CAN Federation hands over cybersecurity roadmap to NRB Governor Poudel

KATHMANDU: Federation of Computer Association Nepal (CAN Federation) officially handed over a critical cybersecurity roadmap for banks and financial institutions (BFIs) to the newly appointed Governor of Nepal Rastra Bank (NRB), Biswo Nath Poudel.

The roadmap was conceptualised by Chiranjibi Adhikari, a renowned cybersecurity policy expert, Senior Vice President of CAN Federation and CEO of cybersecurity firm One Cover. It aims to establish a robust defence against escalating cyber threats.

The framework aligns with Nepal’s National Cybersecurity Policy 2080, the Electronic Transactions Act 2063 (2008), the Cyber Security Bylaw 2077 (2020) and NRB’s Cyber Resilience Guidelines (2023). It serves as a blueprint for creating a secure and resilient financial ecosystem.

Key stakeholders in Nepal’s ICT and security sectors have actively supported the initiative. Shaligram Parajuli, MoCIT ICT Expert and President of the Centre for Cybersecurity Research and Innovation (CSRI), along with General Secretary Bhojraj Ghimire and Secretary Bandana Sharma, stressed CSRI’s vital role in reducing cybercrime through research and development. 

Chandra Bilash Bhurtel and Mona Nyachhoyon of CAN Federation reinforced their organisation’s commitment to strengthening national cybersecurity. Suman Sharma, Vice President of Information Security Response Team Nepal (npCERT) and CEO of Insight Technology, underlined npCERT’s crucial role in the forthcoming FinCERT, while Rojina Dangi of npCERT highlighted the need for widespread cybersecurity awareness and education, especially among youth.

The roadmap sets out 12 key pillars. It mandates the appointment of a Chief Information Security Officer (CISO) in NRB and all BFIs, along with the formation of board-level IT risk committees and high-level cybersecurity committees, chaired by the NRB Governor or Deputy Governor. A cornerstone of the initiative is the creation of FinCERT-Nepal, which will coordinate cyber incident response, conduct risk assessments and share threat intelligence among financial institutions in close collaboration with the Nepal Police Cyber Bureau and npCERT.

The policy requires the seamless integration of all BFIs with npCERT to ensure real-time threat alerts and coordinated responses. It also stresses the importance of strategic partnerships with CSRI and CAN Federation to drive research, offer specialised training and conduct realistic cyberattack simulations. Regular risk assessments, robust controls such as multi-factor authentication, data encryption and routine vulnerability tests are integral parts of the plan. In addition, stringent security measures for digital payment systems, comprehensive incident detection through a 24/7 Security Operations Centre (SOC) and strict reporting protocols are enforced. The roadmap further mandates security audits, due diligence for third-party vendors, compliance with ISO 27001 standards and a cybersecurity scholarship fund to promote industry-academic research and innovation in areas like fraud detection, blockchain security, AI-based threat analysis and digital forensics.

Periodic audits, compliance monitoring and enforcement actions – including fines or licence suspensions – will ensure the roadmap remains effective against evolving cyber threats. This comprehensive strategy marks a pivotal moment for Nepal’s financial sector, laying a strong foundation for a secure, resilient and trusted digital economy.