Skip to content

What the State Bank of Pakistan’s new guidelines mean for banks

BPC Sep 7, 2023 9:48:15 AM

This article first appeared on Retail Banker International on August 28, 2023

Furrukh Ali Baig explains why the Pakistan central bank’s security regulations offer the country’s banks the opportunity to build more secure and customer-centric practices.

As digitalisation continues to transform economies worldwide, Pakistan has seen an exponential rise in the volume of digital transactions. In the third quarter of fiscal year 2023, overall e-banking transactions rose by 4.3% in volume and 10.7% in value – reflecting how the convenience of digital banking has encouraged consumers and businesses to increasingly adopt this type of payment.

However, the rising tide of online transactions has brought with it an unwelcome surge in fraudulent activities, with over 30,000 complaints of financial scams being registered last year. In response, the State Bank of Pakistan (SBP) has decided to put up a strong and proactive defence, releasing a series of new measures to combat online fraud.

The State Bank of Pakistan’s approach

The State Bank of Pakistan (SBP) has instructed commercial banks and microfinance institutions to improve their digital fraud prevention strategies – with a comprehensive set of guidelines for banks to follow by December 31, 2023. They have emphasised that banks will be held responsible for lost customer funds stemming from delayed remedial actions or control measures.

Such regulations require financial institutions to establish a robust real time digital fraud prevention policy and consistently review and refine their digital fraud risk management processes and customer complaint mechanisms. This is part of a long-term objective to boost digital financial inclusion, which includes enhancing customer trust in the safety and security of the digital banking system.

A significant move to deter fraudulent fund transfers is the SBP’s directive to banks to impose a two-hour restriction on cash-outs, mobile top-ups, and online purchases from incoming fund transfers that are not as per customer’s behavioural profile, inhibiting the swift exit of fraudulently obtained funds from the banking system.

What this means for banks

These measures mark a significant strategic and operational shift for banks. Specifically, banks will need to invest in centralised advanced security systems across all digital channels and real time fraud detection technologies and improve their current processes to respond more quickly to fraud incidents.

Banks will need to tackle various types of fraud, such as social engineering, where fraudsters manipulate individuals into disclosing confidential information; spoofing of official helpline numbers, a method used to trick customers into revealing sensitive data; SIM swap attacks, where fraudsters gain control of users’ phone numbers to bypass two-factor authentication; and identity theft, where personal data is used to gain unauthorised access to financial resources.

Using legacy isolated systems in banking operations often presents a challenge in the digital age, as these systems may not have been designed with the modern real time cybersecurity landscape in mind. The upgrade from these systems can be a costly and time-consuming process, requiring significant investments in new technologies, employee training, and potentially a cultural shift within the organisation.

The changes could also lead to an overhaul of banks’ customer service operations, as they will need to promptly address customer complaints related to digital fraud. This could involve setting up dedicated helplines, training customer service representatives to handle such cases, and building systems that quickly track and respond to digital fraud incidents.

The role of tech partnerships

To comply with the new regulatory requirements, banks could greatly benefit from strategic partnerships with globally proven technology companies that offer cutting-edge solutions, with several key advantages for banks.

The first is that tech companies can give banks access to advanced digital security technologies and expertise. This includes AI and machine learning algorithms capable of detecting suspicious activity and identifying patterns that could indicate potential fraud. It can also mean implementing the latest technologies to secure transactions and protect customer data.

A tech partnership can also help modernise legacy systems while consolidating them from existing isolation mode to centralised systems. Instead of banks attempting to retrofit their existing infrastructure with newer technology – a process that can be time-consuming, expensive, and risky – a tech partner can help implement a modern, secure system from the ground up.

This can streamline operations and ultimately save costs in the long term – and such partnerships can significantly improve the customer experience. By leveraging tech partners’ expertise in user interface and user experience design, banks can offer more user-friendly digital banking services, which build trust and encourage digital adoption among customers.


The new requirements presented by the State Bank of Pakistan are a proactive response to the reality of the increasing prominence of online fraud. The modernisation of legacy systems and incorporation of advanced technology will only build a stronger digital payment’s ecosystem in Pakistan in the long run. By partnering with carefully chosen tech innovators, having globally proven technology and with on ground teams to understand regulator’s requirements, banks can use the opportunity presented by the new regulations to build more secure and customer-centric practices.

Furrukh Ali Baig is Managing Director Pakistan at BPC Banking Technologies.