KATHMANDU:  A detailed cybersecurity roadmap aimed at bolstering the digital security of Nepal’s banking and financial institutions (BFIs) has been officially handed over to newly appointed Nepal Rastra Bank (NRB) Governor Biswo Nath Poudel.

The roadmap, developed by cybersecurity policy expert Chiranjibi Adhikari, outlines comprehensive measures to strengthen cyber resilience across the financial sector and reduce systemic risks from digital threats.

The roadmap was created in alignment with national and international cybersecurity frameworks, including Nepal’s National Cybersecurity Policy 2080, the Electronic Transactions Act 2063, the Cyber Security Bylaw 2077, and NRB’s Cyber Resilience Guidelines 2023.

It has been supported by various key organizations such as the Federation of Computer Association Nepal (CAN Federation), the Center for Cybersecurity Research and Innovation (CSRI), and the Information Security Response Team Nepal (npCERT).

Chiranjibi Adhikari, Senior Vice President of CAN Federation and CEO of One Cover, presented the cybersecurity roadmap as a strategic framework to protect Nepal’s digital financial system. The plan calls for appointing Chief Information Security Officers (CISOs) in all BFIs, establishing IT risk committees, and forming a high-level cybersecurity committee led by NRB leadership.

A key feature is the creation of FinCERT-Nepal under NRB to coordinate incident responses, share threat intelligence, and collaborate with npCERT and the Nepal Police Cyber Bureau. All BFIs must integrate with npCERT for real-time alerts and secure data exchanges.

The roadmap also mandates quarterly risk assessments, multi-factor authentication, zero-trust models, encryption, and compliance with the Individual Privacy Act 2018. Digital platforms like mobile and internet banking must implement specific security measures including DDoS protection and regular vulnerability testing.

BFIs are required to operate 24/7 Security Operations Centers with SIEM and EDR tools, maintain incident response plans, and report serious breaches to NRB within 24 hours. Business continuity and secure data backup are also compulsory.

Vendors and cloud providers must comply with ISO 27001 standards and undergo audits. Capacity building through annual staff training, public awareness with the Nepal Telecommunications Authority, and cybersecurity scholarships at Nepali universities are included to strengthen long-term resilience.

Compliance will be enforced through regular audits and penalties for non-compliance. The roadmap will be updated annually or after major incidents. Implementation will be phased, beginning with CISO appointments and FinCERT-Nepal, followed by broader integration, training, and innovation initiatives.