets against evolving cyber threats.
Share