SBP is set to enforce a major security overhaul by making its regulatory portals accessible only through VPNs. This initiative is part of a broader effort to enhance data protection and security in the financial sector, particularly as digital finance continues to play an increasingly significant role in the country’s economy. To ensure a smooth transition, SBP has issued a directive requiring all regulated entities (REs) to shift from standard web-based access to VPN-based access by May 30, 2025.
This shift aims to safeguard sensitive financial data from cyber threats and unauthorized access, reinforcing the integrity of digital transactions and regulatory communications. One of the key systems affected by this transition is the SBP’s Regulatory Approval System (RAS), which has fully digitized the process of receiving proposals and requests from regulated entities, as well as issuing regulatory decisions. By mandating VPN-based access, the SBP intends to add an extra layer of security to this system, ensuring that only authorized users can interact with regulatory processes.
Additionally, the central bank has implemented a service desk system to handle complaints and technical issues related to its regulatory portals, including RAS. This system is designed to streamline the resolution of concerns raised by financial institutions, minimizing disruptions in regulatory communication and compliance. To facilitate a seamless transition, the SBP has instructed all regulated entities to acquire the necessary Multi-Factor Authentication (MFA) accounts well in advance. MFA will serve as an additional security measure, reducing the risk of unauthorized access and ensuring that only verified personnel can log into the regulatory portals.
SBP has emphasized the urgency of compliance with these new security protocols, underscoring the importance of timely action to avoid disruptions in the functionality of the RAS and service desk platforms. The central bank’s decision reflects a growing global trend in financial cybersecurity, where institutions are increasingly adopting advanced security frameworks to combat cyber threats and data breaches.As the deadline approaches, financial institutions and other regulated entities will need to ensure they have the appropriate technical infrastructure in place to meet the new requirements. By enforcing VPN-based access and strengthening authentication measures, the SBP aims to create a more secure and resilient regulatory environment, ultimately enhancing trust in Pakistan’s financial sector.
