Russia's Central Bank introduces new mandatory cyber-security regulations

Russian banks will be faced with a whole range of new regulations, and penalties for non-compliance, when it comes to cyber-security, according to the country's Central Bank

Russian banks will be forced to report attacks and breaches under new regulations
Russian banks will be forced to report attacks and breaches under new regulations

The Russian Central Bank has announced mandatory cyber-security regulations for domestic banks, according to a Central Bank spokesperson.

The new regulations include mandatory reporting to FinCERT about breaches; the restriction of local area networks to computers connected to the payment service of the Central Bank and the introduction of constant monitoring for the operations of those computers which transfer payments to the Central Bank, among other requirements.

Russian banks will be expected to comply by by June 30, 2017.

An official spokesman for Herman Gref, head of Sberbank, Russia's largest bank, told SCMagazineUK.com that the new measures will reduce the number of attacks on Russian banks

He added that, to date, many Russian banks have prefered not to report to the Central Bank about cyber-attacks, due to reputational risks.

In addition, he said that banks were afraid of charges that could be introduced by the Central Bank due to non-compliance with IT standards. However, there is a possibility that the safety of Russian banks will be significantly improved by the end of the current year.

Alexey Demidov, a spokesman for the Russian Central Bank, told SC that non-compliance with the new regulations may result in serious punishment for offending banks, which may involve their disconnection from the f banking electronic payments system.

Other penalties may involve the introduction of a fine  of one percent of authorised capital as well as restricting certain operations.