Skip to main content

CBK Warns Bank Boards of Ultimate Liability for Cybercrimes

N

Nyakundi Report

Newsroom 1 min read

This archive report was first published on 16 July 2019.

On July 16, 2019, the Central Bank of Kenya (CBK) issued new rules to payment service providers, including commercial banks and technology companies, to stem cybercrime.

The guidelines warn the boards of directors that they face 'ultimate' liability in case of criminal breaches, emphasizing that they are responsible for the cybersecurity of the payment service providers.

According to the CBK, payment service providers should carry out regular independent assessment and audit functions, which shall be undertaken by internal and external audit and risk functions.

Boards of directors are ultimately responsible for the cybersecurity of payment service providers, said the CBK.

Payment service providers, including firms like Mastercard, Visa, Safaricom, Airtel, and Telkom, have 90 days to comply with the requirements.

Companies working with payment service providers are also expected to treat customer information confidentially.

Outsourcing agreements should be governed by a clearly written contract, with controls to ensure customer data confidentiality and service providers' liability in case of breach.

Be the first to react

Support

Support this reporting

M-Pesa support recorded against this story.

Send support →

Stay close

Get the briefing

Major updates by email. No spam.

Get email brief →

Share

Save share card

Download a clean portrait card for sharing.

Save image →