Nepal Unveils National Cybersecurity Roadmap to Protect Financial Institutions

Kathmandu – In a major step toward strengthening Nepal’s financial security, a comprehensive cybersecurity roadmap for Banks and Financial Institutions (BFIs) was officially presented to the newly appointed Governor of Nepal Rastra Bank (NRB), Biswonath Poudel. This initiative aims to safeguard the country’s growing digital economy amid rising cyber threats.

The roadmap was developed by cybersecurity policy expert Chiranjibi Adhikari, who also serves as Senior Vice President of the CAN Federation and CEO of One Cover Private Limited. It outlines a strategic framework to bolster Nepal’s financial cybersecurity infrastructure through coordinated action, strict compliance standards, and enhanced institutional capacities.

Collaborative Effort across Institutions

The plan brings together key national institutions including the Center for Cybersecurity Research and Innovation (CSRI), the CAN Federation, Information Security Response Team Nepal (npCERT), and the Nepal Police Cyber Bureau. Their representatives emphasized that reducing cybercrime will require long-term commitment to research, development, and public education.

According to Dr. Shaligram Parajuli of CSRI, consistent R\&D will play a critical role in building resilience. Leaders from CAN Federation echoed this by highlighting the need for national-level cooperation, while npCERT representatives stressed public awareness and youth engagement.

Key Components of the Roadmap

The new policy includes a broad set of mandates designed to secure digital banking operations and customer data across all BFIs. A few of the major highlights include:

• Leadership and Governance: Every BFI must appoint a Chief Information Security Officer (CISO). NRB will also form a board-level IT Risk Committee and a high-level Cybersecurity Committee to provide oversight and guidance.
• FinCERT-Nepal: A Financial Sector Computer Emergency Response Team will be established under NRB to coordinate cyber incident responses and share threat intelligence across the sector.
• Integration with npCERT: All BFIs will be required to integrate with npCERT for real-time alerts and coordinated responses to cyber threats.
• Partnerships for R\&D: Collaboration with CSRI and CAN Federation is mandatory to facilitate research, training, and simulated cybersecurity drills.
• Advanced Risk Management: Institutions must conduct quarterly risk assessments and implement robust control measures such as multi-factor authentication, data encryption, and continuous monitoring.
• Digital Transaction Security: Enhanced protocols will be put in place to secure mobile banking, internet banking, and digital wallets.
• Incident Response Readiness: A 24/7 Security Operations Center (SOC) will be set up for real-time monitoring. Every BFI must maintain a detailed incident response plan and report serious breaches to NRB within 24 hours.
• Third-Party and Cloud Security: Vendors and cloud services must comply with international security standards like ISO 27001, with regular audits to ensure compliance.
• Education and Capacity Building: Annual training for financial staff and national awareness campaigns in collaboration with Nepal Telecommunications Authority are planned to promote a culture of cybersecurity.
• Cybersecurity Scholarship and Innovation Fund: BFIs will be required to contribute to a scholarship fund aimed at producing skilled professionals in cybersecurity. Research collaborations with academic institutions will be promoted to drive innovation in fields such as digital forensics and fraud detection.

Strict Compliance and Enforcement

To ensure these standards are upheld, NRB will conduct periodic audits. BFIs must submit quarterly compliance reports, and any institution failing to meet requirements may face penalties, including suspension of operations.

Phased Implementation

The roadmap sets out clear stages: initial appointments and institutional setups in the immediate term; system integrations and assessments in the short term; full operational capabilities and academic collaborations in the mid term; and long-term investment in talent and infrastructure.

A Step toward a Secure Financial Future

The introduction of this roadmap marks a critical milestone for Nepal’s digital future. It represents a collective commitment by policymakers, industry leaders, and researchers to secure the financial sector against evolving cyber threats. With strong leadership and sustained cooperation, Nepal is positioning itself to build a resilient, trustworthy digital financial environment for years to come.