KARACHI: In an effort to bolster the security of its regulatory portals, the State Bank of Pakistan (SBP) has announced that it will soon require all regulated entities (REs) to access its portals solely via Virtual Private Networks (VPNs). This decision is a strategic move by the central bank to safeguard sensitive customer data amid the increasing reliance on digital financial services.
Starting from May 30, 2025, all entities regulated by the SBP will be required to transition from web-based access to VPN-based access for their interactions with the bank’s Regulatory Approval System (RAS) and related services. This shift comes as part of SBP’s efforts to enhance the security framework protecting both financial institutions and their customers from potential cyber threats.
The RAS is the central platform used by the SBP for managing regulatory proposals, requests, and decisions. It has fully digitized the process for handling these critical communications, allowing for a streamlined and paperless system. The introduction of VPN-based access is seen as an essential step to fortify the platform’s security against increasing cyberattacks targeting financial institutions worldwide.
The decision to require VPN access comes as part of SBP’s broader initiative to ensure a more secure digital environment for financial transactions and regulatory compliance. In addition to the VPN requirement, the SBP has implemented a comprehensive service desk system designed to address and manage complaints related to the portals hosted by the central bank, including the RAS platform. This system will help ensure that any issues encountered by users are promptly addressed, minimizing disruptions to the regulatory processes.
In line with the new security protocols, the SBP has also mandated that regulated entities set up the necessary Multi-Factor Authentication (MFA) accounts prior to the transition. MFA will play a pivotal role in securing user access and ensuring that only authorized personnel can interact with the SBP’s systems. The central bank has stressed the importance of acquiring these MFA accounts ahead of the May 30, 2025 deadline to ensure a seamless transition and to avoid any operational disruptions when the changeover takes effect.
The SBP’s move to VPN-based access is in response to the rapidly evolving landscape of digital finance and the increasing frequency of cyberattacks on financial institutions. As digital banking and online transactions become more widespread, the need for robust cybersecurity measures has never been more critical. The central bank’s decision underscores its commitment to maintaining a secure regulatory environment and safeguarding the integrity of financial systems across Pakistan.
The SBP has been proactive in its efforts to modernize the country’s financial infrastructure, and this new initiative is a continuation of its efforts to ensure that Pakistan’s financial sector remains resilient against emerging threats. With the transition to VPN-based access, the SBP aims to not only enhance the security of its regulatory portals but also promote confidence among stakeholders in the country’s financial system.
The central bank has emphasized the importance of prompt compliance with these new security measures. Timely implementation of VPN access and MFA accounts is crucial for ensuring that the RAS and service desk platforms can continue to operate smoothly under the new framework. The SBP has made it clear that any delays in compliance may result in disruptions to regulatory processes, which could affect the operational efficiency of regulated entities.
This strategic move by the SBP is a reflection of the growing importance of cybersecurity in the financial sector, and it aligns with global trends toward more secure digital financial services. The shift to VPN-based access is expected to set a new standard for regulatory security in Pakistan, further strengthening the country’s position in the digital finance ecosystem.
As the deadline for the transition approaches, regulated entities are urged to prepare ahead of time and ensure that all necessary measures are in place for a smooth and secure shift to the new access system.