The Sacco Societies Regulatory Authority (SASRA) has directed all regulated Savings and Credit Cooperative Organisations (SACCOs) to enhance cybersecurity measures and implement mandatory offline data backups ahead of the Easter holiday period.

In a statement issued on Wednesday, April 1, 2026, the regulator warned that long weekends and public holidays often present heightened risks of cyberattacks, prompting the need for increased vigilance across the sector.

SASRA noted that reduced staffing levels and increased reliance on digital financial services during holidays make SACCO systems more vulnerable to cyber threats.

“The Authority has directed all regulated SACCOs to strengthen their preparedness, especially during long weekends and public holidays, when cyber threats are more likely to occur,” SASRA stated.

To mitigate these risks, the Authority has instructed SACCOs to adopt stricter safeguards to protect member funds and sensitive financial data.

Among the measures announced, SACCOs are now required to maintain mandatory offline backups of all critical data and records. This is aimed at ensuring business continuity in the event of cyber breaches, system failures, or data loss.

Additionally, institutions have been directed to enhance real-time monitoring of their systems and digital service channels, including mobile banking platforms and online transaction systems.

SASRA emphasised that the directive is part of its broader strategy to safeguard the integrity of the cooperative financial sector, which serves millions of Kenyans.

“The key requirements are: A mandatory offline backup of critical SACCO data and records. Enhanced cyber security monitoring of systems and digital service channels,” the statement reads.

The regulator added that the move is intended to ensure a secure, stable, and trusted SACCO sector, while protecting members from potential financial losses.

“This is part of the Authority’s ongoing commitment to a secure, stable, and trusted SACCO sector,” the regulator stated.

The directive comes amid rising concerns over cybercrime targeting financial institutions, with hackers increasingly exploiting periods of reduced oversight to launch attacks.

SASRA has urged SACCOs to fully comply with the new requirements and continuously review their cybersecurity frameworks to stay ahead of emerging threats.

As Kenyans prepare for the Easter holiday, the regulator’s move signals a proactive effort to prevent disruptions and maintain confidence in the SACCO sector, which remains a critical pillar of the country’s financial ecosystem.