New Cybersecurity Law grants Central Bank enhanced powers to safeguard financial sector

On September 20, the president signed a law aimed at ensuring cybersecurity in the banking and financial sectors, the Ministry of Justice reported.

The document was approved by the Senate back in June. It outlines new requirements for information security in banks, non-bank credit institutions, payment systems, and the electronic government, as well as the powers of the Central Bank in this area.

In particular, the Central Bank will be able to identify cybersecurity threats in the operations of banks, microfinance organizations, pawnshops, mortgage refinancing institutions, payment services and systems, credit bureaus, and currency exchanges.

The regulator’s powers include measures to prevent threats. Amendments are also being made to the legislation aimed at regulating relations in the areas of banking secrecy and information protection in automated banking systems.

As previously reported, violations of cybersecurity legislation requirements in banking systems will be considered a serious offense. This means that such violations could lead to the revocation of a license.

The law will come into force three months after its official publication.

In December 2023, Shavkat Mirziyoyev granted the Central Bank the right to demand the blocking of bank cards and accounts in cases of suspicious transactions. Financial organizations were instructed to implement anti-fraud systems and monitor large peer-to-peer (p2p) transfers.

At the PLUS Forum, Central Bank Deputy Chairman Sodir Melibaev announced the development of a centralized anti-fraud system, which is planned to be connected to all payment organizations and commercial banks.