Financial sector news

The new requirements apply to financial service providers such as insurance companies, credit unions, finance companies, and pawnshops. Their implementation should improve information security and cyber protection, as well as contribute to strengthening the stability and reliability of Ukraine's financial market.

The provisions of Resolution No. 143 of the Board of the National Bank of Ukraine dated December 9, 2025, “On Approval of the Regulations on the Organization of Measures to Ensure Information Security and Cyber Protection by Financial Service Providers,” which comes into force on December 13, 2025, include, in particular:

• requirements for cyber risk and information security risk management;
  
  
• basic requirements for the organization of measures to ensure information security and cyber protection;
  
  
• the procedure for managing cyber incidents and information security incidents;
  
  
• requirements for internal documents regulating the management of access rights to information, electronic communication, and information and communication systems.

The regulator requires participants in the non-bank financial services market to bring their activities into compliance with the regulator's requirements within one year from the date of entry into force of the resolution.