The Central Bank of Kenya (CBK) has established the Banking Sector Cybersecurity Operations Centre (BS-SOC), a new facility designed to protect the financial system from increasing cyber threats.
According to the regulator, the centre will operate under the Cyber Fusion Unit at CBK. The highly specialised unit is responsible for, among other things, enhancing the security of the financial system by managing cybersecurity tools, conducting threat research, and analysing data to provide actionable insights to combat cyber threats like fraud and ransomware.
In a statement released on Monday, CBK said the BS-SOC will offer key services like cyber threat intelligence, incident response, digital forensics, and cyber investigations.
This, CBK said, will help enhance the resilience of the banking sector against persistent and sophisticated cybercriminals targeting financial institutions, who have also been targeting individual bank account holders.
The regulator also confirmed that it has started the process of aligning and harmonising the Commercial Banks Cybersecurity Guidelines of 2017 and the Payment Service Providers Cybersecurity Guidelines of 2019 with the new 2024 regulations.
Until the harmonisation is complete, banks and payment service providers will be required to continue complying with both sets of guidelines simultaneously.
Additionally, they will also be mandated to report cybersecurity incidents to the BS-SOC within the timelines provided under the law.
“Meanwhile, all regulated institutions must continue to comply with both sets of requirements simultaneously and are mandated to report cybersecurity incidents to the BS-SOC within stipulated timelines under the CMCA Regulations,” read part of the statement by CBK.
“The successful implementation of this initiative requires the full collaboration and cooperation of all stakeholders. This partnership is imperative to enhance the resilience of the banking sector against the significant and persistent challenges posed by sophisticated cyber threat actors.”
Impact of the Decision
Financial institutions, banks included, are currently grappling with the challenges of hacking from fraudsters who have been targeting Kenyans' accounts and their security systems, and the decision by the regulator is expected to address some of these challenges.
Bank Safety and AI
Meanwhile, last month, CBK cautioned financial institutions against rushing to adopt artificial intelligence (AI) without addressing ethical, legal, and operational risks that could undermine consumer trust and the stability of the banking sector.
In its latest report on the Bank Annual Report 2024, CBK noted that the rapid growth of AI tools in recent years has brought significant opportunities for the banking industry, including faster decision-making, fraud detection, and personalised services.
However, it warned that these technologies also carry inherent risks if not deployed fairly, transparently, and responsibly.
