LogoRegulatory Alerts
2023-09-21

Central Bank of Libya Circular No. 21/2023 on IT Governance Manual

The Central Bank of Libya issued Circular No. 21/2023, attaching an IT Governance Manual that establishes a comprehensive framework for managing information technology risks, data security, and cybersecurity across all supervised banks, specialized financial institutions, and electronic payment service providers. The directive mandates a structured three-phase implementation schedule spanning from July 2023 to December 2024, requiring institutions to progressively raise awareness, prepare IT infrastructure, and execute compliance evaluations. The Banking Supervision Department will enforce adherence through targeted inspection tasks to ensure full regulatory alignment with the manual's provisions.

Central Bank of Libya logo

Libya

Central Bank of Libya

Click to view thumbnail

Central Bank of Libya P.O. Box 1103 | Telegram Address: Central Bank - Tripoli - Libya

Reference: CBL/Ref. 804

Circular No. 21/2023 Date: 22 Dhu al-Hijjah 1444 Corresponding to: July 10, 2023

To the Chairmen of Boards and General Managers of Banks, To the Chairmen of Boards and General Managers of Specialized Banks, To the Managers of Electronic Payment Service Providers:

Subject: IT Governance Manual

Based on the provisions of Law No. (1) of 2005 concerning Banks and its amendments, implementing the supervisory and regulatory role of the Central Bank of Libya, and enhancing the principle of effective corporate governance for information technology. And with reference to Circular CBL (13/2010) issued on September 27, 2010, regarding the circularization of Board of Directors Decision No. (20) of 2010 adopting the Governance Manual for the Libyan banking sector, We hereby attach to you the IT Governance Manual, which represents a general framework for the governance and management of information and its accompanying technology, as well as guidelines for managing IT risks, data security, and cybersecurity for banks and financial institutions under the supervision of the Central Bank of Libya. This is to be implemented according to the following strategy: The six months of the second half of 2023 are considered a preliminary phase, during which awareness levels regarding the relevant instructions will be raised, and IT infrastructures will be prepared and qualified. The first six months of the first half of 2024 will then be the initiation phase, focusing on evaluating and implementing instructions related to IT governance. The six months of the second half of 2024 will be the launch phase, focusing on evaluating and implementing instructions related to cybersecurity governance and its equivalents. The Banking Supervision Department will monitor the matter through inspection tasks to verify the extent of your institutions' compliance with its provisions.

Peace be upon you,

Naji Mohammed Eissa Director of Banking and Monetary Supervision Department

Copies to: The Governor, The Deputy Director of Banking and Monetary Supervision for Office Supervision and Compliance Monitoring Affairs, The Deputy Director of Banking and Monetary Supervision for Inspection Affairs, The Deputy Director of Banking and Monetary Supervision for Islamic Banking Affairs, Banking Supervision (Benghazi), Heads of Compliance Units in Banks (for follow-up).

Share