Regulatory Alerts2019-07-04
Guidelines on Cybersecurity for PSPs
The Central Bank of Kenya (CBK) issues guidelines for payment service providers to ensure a secure and efficient national payment system. These guidelines outline minimum requirements for developing and implementing strategies, policies, and procedures to mitigate cyber risks. PSPs must establish a cybersecurity program to protect the confidentiality, integrity, and availability of their information systems. The board of directors is responsible for cybersecurity and should assign a Chief Information Security Officer (CISO) to report regularly on the PSP's cybersecurity posture. PSPs should also have incident response plans and conduct regular testing and assessments to identify vulnerabilities. Outsourcing agreements must comply with legal and regulatory frameworks, and PSPs should notify CBK of any cybersecurity incidents within 24 hours.