Search for:

In brief

On 16 January 2021, the National Bank of Ukraine (NBU) introduced a specific oversight regime with respect to compliance of Ukrainian banks with data protection and cybersecurity requirements. Banks will now be subject to either remote or “on-site” inspections in these areas. In addition, banks will be required to submit their respective annual self-assessment reports. The template report form, approved by the NBU, indicates that banks will have to disclose all of their “cloud” and “outsourcing” projects with third-party vendors.

Key takeaways

The Ukrainian market is seeing an increased amount of emerging partnerships between banks and technology companies. Such collaboration arrangements have now attracted the regulator’s attention. Accordingly, banks and their technology vendors should dedicate more care to the regulatory aspects of their cooperation (and related technology transactions), to ensure a smooth oversight experience.


The new oversight regime aims to implement the evolving regulatory framework for data protection and cybersecurity in the banking industry. According to its Fintech Strategy 2025, the NBU will also adopt bespoke rules for banks governing IT outsourcing and cloud projects by the end of 2022 and 2024, respectively.


Serhiy Chorny is a co-managing partner and head of the Banking & Finance Group in Baker McKenzie's Kyiv office. Since 2005, he has been highly ranked by leading international and Ukrainian legal directories such as Chambers Global, Chambers Europe, Legal 500 EMEA, and IFLR1000 in various practice areas, including banking and finance, restructuring and insolvency, capital markets, structured finance and securitization, project finance and financial services.


Maksym Hlotov is an associate in Baker McKenzie's Kyiv office.