3 compliance deadlines in 2026

Bangladesh Bank Compliance Solutions.

19 regulatory frameworks. One technology partner. 150+ institutions must comply. From Bangla QR criminal penalties to PDPO data localization -- KaritKarma delivers turnkey compliance stacks that map requirement-by-requirement to Bangladesh Bank circulars.

Talk to compliance teamView deadlines
19
BB circulars
150+
Institutions
4
Deadlines 2026-27
100%
Requirements met
Compliance deadlines

Sorted by urgency. Criminal penalties first.

Bangla QR -- June 30, 2026

82 days

Criminal penalties: BDT 30 lakh fine + up to 3 years imprisonment. All proprietary QR codes must be replaced.

Cyber Security Framework -- December 31, 2026

266 days

7-pillar framework. MFA mandatory. SIEM required. 72-hour incident reporting. 89% of banks are NOT AI-ready.

BB Partner Network -- December 31, 2026

266 days

BRPD-2 No-01. Secure extranet for all external partners. 61 banks, 100+ organizations. OAuth 2.1, RBAC, VPN, audit trails.

PDPO Data Protection -- May 2027

~395 days

Bangladesh's first data protection law. 1-5% annual turnover penalties. Applies to ALL organizations, not just financial.

Compliance areas

Every regulation. Mapped to working products.

Each Bangladesh Bank circular maps directly to KaritKarma products. No custom development needed. Deploy in days, not months.

82 days

Bangla QR

Mandatory QR Code Adoption

Remove all proprietary QR codes. Adopt unified Bangla QR standard. Criminal penalties for non-compliance under the Payment Systems Act.

LoneSock PayIntraPay
View solution
266 days

Cyber Security Framework

BB CSF v1.0 (2026)

7-pillar cybersecurity framework mandating MFA, access control, SIEM, incident reporting, and AI-ready security posture for all financial institutions.

WenmeDarwanAegisBitsPath
View solution
266 days

BB Partner Network

BRPD-2 No-01 (2026)

Secure centralized extranet for all external partners. OAuth 2.1 authentication, RBAC authorization, encrypted VPN, audit trails, fraud monitoring.

WenmeDarwanAegis
View solution
395 days

PDPO 2025

Personal Data Protection

Bangladesh's first comprehensive data protection law. Data localization, consent management, breach notification, right to erasure. Applies to ALL organizations.

WenmeDarwanProfessional Vault
View solution
Ongoing

ICT Security v4.0

Bangladesh Bank Guideline

Updated ICT security guidelines covering access management, network security, application security, and incident management for all banks.

WenmeDarwanAegis
View solution
Ongoing

AML/CFT

Anti-Money Laundering

Know Your Customer, transaction monitoring, suspicious transaction reporting, and sanctions screening requirements under BFIU directives.

AegisWenme
View solution
Compliance bundles

Pre-configured stacks. Immediate compliance.

Instead of assembling point solutions, deploy a pre-integrated compliance stack. Each product is already connected to the others.

BB Compliance Suite

Core compliance stack covering authentication, authorization, and fraud detection. Meets Partner Network, Cyber Security Framework, and ICT Security requirements.

WenmeIdentity & MFA

OAuth 2.1 + PKCE, WebAuthn/FIDO2, passwordless

DarwanAuthorization & Audit

42 endpoints, RBAC + ABAC, SoD, audit trails

AegisFraud Detection & SIEM

3-layer AI cascade, 80+ rules, sub-50ms scoring

Covers
Partner NetworkCyber Security FrameworkICT Security v4.0

Digital Bank Stack

Full technology stack for banks undertaking digital transformation while meeting all regulatory requirements simultaneously.

Wenme + Darwan + AegisSecurity Layer

Authentication, authorization, fraud detection

BitsPathCommunications

72-hour incident reporting, customer notifications

LoneSock Pay + IntraPayPayments

Bangla QR, domestic switching, payment processing

Professional VaultData Protection

Encrypted storage, data localization, PDPO compliance

Covers
All BB regulationsPDPO 2025Bangla QRAML/CFT
Request compliance bundle assessment
Infrastructure

Data sovereignty is not optional.

PDPO 2025 mandates data localization. Bangladesh Bank requires domestic data processing. KaritKarma operates a Tier-3 data center as an APNIC member -- all compliance data stays in Bangladesh on hardware we physically own.

AS 64005
Autonomous System
APNIC registered
Tier-3
Data Center
99.99% uptime
IPv4/v6
Dedicated IP Blocks
Not shared hosting
15+
Years Operating
Since 2010

Data stays in Bangladesh

Authentication logs, authorization decisions, audit trails, fraud detection data, and customer PII -- all stored in Bangladesh on KaritKarma-owned infrastructure. Meets both PDPO 2025 data localization and Bangladesh Bank data sovereignty requirements.

Dhaka DCAPNIC memberOwn hardwarePDPO compliant
Frequently asked questions

Bangladesh Bank compliance questions

What Bangladesh Bank compliance deadlines are coming in 2026-2027?
There are four major Bangladesh Bank compliance deadlines approaching: (1) Bangla QR mandatory adoption -- June 30, 2026, with criminal penalties of BDT 30 lakh fine and up to 3 years imprisonment; (2) BB Cyber Security Framework v1.0 -- December 31, 2026, mandatory for all banks and financial institutions; (3) BB Partner Network (BRPD-2 No-01) -- December 31, 2026, mandatory for 61 banks and 100+ organizations; (4) PDPO 2025 (Personal Data Protection Ordinance) -- enforcement expected May 2027, applicable to all organizations processing personal data in Bangladesh.
How can KaritKarma help with Bangladesh Bank regulatory compliance?
KaritKarma provides turnkey compliance solutions mapping directly to Bangladesh Bank regulatory requirements. The BB Compliance Suite includes Wenme (identity and authentication -- meets MFA, OAuth 2.1, WebAuthn requirements), Darwan (authorization and access control -- meets RBAC, separation of duties, audit trail requirements), and Aegis (AI fraud detection -- meets SIEM, monitoring, incident reporting requirements). Additionally, BitsPath provides 72-hour incident notification capability, Professional Vault handles encrypted data storage, and LoneSock Pay with IntraPay address Bangla QR payment requirements.
What are the penalties for non-compliance with Bangladesh Bank regulations?
Penalties vary by regulation. Bangla QR non-compliance carries the strictest penalties: up to BDT 30 lakh (approximately $27,000) fine and imprisonment of up to 3 years under the Payment Systems Act. PDPO 2025 violations carry penalties of 1-5% of annual turnover. Partner Network and Cyber Security Framework non-compliance may result in monetary penalties, restrictions on banking operations, mandatory corrective action plans, and in severe cases, license restrictions from Bangladesh Bank.
Which organizations need to comply with Bangladesh Bank regulations?
The scope varies by regulation: BB Partner Network applies to 61 scheduled banks, NBFIs, MFSPs (bKash, Nagad, Rocket), PSPs, and IT vendors -- over 100 organizations. The Cyber Security Framework applies to all banks, NBFIs, MFSPs, and PSOs. Bangla QR applies to all payment service providers, banks, and MFS operators. PDPO 2025 applies to ALL organizations (not just financial) processing personal data of Bangladesh citizens. Combined, these regulations affect 150+ institutions directly.
Time is running out

3 deadlines in 2026. Are you ready?

Bangla QR criminal penalties start June 30. Cyber Security Framework and Partner Network deadlines follow December 31. KaritKarma's compliance team is ready to assess your gaps and deliver solutions.

Schedule compliance assessmentView fintech solutions