Regulatory Alerts2023-12-08 | Banking Act Directions No. 05 of 2023Amendments to Banking Act Directions No. 16 of 2021 on Technology Risk Management and Resilience for Licensed Banks
The Central Bank of Sri Lanka issued Banking Act Directions No. 05 of 2023 to amend the technology risk management and resilience framework for licensed banks. The updated directives redefine third-party service providers, clarify bank ownership and management criteria, mandate quarterly risk self-assessments, specify user access review frequencies, require annual disaster recovery testing, and permit foreign-incorporated banks to utilize internal penetration test teams. Licensed banks must comply with the general requirements by March 31, 2024, while specific provisions for user access systems, data encryption, security testing, and penetration tests extend to December 2028.
Share