SASRA Urges Saccos to Reinforce Cybersecurity Before Holidays
As holidays approach, SASRA directs saccos to tighten cybersecurity and keep systems under close watch
The Sacco Societies Regulatory Authority (SASRA) has issued a cybersecurity directive for saccos, requiring all regulated institutions to implement mandatory data backups and strengthen system monitoring ahead of the April and May public holidays.
In a circular sent to chief executives, SASRA warned that cyberattacks tend to rise during extended holiday periods.
The advisory specifically covers the Good Friday to Easter Monday window from April 3 to April 6, and the Labour Day weekend from May 1 to May 3.
Mandatory backups and 24-hour system monitoring
SASRA has directed both deposit-taking and non-withdrawable deposit-taking saccos to conduct offline backups of critical data. Institutions must also enhance surveillance across ICT infrastructure, digital financial channels, and management information systems.
The regulator is requiring round-the-clock monitoring, including dedicated response teams capable of detecting and addressing threats in real time.
“Cyber risks increase when systems are left with reduced supervision,” the circular notes, pointing to the need for continuous oversight during holidays.
Digital channels and third-party systems under scrutiny
The directive highlights elevated risk exposure in saccos offering services through ATMs, mobile money platforms, and internet banking systems. Institutions relying on third-party vendors and system integrators were also flagged.
Particular attention is placed on saccos operating paybill accounts, digital credit products, and mobile-linked financial services. These systems, SASRA said, are more exposed to breaches originating from external integrations.
Internal controls and insider risk
SASRA has also raised concern over insider threats, directing institutions to tighten internal controls. Employees working alongside external vendors were identified as potential points of vulnerability where safeguards are weak.
The regulator warned that all third-party engagements must comply with existing guidelines. Any financial losses arising from non-compliant contracts will be borne by responsible sacco officials.
Growing pressure on financial system resilience
The directive reflects increasing pressure on Kenya’s sacco sector as digital financial services expand. With more transactions moving through integrated platforms, the exposure surface for cyber threats continues to widen.
SASRA’s instructions place operational responsibility directly on sacco leadership, particularly during periods when oversight structures are typically stretched.
Mark your calendars! The GreenShift Sustainability Forum is back in Nairobi this August. Join innovators, policymakers & sustainability leaders for a breakfast forum as we explore sustainable solutions shaping the continent’s future. Limited slots – Get your early bird tickets now – here. Email info@techtrendsmedia.co.ke for partnership requests.
Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent and across the world.
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
