The National Bank of Ukraine (NBU) is strengthening control over the implementation of measures by banks to ensure cyber protection and information security, in particular, it is introducing on-site inspections and remote supervision in the field of cyber defense and information security, the bank's press service said.
The changes were made by NBU Board resolution No. 4 dated January 16, 2021, which was posted on the regulator's website and entered into force.
The document defines the procedure for conducting inspections and establishes requirements for banks to conduct a self-assessment of the state of information security and cyber defense.
In particular, banks are required to conduct an appropriate self-assessment annually, draw up and submit an annual report on the assessment of information security and cyber-crises risks to the National Bank.
In addition, the implementation of the control mechanisms provided for by the said resolution makes it possible to make decisions related to the competence of certification centers and assess the effectiveness of the bank's information security management system.
The document allows the regulator to assess the completeness of the bank's compliance with the requirements of the NBU regulatory legal acts on information security and cyber defense and the level of the bank's information security and cyber crisis management, and the internal control system in these areas.