The Central Bank of Kenya (CBK) has issued new rules to payment service providers including commercial banks and technology companies warning the boards of directors that they face “ultimate” liability in case of criminal breaches.

In the guidelines aimed at stemming cybercrime, the CBK says boards will take responsibility for breaches of customer information.

“Payment Service Providers (PSPs) should carry out regular independent assessment and audit functions that shall be undertaken by the internal and external audit and risk functions … The board of directors is ultimately responsible for the cybersecurity of the PSP,” said CBK.

PSPs including firms like Mastercard, Visa, Safaricom, Airtel and Telkom who have 90 days to comply with the requirements published this month.

Firms working with PSPs are also expected to treat customer information confidentially.

“Outsourcing agreements should be governed by a clearly written contract, the nature and detail of which should be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the PSP,” says the policy.

Source: Daily Nation

Leave a Reply

Your email address will not be published. Required fields are marked *