On 16 January 2021, the National Bank of Ukraine (NBU) introduced a specific oversight regime with respect to compliance of Ukrainian banks with data protection and cybersecurity requirements. Banks will now be subject to either remote or “on-site” inspections in these areas. In addition, banks will be required to submit their respective annual self-assessment reports. The template report form, approved by the NBU, indicates that banks will have to disclose all of their “cloud” and “outsourcing” projects with third-party vendors.
The Ukrainian market is seeing an increased amount of emerging partnerships between banks and technology companies. Such collaboration arrangements have now attracted the regulator’s attention. Accordingly, banks and their technology vendors should dedicate more care to the regulatory aspects of their cooperation (and related technology transactions), to ensure a smooth oversight experience.
The new oversight regime aims to implement the evolving regulatory framework for data protection and cybersecurity in the banking industry. According to its Fintech Strategy 2025, the NBU will also adopt bespoke rules for banks governing IT outsourcing and cloud projects by the end of 2022 and 2024, respectively.