InfoSecBulletin Cybersecurity for mankind
The banking industry in Bangladesh is the core driver in economic development of the country. The focus on inclusion and the aim for sustainability have advanced the industry to grow with a faster pace and in a well- structured manner.
The industry has undergone many changes on providing the services to their customers. Most of the banks have adopted automated banking environment for faster services, better control in operations and established alternative delivery channels to facilitate services at door-steps. Core Banking Solution (CBS) is playing a vital role for this technology driven banking services.
CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers
16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE
CISA warns of increasing risk tied to Oracle legacy Cloud leak
CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App
Apple released emergency security updates for 2 zero-day vulns
Oracle Released Patched for 378 flaws for April 2025
CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild
Bengaluru firm got ransomware attack, Hacker demanded $70,000
MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today
Today, the role of CBS is not just as a transaction processing engine; it is the key repository of information to further analyze and detect risks. A standard and flexible CBS is a significant contributor to a bank’s ability to respond quickly to the diversified business including compliances with changing regulations.
Apart from the CBS, banks are using different important solutions for different business portfolios like Trade Finance, Remittance, Asset Liability Management, Anti-Money Laundering, Card Management, etc. Though these business operations may be done using separate solutions, the reporting to stakeholders and regulators is done in a consolidated manner. Most of the commercial banks have already implemented CBS and the rests are on the way of implementation. Different commercial banks of Bangladesh are using different outsourced or self-developed CBS. Due to the variations in development architecture, support service, modality and flexibility in these systems, stakeholders are facing challenges in collecting the necessary and intended information at the right time.
This necessitates a uniform set of instructions that should be accommodated as a minimum requirement in any CBS. This document is developed in a collaborative approach to guide the commercial banks in Bangladesh in maintaining the minimum required features and controls in their CBS and other related banking solutions so that the banks can comply with most of the stakeholders’ requirements. The document covers the necessary features and controls of banking services like General Banking, Bills and Remittance, Deposits, Loans/Credit/Investment, Trade Service, Treasury, System Administration and Reporting.
Each bank has its own way of management reporting and regulators also have their different query and reporting requirements which are changing over time, as such fixed reporting formats and demands could not be stated in the reporting module. It is expected that the reporting tools used in the banking system shall be capable and flexible enough to generate new format of reports as required.
Bangladesh Bank reserves the right to amend or review document as and when necessary. In case of Islamic Banking, for all kinds of operations including profit and loss calculation will be based on Shariah principles and relevant guidelines of Bangladesh Bank.
Objectives:
Core banking operations involve managing transactions, processing payments, handling loans, and many other activities. It facilitates online banking, automated teller machines (ATMs), telebanking, and immediate or remote fund transfers through mechanisms like immediate payment service (IMPS), electronic fund transfer (EFT), and real-time gross settlement (RTGS). Application Programming Interfaces (APIs) are becoming more common in core banking systems to facilitate easy integration with third-party services. It facilitates a broader range of services and enhances the customer experience. For instance, through APIs, banks can integrate with FinTech services, payment gateways, or even other banks for seamless interbank and inter platform transactions.
Some basic objectives of this guideline are:
a) Ensuring proper due diligence while using Core Banking Solutions.
b) Ensuring quicker services at the bank counters for routine transactions like cash deposits, withdrawal, passbooks, statements of accounts, demand drafts, etc.
c) Ensuring anywhere banking by eliminating dependency with branch banking.
d) Ensuring provision of banking services 24 X 7.
e) Ensuring fast payment processing through Internet banking, mobile banking.
f) Ensuring anytime anywhere banking through ATMs, CRMs.
g) Ensuring that all branches access applications from central servers/datacenter, so deposits made in any branch reflect immediately and the customer can withdraw money from any other branch throughout the world.
h) Ensuring easy transfer of funds from the cities to the villages and vice versa.
i) Ensuring process standardization within bank & branches.
j) Ensuring retention of customers through better customer service.
k) Ensuring accuracy in transactions & minimization of errors.
l) Ensuring improved management of documentation & records – having centralized databases results in quick gathering of data & MIS reports etc.
Scope and Applicability:
This guideline is applicable to all Banks of Bangladesh. It addresses the approach and principles necessary for adoption of Core Banking Solution by the Bank. However, this guideline does not prescribe or recommend any specific Core Banking Solution, service arrangement, service agreement, service provider or deployment models. The Bank must perform their own analysis to determine if CBS meets their strategic aims whilst managing any associated risks and compliance with regulatory requirements.
Compliance and Dispensation:
a) The bank shall assign a Team/Committee/Entity to monitor compliance with this guideline. A Team/Committee/Entity shall provide the initial observation of any non-compliance issue to the competent authority. b) The bank shall take initiatives to rectify the non-compliance activities as per guidelines within a specific time frame.
c) For non-compliance issues, compliance plans shall be submitted to Bangladesh Bank. If any noncompliance issue persists due to exceptional cases, then dispensation can be taken from
Bangladesh Bank for a specific period.
d) If the bank fails to rectify the non-compliance activities within the time frame, the bank shall seek permission for dispensation from Bangladesh Bank. After the compliance failure multiple times, a penalty may be imposed on the bank depending on the impact of business or any adverse impact on customers’ interest.
The updated Guidelines on Core Banking Solution (CBS) Features and Controls (Version 2.0) is available in Bangladesh Bank website (www.bb.org.bd). This guidelines shall come into force with immediate effect. However, its full compliance must be ensured by 30 June 2025.
