CBK moves to revise 2017 cyber rules as fraudsters exploit new technology
This move comes amid rising concerns over the use of artificial intelligence, cloud computing, and the surge in mobile money fraud, which have exposed gaps in the current regulatory framework.
The Central Bank of Kenya (CBK) has called on commercial banks to increase their spending on cybersecurity as it updates the 2017 guidelines to address new and evolving digital threats.
This move comes amid rising concerns over the use of artificial intelligence, cloud computing, and the surge in mobile money fraud, which have exposed gaps in the current regulatory framework.
More To Read
- Kenya’s financial outlook steady amid strong Treasury bill demand and stable shilling - CBK
- CBK set to monitor county transactions in real time to curb corruption
- CBK admits it lacks authority to shut illegal county bank accounts
- Counties under pressure as Treasury moves to curb misuse of funds with new single account system
- Kenyan insurers must disclose major cybersecurity breaches within 24 hours, regulator says
- Tax relief boost as KRA slashes fringe benefits rate for workers
CBK’s recent survey of 37 commercial banks and one mortgage institution reveals that while most lenders allocate between Sh2.5 million and Sh600 million annually for cybersecurity, some still do not have dedicated budgets and instead fund security efforts only when issues arise.
The regulator noted that existing budgets are often focused on licensing costs rather than fully addressing the growing complexity of cyber risks.
“As cyber threats evolve in scale and sophistication, updated guidance from central banks plays a critical role in safeguarding the stability, trust, and integrity of the financial system,” the CBK said in its survey report.
The regulator stressed that although the 2017 framework improved cyber defenses, the rapid changes in technology and threat patterns have outpaced its scope.
The updated guidance is expected to encourage banks to move away from heavy reliance on manual monitoring tools, which a third of surveyed banks still use, toward automated threat detection and response systems.
This shift is crucial as real-time cyber threats grow more advanced and harder to detect.
Banks have also urged CBK to include new areas such as artificial intelligence, machine learning, API security, and cloud computing in the revised rules.
Other important issues they want covered include cyber risk insurance, enhanced measures to combat mobile money fraud, stronger data privacy controls, and frameworks for sharing threat intelligence anonymously among financial institutions.
Mobile money platforms, which dominate Kenya’s financial transactions, have become a frequent target for fraudsters.
Banking leaders argue that updating regulatory guidelines to address these emerging challenges will improve overall security and protect customers better.
As Kenya’s financial sector continues to digitise rapidly, the Central Bank’s push for increased cybersecurity investment and updated regulations aims to strengthen resilience against growing cyber threats and safeguard the integrity of the banking system.
Top Stories Today
Reader Comments
Trending
