Central Bank Issues Secure Network Blueprint

Bangladesh Bank has introduced a comprehensive regulatory framework to enhance the security, resilience and efficiency of digital communications across the financial sector. The directive, titled Guidelines on Partner Network, Version 1.0 (2026), establishes a unified structure for secure data exchange between the central bank and all affiliated institutions.

In a circular issued on Sunday, the central bank highlighted that it maintains electronic connectivity with a wide range of licensed entities, including scheduled banks, non-bank financial institutions, mobile financial service providers, payment service providers and payment system operators. It also connects with various government bodies to support technology-driven public services, reinforcing the need for robust and uninterrupted digital infrastructure.

At the heart of the new framework is an extranet-based system referred to as the “Partner Network”. This network enables the secure exchange of operational and financial data between the central bank and participating organisations. With the financial landscape becoming increasingly digital and interconnected, the regulator stressed that safeguarding communication channels has become essential for maintaining trust and stability.

Key Elements of the Guidelines

The guideline introduces a two-tier classification system for participating organisations. Category-A institutions are required to maintain both strong security controls and high system availability through redundancy mechanisms. Category-B institutions must meet essential security standards and are encouraged to upgrade their infrastructure over time to meet higher operational benchmarks.

To ensure effective implementation, each organisation must appoint a dedicated team or focal point responsible for managing its Partner Network operations. The central bank will oversee compliance and retains the authority to identify and address any deficiencies.

A strong emphasis has been placed on cybersecurity controls. Institutions are required to implement strict network segregation, establish layered firewall protections and monitor systems continuously for abnormal activity. Detailed provisions for change management ensure that all system modifications are properly documented, tested and reversible if necessary.

Remote connectivity has also been tightly regulated. All external access must be conducted through encrypted virtual private networks that meet recognised security standards. Access is limited strictly to authorised personnel, and all activities must be logged for monitoring and audit purposes.

In addition, organisations are required to maintain strong system maintenance practices. These include regular vulnerability assessments, timely application of security patches and secure configuration of all devices. The use of personal devices within the network is strictly prohibited, reflecting heightened concerns over potential internal risks.

In the event of any disruption or cyber incident, institutions must promptly notify the central bank, providing detailed information regarding the cause, impact and affected systems. The guideline also requires formal service level agreements and the use of approved network service providers, preferably with backup arrangements to ensure continuity.

All relevant institutions have been instructed to comply fully with the new framework by 31 December 2026, marking a decisive step towards building a secure, resilient and future-ready digital financial ecosystem in Bangladesh.