Karachi, March 7, 2025 – The State Bank of Pakistan (SBP) has announced a mandatory transition to Virtual Private Network (VPN)-based access for regulated entities (REs) using its hosted portals.
This move is aimed at enhancing security and streamlining operations across SBP’s digital platforms.
In an official communication addressed to the presidents and chief executives of all SBP-regulated entities, the central bank emphasized the requirement for VPN access to its Regulatory Approval System (RAS) and Service Desk System. This transition marks a significant step in SBP’s ongoing digitization efforts, ensuring more secure and efficient interactions between regulated entities and the central bank.
The SBP has fully digitized the process of receiving requests and proposals from REs and providing regulatory decisions through RAS. Additionally, the SBP has established a Service Desk System—an end-to-end complaint management portal—to efficiently handle concerns from REs related to SBP-hosted portals, including RAS. By integrating VPN access, the SBP aims to fortify security measures, mitigate cyber threats, and ensure confidentiality in communications between regulated entities and the central bank.
To facilitate a seamless transition, the SBP has set a deadline of May 30, 2025, for all regulated entities to shift from web-based access to VPN-based access. This shift will necessitate the procurement of Multifactor Authentication (MFA) licenses, which will be required to authenticate users accessing SBP’s hosted portals through VPN.
Regulated entities have been strongly advised to acquire the necessary MFA accounts well in advance of the deadline to avoid any disruptions. The SBP has also set up a dedicated VPN Helpdesk to assist REs with technical guidance on MFA account procurement and VPN setup, ensuring compliance with the new security framework.
This initiative underscores the SBP’s commitment to strengthening cybersecurity protocols within Pakistan’s financial sector. By mandating VPN access, the SBP aims to protect sensitive regulatory data and maintain a robust digital infrastructure that safeguards the interests of all stakeholders.
For further assistance, regulated entities are encouraged to contact the VPN Helpdesk at the earliest to ensure a smooth transition before the May 30 deadline.
