Regulatory Alerts2024-03-15
Notice No. 2/GBM/2024, of 15 March – Approves Cyber Risk Management and Resilience Guidelines
The Bank of Mozambique issued Notice No. 2/GBM/2024, which approves the Cyber Risk Management and Resilience Guidelines applicable to all credit institutions and financial companies. The guidelines mandate a risk-based governance framework requiring institutions to establish dedicated cybersecurity strategies, define clear roles for governing and top management, and implement continuous risk identification, protection, detection, response, and outsourcing controls. Institutions must conduct annual self-assessments, report severe incidents within 24 hours, and achieve full compliance with the prescribed controls and reporting obligations within 180 days of publication.
Share