2025-05-07 | Circular No. 2 of 2025

Reporting of Information Technology and Cybersecurity Incidents of Licensed Banks

The Central Bank of Sri Lanka issued Circular No. 02 of 2025 to mandate licensed banks to report IT and cybersecurity incidents, including intrusions, scams, and system failures. The regulation requires immediate reporting within two hours of detection, followed by detailed reporting within 14 days and quarterly summaries. This framework supersedes previous directives to enhance operational resilience and ensure transparent risk management.

Sri Lanka

Central Bank of Sri Lanka

Show thumbnailShow full textSourceAdd to collection

Show thumbnail