In light of the Central Bank's commitment to improving cybersecurity practices within the financial institutions under its oversight, and referring to the Central Bank Circular No. 381000091275 dated 28/08/1438 AH regarding the obligation of financial institutions to comply with the Cyber Security Framework and Maturity Level 3, the Central Bank emphasizes its dedication to enhancing and supporting cybersecurity measures in the financial sector and the proper implementation of the regulatory framework by financial institutions.

Accordingly, we inform you that the Central Bank has extended the deadline for compliance with the requirements outlined in the Cyber Security Framework to no later than the end of the fourth quarter of 2019. The Central Bank also emphasizes the necessity of adhering to the requirements stated in the aforementioned circular, in addition to the following instructions:

First: Financial institution leaders must provide the necessary support to the Information Security Management and equip them with qualified national staff, technical tools, and appropriate training to effectively fulfill their roles.

Second: Quarterly reports must be submitted starting from the end of the second quarter of 2019 until the financial institution complies with the Central Bank's requirements.

Based on the above, the Central Bank reaffirms the importance of complying with the Cyber Security Framework according to the issued instructions and regulations. Please note that the Central Bank will conduct field visits to verify compliance with these instructions.