The Kenyan Central Bank is taking the bull by the horns now. Cybercrimes by banks involving a breach of customer information and eventual stealing of funds will no longer only be thrown open to the court to decide who is liable or not, bank directors will have to pay for any breach of customer information going forward.
The Central Bank of Kenya (CBK) has issued new rules to payment service providers including commercial banks and technology companies warning the boards of directors that they face “ultimate” liability in case of criminal breaches.
A Look At The Guidelines
- In the guidelines aimed at stemming cybercrime, the CBK says boards will take responsibility for breaches of customer information.
“Payment Service Providers (PSPs) should carry out regular independent assessment and audit functions that shall be undertaken by the internal and external audit and risk functions … The board of directors is ultimately responsible for the cybersecurity of the PSP,” said CBK.
PSPs including firms like Mastercard, Visa, Safaricom, Airtel, and Telkom have 90 days to comply with the requirements published this month.
Firms working with PSPs are also expected to treat customer information confidentially.
“Outsourcing agreements should be governed by a clearly written contract, the nature and detail of which should be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the PSP,”
“Some of the key provisions of the contract include controls to ensure customer data confidentiality and service providers’ liability in case of breach …”
Some financial institutions are required to collect detailed customer information for anti-money laundering, tax, and accounting reasons.
Privacy experts around the world have recently expressed concerns about how personal data is collected and used by companies.
In April, the government approved a tough policy on data protection, paving the way for it to be tabled in Parliament.
Charles Rapulu Udoh
Charles Rapulu Udoh is a Lagos-based Lawyer with special focus on Business Law, Intellectual Property Rights, Entertainment and Technology Law. He is also an award-winning writer. Working for notable organizations so far has exposed him to some of industry best practices in business, finance strategies, law, dispute resolution, and data analytics both in Nigeria and across the world.