.

Operational Resilience Regulations Series
OR BB P2S2_MII_14

[OR] [R] Operational Resilience Related Regulations from African Central Banks

Operational Resilience is the capability to absorb shocks to operations, incremental changes, and disruptive events, and then rebound to an operational level acceptable to management, employees, and stakeholders.

This chapter is a consolidated list of guidelines, frameworks, directives, and policies on Operational Resilience (OR), Business Continuity Management (BCM), Cyber Resilience, Risk Management, and Financial Sector Resilience issued by central banks and financial regulators across Africa.

Moh Heng Goh
Operational Resilience Planner-Specialist-Expert

Operational Resilience Related Regulations Issued by Central Banks and Financial Regulators across Africa

Introduction

IC_Operational Resilience_RegulationsA person reviewing data protection policies and procedures as part of a business continuity management audit, with documents and regulations visible

This chapter is a consolidated list of guidelines, frameworks, directives, and policies on Operational Resilience (OR), Business Continuity Management (BCM), Cyber Resilience, Risk Management, and Financial Sector Resilience issued by central banks and financial regulators across Africa.

 

North Africa

Central Bank of Egypt

Key Guidelines and Frameworks
  • Banking Sector Cybersecurity Framework
  • Information Security and Cyber Resilience Requirements
  • Business Continuity Management (BCM) Guidelines for Banks
  • Operational Risk Management Framework
  • Digital Banking and FinTech Risk Management Regulations
Operational Resilience Related Requirements
  • Critical services identification
  • Cyber resilience testing
  • BCM and disaster recovery capabilities
  • Third-party technology risk management

Bank Al-Maghrib

Key Guidelines and Frameworks
  • Directive on Internal Control Systems
  • Operational Risk Management Requirements
  • Cybersecurity Framework for Credit Institutions
  • BCM and Disaster Recovery Guidelines
Operational Resilience Focus
  • ICT resilience
  • Crisis management
  • Recovery arrangements
  • Outsourcing risk management

Bank of Algeria

Key Guidelines
  • Prudential Risk Management Regulations
  • Internal Control Framework
  • Information Systems Security Requirements
Operational Resilience Focus
  • Operational risk controls
  • Critical infrastructure protection
  • Business continuity arrangements

Central Bank of Tunisia

Key Guidelines
  • Circular on Operational Risk Management
  • Information Security Requirements
  • BCM Requirements for Financial Institutions
Operational Resilience Focus
  • ICT continuity
  • Incident response
  • Crisis communication

West Africa

Central Bank of Nigeria

Key Guidelines and Regulations
  • Operational Resilience Framework for Financial Market Infrastructures (2024)
  • Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions
  • Cybersecurity Framework for Deposit Money Banks and Payment Service Providers
  • Business Continuity Management Framework
  • Risk Management Framework for Banks and Discount Houses
  • Guidelines on Information Technology Standards
Operational Resilience Requirements
  • Important business services identification
  • Impact tolerance setting
  • Severe but plausible scenario testing
  • Mapping of dependencies
  • Third-party risk management
  • Cyber resilience testing

Bank of Ghana

Key Guidelines
  • Cyber and Information Security Directive
  • Operational Risk Management Guidelines
  • Business Continuity and Disaster Recovery Requirements
  • Outsourcing Directive
Operational Resilience Focus
  • Critical service resilience
  • ICT recovery
  • Vendor resilience
  • Cyber incident reporting

BCEAO

(Banque Centrale des États de l'Afrique de l'Ouest)

Key Guidelines
  • Banking Risk Management Framework
  • Information Systems Security Framework
  • Payment System Risk Management Standards
  • BCM Expectations for Financial Institutions
Operational Resilience Focus
  • Payment system continuity
  • Regional financial stability
  • Operational risk controls

Bank of Sierra Leone

Key Guidelines
  • Cybersecurity Guidelines for Financial Institutions
  • Operational Risk Management Requirements
  • BCM Framework Expectations

East Africa

Central Bank of Kenya

Key Guidelines
  • Guidance Note on Cybersecurity
  • Prudential Guideline on Risk Management
  • Business Continuity Management Guidelines
  • Guidance on ICT Risk Management
  • Outsourcing Guidelines
Operational Resilience Requirements
  • Critical process identification
  • Recovery objectives
  • ICT resilience
  • Third-party oversight

National Bank of Rwanda

Key Guidelines
  • Regulation on Operational Risk Management
  • ICT Risk Management Framework
  • Cybersecurity Guidelines
  • BCM Requirements
Operational Resilience Focus
  • Technology resilience
  • Recovery planning
  • Incident management

Bank of Uganda

Key Guidelines
  • Information Security Guidelines
  • Operational Risk Management Regulations
  • BCM Requirements for Financial Institutions
Operational Resilience Focus
  • ICT continuity
  • Cyber resilience
  • Disaster recovery

Bank of Tanzania

Key Guidelines
  • Risk Management Guidelines
  • ICT Governance and Risk Management Framework
  • BCM Requirements for Banks and Financial Institutions
Operational Resilience Focus
  • Technology resilience
  • Outsourcing controls
  • Business continuity

Bank of Mauritius

Key Guidelines
  • Guideline on Business Continuity Management
  • Guideline on Information and Cybersecurity
  • Guideline on Outsourcing by Financial Institutions
  • Operational Risk Management Framework
Operational Resilience Focus
  • End-to-end service resilience
  • Third-party dependency management
  • Crisis management

Southern Africa

South African Reserve Bank

Key Guidelines and Standards
  • Joint Standard on Cybersecurity and Cyber Resilience
  • Joint Standard on IT Governance and Risk Management
  • Operational Risk Management Framework
  • Financial Sector Contingency Planning Requirements
  • Outsourcing and Cloud Computing Guidance
Operational Resilience Requirements
  • Critical operations identification
  • ICT resilience
  • Cyber testing
  • Third-party risk management
  • Recovery and resolution preparedness

Bank of Namibia

Key Guidelines
  • Operational Risk Management Framework
  • Cybersecurity Guidelines
  • BCM Guidelines for Banking Institutions

Bank of Botswana

Key Guidelines
  • Corporate Governance Guidelines
  • Risk Management Guidelines
  • BCM Expectations
  • ICT Risk Management Requirements

Reserve Bank of Zimbabwe

Key Guidelines
  • Cybersecurity Framework
  • Operational Risk Management Guidelines
  • BCM Requirements for Banking Institutions

Central Bank of Zambia

Key Guidelines
  • ICT and Cybersecurity Risk Management Guidelines
  • Operational Risk Management Framework
  • BCM and Disaster Recovery Requirements

Central Bank of Lesotho

Key Guidelines
  • Risk Management Guidelines
  • Information Security and BCM Requirements

Central Bank of Eswatini

Key Guidelines
  • Operational Risk Management Framework
  • BCM Guidelines
  • ICT Risk Management Requirements

 

African Central Banks with Explicit Operational Resilience Initiatives

The following regulators have introduced requirements that align closely with international operational resilience frameworks issued by the Basel Committee on Banking Supervision, Financial Stability Board, and Bank for International Settlements:

 

Country Regulator Operational Resilience Maturity
Nigeria Central Bank of Nigeria Very High
South Africa South African Reserve Bank Very High
Mauritius Bank of Mauritius High
Kenya Central Bank of Kenya High
Ghana Bank of Ghana High
Egypt Central Bank of Egypt High
Rwanda National Bank of Rwanda Medium-High
Tanzania Bank of Tanzania Medium
Uganda Bank of Uganda Medium
Morocco Bank Al-Maghrib Medium-High

 

Most Relevant African Regulations for Operational Resilience Practitioners

For practitioners implementing operational resilience programs aligned with ISO 22301, ISO 22361, BCBS, MAS, BNM, and BSP requirements, the most mature and comprehensive African regulatory references are:

  1. Central Bank of Nigeria — Operational Resilience Framework for Financial Market Infrastructures (2024)
  2. South African Reserve Bank — Cyber Resilience and ICT Risk Standards
  3. Bank of Mauritius — BCM and Outsourcing Guidelines
  4. Central Bank of Kenya — ICT Risk Management and Cybersecurity Framework
  5. Bank of Ghana — Cyber and Information Security Directive

These are the African regulatory sources that most closely resemble the operational resilience requirements issued by regulators such as the Monetary Authority of Singapore, Bank Negara Malaysia, and Bangko Sentral ng Pilipinas.

 

 

Learn more about Blended Learning OR-300 [BL-OR-3] and OR-5000 [BL-OR-5]

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.

BL-OR-3 Register Now BL-OR-3_Tell Me More BL-OR-3_View Schedule
BL-OR-5_Register Now BL-OR-5_Tell Me More [BL-OR] [3-4-5] View Schedule
[BL-OR] [3] FAQ OR-300 If you have any questions, click to contact us.Email to Sales Team [BCM Institute]
FAQ BL-OR-5 OR-5000
OR Implementer Landing Page

New call-to-action

 New call-to-action

 

Comments
CTA Banner_OR
CTA Banner_ORA
CTA Banner_BCM
CTA Banner_ITDR
CTA Banner_CM
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2026