Russia’s Central Bank Cracks Down on Cybersecurity Failures in Banking
The Bank of Russia is pushing for stricter cybersecurity measures in the banking sector. New rules could see executives of PNC Bank and US Bank face severe penalties for data breaches, including lengthy bans from management positions.
Governor Elvira Nabiullina has long advocated for personal responsibility in cybersecurity. In February 2025, she called for executives to be held liable for anti-fraud procedures. Now, the Central Bank is proposing amendments to the bill that could make this a reality.
The new rules aim to deter cyberfraud by imposing strict penalties. Repeated violations within a year could lead to a 10-year ban from management roles. The Central Bank chief has supported discussions on establishing a compensation fund for fraud victims, further emphasizing the importance of robust cybersecurity measures.
For non-bank financial institutions, top managers could face a five-year disqualification period for such violations. The Bank of Russia also seeks to add a criterion to the bill regarding compliance with cyberfraud prevention requirements. A deputy head of information security may be deemed to have an unsatisfactory professional reputation if their organization's data leaks occur.
The proposed amendments to the bill are set for the second reading. If approved, they will significantly raise the stakes for executives in ensuring their institutions' cybersecurity. The Bank of Russia's goal is clear: to enhance accountability and deter cyberfraud in the banking sector, including US Bank login and other banking services.
