Published :
Updated :
For all latest news, follow The Financial Express Google News channel.
Bangladesh's banking sector must urgently strengthen cybersecurity, IT governance, and rural digital access to ensure safe and efficient financial services in an increasingly digitised environment, experts have said.
The recommendations came during a high-level review workshop titled "IT Operations of Banks", held Wednesday at the Bangladesh Institute of Bank Management (BIBM) campus in Dhaka.
The event brought together senior bank executives, regulators, and researchers to discuss the findings of a recent BIBM study that assessed IT practices across the banking sector.
Speaking as the chief guest, Bangladesh Bank Deputy Governor Nurun Nahar underscored the central role of information and communication technology (ICT) in modern banking. "Electronic banking is no longer a choice; it is the backbone of today's financial system," she said.
Citing key findings from the study, she pointed to critical gaps in ICT infrastructure: insufficient IT budgets, weak disaster recovery systems, a shortage of skilled personnel, and underdeveloped IT governance frameworks.
She called on banks to earmark a fixed share of their annual profits for ICT development and staff training, and to strengthen oversight by internal IT committees such as IT Steering and IT Security Committees.
Ms Nahar also noted that Bangladesh Bank has been actively supporting digital banking with platforms such as the Bangladesh Automated Clearing House (BACH), the Bangladesh Electronic Fund Transfer Network (BEFTN), the National Payment Switch Bangladesh (NPSB), and the Real-Time Gross Settlement (RTGS) system. Updated ICT security guidelines have also been issued to help financial institutions address rising cyber threats.
The BIBM review study, jointly conducted by BIBM researchers and Bank Asia Chief Technology Officer (CTO) Md Saiful Islam, identified that while banks are investing heavily in hardware and software, critical areas such as cybersecurity, auditing, and IT staff training are still underfunded.
The study recommended introducing spending benchmarks and flexible allocation models to respond quickly to evolving threats.
Disaster recovery preparedness emerged as a major concern. More than half of near-data centres (NDCs) and 76 per cent of far-data centres (FDCs) operate in cold or warm standby modes, limiting their ability to offer immediate system backup. Only 3 per cent of banks currently have Tier-4 certified data centres.
The report suggested setting up hot disaster recovery sites in different seismic zones and conducting full live operational tests at least once a month -- a practice only 10 per cent of banks currently follow.
In terms of financial inclusion, the study flagged the urban-heavy deployment of Cash Recycler Machines (CRMs). Despite a surge in CRM installations -- from just 126 in 2018 to 6,970 in 2024 -- most remain city-centred.
Experts recommended expanding CRM coverage to rural and underserved regions.
On core banking systems (CBS), the report noted growing adoption of dual platforms supporting both conventional and Islamic banking, which increased from 40 per cent in 2022 to 55 per cent in 2024. It encouraged local CBS development and regional partnerships to reduce reliance on foreign vendors.
While emerging technologies like artificial intelligence (AI), robotic process automation (RPA), and machine learning are gradually gaining traction, the study found limited use of blockchain and Internet of Things (IoT). A more balanced and needs-based adoption was recommended, along with regularly updated technology roadmaps.
To strengthen cybersecurity, the study urged banks to adopt baseline tools such as VAPT (Vulnerability Assessment and Penetration Testing), SIEM (Security Information and Event Management), and PAM (Privileged Access Management). High-risk banks should consider advanced tools like SOAR (Security Orchestration, Automation and Response) and DAM (Database Activity Monitoring).
It also advised that all banks pursue certifications like ISO 27001 and PCI DSS and ensure that at least 40 per cent of IT staff hold professional qualifications.
The review was led by BIBM Professors Md Shihab Uddin Khan, Md Mahbubur Rahman Alam, Kaniz Rabbi, Assistant Professor Md Foysal Hasan, and Bank Asia's CTO Md Saiful Islam.
bdsmile@gmail.com