Regulatory Alerts2020-05-28
Instruction No. 10/2020 of May 29
The Bank of Angola mandates that all supervised Financial Institutions report significant and very significant cybersecurity incidents within four hours of detection, utilizing a dedicated portal or exceptional email channel. The directive establishes a three-phase reporting model comprising initial, interim (within 20 days), and final reports (within 45 days), alongside specific materiality criteria, risk classification parameters, and defined communication protocols. Non-compliance with these cybersecurity incident reporting obligations is subject to sanctions under the Financial Institutions Framework Act, thereby reinforcing the stability and data security of the Angolan financial system.
Share