Andrii Borenkov, CFA
Partner, Head of Advisory
Non-bank financial service providers are required to align their information security and cybersecurity systems with the requirements of Resolution No. 143 of the Board of the National Bank of Ukraine. Failure to comply with these requirements creates significant regulatory, operational and reputational risks, and increases the likelihood of observations during regulatory inspections.
BDO in Ukraine provides professional audit and consulting services to financial service providers regarding compliance with NBU Resolution No. 143 and helps strengthen the overall resilience of organisations against cybersecurity threats.
Who is subject to NBU Resolution No. 143
The Resolution requirements apply to non-bank financial service providers, including:
- insurance companies
- credit unions
- financial companies
- pawnshops.
The Resolution requires entities to bring their operations into compliance with the new information security and cybersecurity requirements within 12 months of its effective date.
Cybersecurity compliance audit under NBU Resolution No. 143 dated 9 December 2025
We conduct an independent assessment of your organisation’s compliance with Resolution No. 143, including:
- organisational model of information security management
- management of cyber risks and information security risks
- access control, authentication and account management
- event logging and monitoring
- network protection and segmentation
- management of information security incidents and cyber incidents
- compliance with requirements for software and hardware.
Audit results under Resolution No. 143
The audit results in a structured report that includes a gap analysis, recommendations and a clear understanding of regulatory risk levels. Each provision of Resolution No. 143 is assessed as “Compliant”, “Partially Compliant”, or “Non-Compliant”. In instances of partial or full non-compliance, practical recommendations are provided to address the identified gaps.
Recommendations and roadmap for enhancing cybersecurity
Based on audit results, BDO in Ukraine provides:
- practical recommendations prioritised by risk
- assistance in developing an implementation plan for cybersecurity measures
- consideration of the scale, complexity of IT infrastructure and client business model
- alignment with leading international practices and information security standards (ISO/IEC 27001, 27002, CIS 18 Critical Security Controls).
Cybersecurity documentation consulting
BDO in Ukraine provides advice and support to clients in developing and updating internal documents required under Resolution No. 143, including:
- information security and cybersecurity policies and regulations
- methodologies for managing cyber risks
- access rights management rules
- incident response plans for cybersecurity and information security incidents
- business continuity requirements.
The documentation is prepared in accordance with NBU regulatory requirements and practical applicability in daily operations.
Why BDO in Ukraine is your cybersecurity partner
- deep expertise in financial regulation and IT audit
- experience working with financial service providers in Ukraine
- integration of regulatory, technological and risk-based approaches
- focus not only on compliance but also on real improvement of business cyber resilience.
We help financial service providers confidently meet the requirements of Resolution No. 143, reduce information security risks and prepare for regulatory inspections.
