Govt proposes tough new cybersecurity rules for virtual asset service providers

ISLAMABAD (Mudassar Ali Rana) – The government has proposed stringent new cybersecurity and technology governance rules for Virtual Asset Service Providers (VASPs), requiring all registered entities to implement comprehensive security policies and conduct regular audits.

The draft framework mandates that VASPs establish, enforce, and annually review their cybersecurity policies under the supervision of a Chief Information Security Officer to ensure full protection of electronic systems, client information, and counter party data.

According to the guidelines which are available in the proposed draft these policies must cover information security, data governance and classification, system and network security, supplier management, incident response, and safeguards against cyberattacks. VASPs will be required to implement a comprehensive technology governance and risk assessment framework aligned with their business model and risk exposure.

The framework will include backup controls, capacity planning, system testing, and continuous monitoring of technology operations. New regulations aim to enhance transparency, protect data, and prevent financial crime within the virtual asset industry, ultimately boosting consumer confidence.

Additional rules will also be introduced regarding security measures and audit requirements to make crypto related operations more secure. Under the proposed rules, VASPs must ensure secure creation, transfer, and storage of cryptographic keys and virtual asset wallets.

They will be required to adopt enhanced safeguards to protect users private keys from unauthorized access, ensure uninterrupted access to crypto assets, and educate customers about risks associated with unauthorized data sharing.

Furthermore, the guidelines direct VASPs to conduct third party security audits of their crypto platforms.

Annual risk assessments and system wide testing will be mandatory to verify protection against hacking and cyberattacks. The government is preparing to formally introduce the Virtual Asset Service Providers Governance and Operations Regulations, aimed at strengthening oversight and fostering trust in the crypto market.

Meanwhile, an important high level meeting on Pakistan’s National Digital Asset Framework was co-chaired by Finance Minister Muhammad Aurangzeb and PVARA Chairman Bilal bin Saqib. Governor State Bank, bank presidents, and senior leadership from Binance also attended.

The meeting reviewed progress on the national framework in detail. Finance Minister Aurangzeb said digitising the payment ecosystem to global standards is essential, adding that the rise of digital assets in Pakistan is irreversible.

He noted that blockchain technologies could significantly reduce costs in Pakistan’s annual US$38 billion remittance flow and open new Web3 and blockchain related employment opportunities for Pakistani youth. PVARA Chairman Bilal bin Saqib stated that Pakistan has the capability to set global digital standards and that digital assets can play a transformative role in financial inclusion and access to new markets.