InfoSecBulletin Cybersecurity for mankind
A new law has been drafted to protect customers in electronic currency transactions. It will soon be presented to the National Assembly for approval. The Act is called the ‘Electronic Currency Payment and Settlement System Bill 2024′ and has been created by the Financial Institutions Department under the Ministry of Finance.
According to the draft, no one can provide electronic currency payment services without approval from Bangladesh Bank. Payment service rules should be fair and not harm consumer rights.
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
VMware Patches Authentication Bypass Flaw in Windows Tool
IngressNightmare
Over 40% of cloud environments are vulnerable to RCE
(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass
Oracle refutes breach after hacker claims 6 million data theft
If an organization breaks the rules by giving false information or statements, the proposed law suggests a maximum penalty of three years in prison or a Tk 30 lakh fine, or both.
An organization that continues to operate without a license may face imprisonment for up to 5 years, a fine of up to 50 lakh rupees, or both. Additionally, there are penalties ranging from 1 lakh to 5 lakh taka for hindering audit activities.
To obtain approval or a license, you must apply to Bangladesh Bank by filling out the required forms, following the procedures, and paying the fees. Within six months of the law taking effect, licensed institutions must comply with all the provisions of the law. Banking companies that are already providing payment services must obtain the license within one year of the law taking effect.
A Financial Institutions Department official mentioned that various digital transactions such as internet and agent banking, electronic funds transfer, credit and debit cards, e-wallets, internet banking, and electronic currency are currently happening outside traditional banks. These methods are being used by banks, financial institutions, and other financial service providers. The official highlighted the need for a new law to supervise and control these activities in order to reduce risks and protect customers’ interests.
Under this Act, banks or financial institutions need approval from Bangladesh Bank if they want to offer payment services in addition to core banking services. They also need to comply with Act No. 14 of the ‘Bank Companies Act 1991’, which covers capital, ownership, and management regulations.
Besides, any other institution or individual other than banks and financial institutions can be involved in the payment transaction business. However, in this case, the interested organization or person has to take license from Bangladesh Bank following the relevant regulations and the business operator has to preserve the capital in the amount, rate and manner prescribed by Bangladesh Bank from time to time.
The bill states that the payment service provider is responsible for all activities related to customer account opening, electronic currency issuance, electronic currency transactions, and management of trust and settlement accounts for payment services.
The payment system operator can help customers with the payment process using any method approved by Bangladesh Bank, and can also handle all activities related to settling transactions between the participants in the payment system.
The Participant in the Payment System will be responsible for managing the Settlement System. This includes participating in the Payment, Drainage, and Settlement System on behalf of themselves or the Customer.
Payment system operators, participants, and service providers must use trust and settlement accounts to handle the recipient’s money for settlement activities.
Under this Act, no one can issue or sell ‘advance paid documents’ without approval from Bangladesh Bank. Also, no one can accept any kind of investment, loan, deposit, or operate online or offline platforms for financial transactions without approval.
According to the bill, institutions providing payment services need to create and share their own rules based on the regulations of Bangladesh Bank. These rules should include aspects like liquidity, settlement, risk management, governance, continuity of operations, emergency measures, dispute resolution, and customer service. However, these rules should not be personal, discriminatory, or impair consumer rights. Payment service operators can use third-party outsourcing services or appoint agents to provide payment services to customers following the policy of Bangladesh Bank.
