The Bank of Mozambique issued a circular setting the mandatory reporting templates that credit institutions and financial companies must use to notify technological and cyber incidents, implementing the reporting framework introduced under a prior notice. Firms must submit (i) incident reports and (ii) an aggregated incident report using the models in Annexes I and II, primarily via the Banking Supervision Application (BSA) portal and any other channels indicated by the central bank, with email reporting allowed only on an exceptional basis when the specified channels are unavailable. The templates require structured information on incident type and severity, affected systems and business areas, operational, reputational and financial impacts including thresholds linked to Tier 1 own funds, and the actions taken and remediation, including final investigation and escalation details. The circular enters into force on 9 March 2026.
Bank of Mozambique 2026-01-14
Bank of Mozambique mandates standard templates and channels for technology and cyber incident reporting effective 9 March 2026
The Bank of Mozambique issued a circular mandating the use of specific reporting templates for technological and cyber incidents by credit institutions and financial companies. Reports must be submitted primarily via the Banking Supervision Application portal, detailing incident type, severity, impacts, and remediation actions. Email reporting is permitted only when other channels are unavailable.