Regulatory Alerts2024-05-01
Information security requirements for supervised entities in financial markets
The Central Bank of the Republic of Azerbaijan issued Decision № 14/2 to establish minimum information security requirements and mandate a structured Information Security Management System for all supervised financial entities, including banks, insurers, payment institutions, and cloud service providers. The regulation enforces strict organizational controls, defining clear roles for information security officers, standardizing access and authentication protocols, and imposing data localization and end-to-end encryption mandates for cloud-stored sensitive information. Compliance is ensured through category-specific external audits, standardized incident management procedures with risk-based prioritization, and continuous policy reviews overseen by senior management.