Security Strategy, Plan, Budget

Russia’s Central Bank introduces new mandatory cyber-security regulations

The Russian Central Bank has announced mandatory cyber-security regulations for domestic banks, according to a Central Bank spokesperson.

The new regulations include mandatory reporting to FinCERT about breaches; the restriction of local area networks to computers connected to the payment service of the Central Bank and the introduction of constant monitoring for the operations of those computers which transfer payments to the Central Bank, among other requirements.

Russian banks will be expected to comply by by June 30, 2017.

An official spokesman for Herman Gref, head of Sberbank, Russia's largest bank, told that the new measures will reduce the number of attacks on Russian banks

He added that, to date, many Russian banks have prefered not to report to the Central Bank about cyber-attacks, due to reputational risks.

In addition, he said that banks were afraid of charges that could be introduced by the Central Bank due to non-compliance with IT standards. However, there is a possibility that the safety of Russian banks will be significantly improved by the end of the current year.

Alexey Demidov, a spokesman for the Russian Central Bank, told SC that non-compliance with the new regulations may result in serious punishment for offending banks, which may involve their disconnection from the f banking electronic payments system.

Other penalties may involve the introduction of a fine  of one percent of authorised capital as well as restricting certain operations.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.