| Ministry/Division |
: |
Ministry of Finance |
| Agency |
: |
Bangladesh Bank |
| Procuring Entity Name |
: |
Financial Sector Support and Strategic Planning Department |
| Procuring Entity Code |
: |
S-2_PPA_FSSP-II |
| Procuring Entity District |
: |
Dhaka |
| Expression of Interest for Selection of |
: |
Consulting Firm (International) (Time-Based) |
| Title Of Service |
: |
International Consulting Firm: ICT Security Audit, Gap Assessment and Recommendations for Strengthening ICT Infrastructure and Systems. |
| EOI Ref. No. |
: |
S-2_PPA_FSSP-II |
| Date |
: |
02/11/2025 |
KEY INFORMATION
|
| Procurement Sub-Method |
: |
Quality and Cost Based Selection(QCBS) |
FUNDING INFORMATION
|
| Budget and Source of Funds |
: |
Development Budget Loan |
| Development Partners |
: |
World Bank |
PARTICULAR INFORMATION
|
| Project/Programme Name |
: |
|
| EOI Closing Date and Time |
: |
23/11/2025 6:00 PM
|
| Publication Date |
: |
02/11/2025
|
INFORMATION FOR APPLICANT
|
| Brief Description of Assignment |
: |
01. Background
Bangladesh Bank (BB), as the central bank of Bangladesh, carries the critical mandate of maintaining financial stability and regulating the banking sector of the country. In an era marked by rapid technological advancements, the growing influence of FinTech, escalating cyber security threats, and increasingly stringent regulatory requirements, a resilient and future-ready Information and Communication Technologies (ICT) infrastructure has become indispensable to ensure security, operational efficiency, and compliance with international financial standards.
To address these challenges, BB has launched the Financial Sector Support Project-II (FSSP-II), with support from the World Bank. A key objective of the project is to modernize and automate BB’s business processes, strengthen its institutional capacity, and assist banks and non-banking financial institutions (NBFIs) in leveraging ICT to improve efficiency, enhance enterprise risk management, and reinforce regulatory and policy frameworks. By doing so, the initiative seeks to build a robust financial safety net and strengthen regulatory oversight in line with global best practices.
Under the PPA of the proposed FSSP-II, BB intends to engage an international consulting firm to conduct a comprehensive ICT security audit and gap assessment of BB’s existing ICT infrastructure and systems. The primary objective of this engagement is to identify vulnerabilities across network security, data management, financial technologies, and regulatory compliance, and to develop actionable recommendations for strengthening the overall ICT systems.
Based on the findings of the comprehensive ICT audit, the consulting firm will propose a structured IT strategy and implementation plan focused on three key areas: enhanced cyber security, improved operational efficiency, and stronger regulatory/supervisory compliance. This will include modernization of core IT systems, adoption of advanced cyber security frameworks, and integration of supervisory and regulatory technologies (SupTech and RegTech). By adopting cutting-edge financial technologies and bolstering cyber resilience, BB aims to establish a future-proof, scalable, and efficient digital banking ecosystem.
This transformation will not only safeguard against emerging risks but also position BB and the broader financial sector of the country to meet evolving demands while ensuring compliance with international regulatory standards.
02. Functions and Responsibilities
The broad scope of consulting services (“the Services”) includes carrying out the following under the project:
a) Conduct a detailed ICT infrastructure and systems audit, perform a gap analysis, and prepare recommendations;
b) Assess the ICT infrastructure, prepare a needs assessment report, and propose an ICT strategy and implementation plan;
c) Prepare an ICT resource plan and skill development plan;
d) Ensure comprehensive coverage of information and cyber security aspects. |
| Experience, Resources and Delivery Capacity Required |
: |
03. Commencement and Duration
The expected commencement of the Services is in 2026, and the tentative duration of the entire assignment is approximately six (6) months from the commencement date.
Bangladesh Bank now invites eligible Consulting Firms to indicate their interest in providing the Services. Interested firms should provide information demonstrating their qualifications and relevant experience to perform the assignment.
The short listing criteria are:
(i) Legal Status and Experience
a) The consulting firm must be a legally registered entity with a minimum of ten (10) years of verifiable experience, including at least five (5) years of specific experience in providing professional consulting services in ICT governance and strategy, enterprise architecture, cyber security, ICT risk management, and large-scale ICT transformation projects in the financial sector, central banks, or regulatory authorities.
b) In the case of a Joint Venture (JV) or consortium, each participating member must have at least five (5) years of relevant experience as specified above.
c) All legal documents establishing the JV/consortium, including notarized agreements, must be submitted with the proposal.
(ii) Relevant Sector Experience
a) The firm must have successfully completed at least two (2) ICT consulting assignments in the past ten (10) years of comparable scope, scale, and complexity for central banks, banking regulatory authorities, state-owned commercial banks, or multilateral financial institutions. At least one contract must have been completed within the last five (5) years. Of these, at least one contract must have been executed outside the consultant’s home country.
b) Each referenced assignment must include core components such as ICT governance, cyber security audit, infrastructure and application security review, digital transformation strategy, or enterprise IT architecture review.
c) Assignments funded by the World Bank or other international donors will receive preference.
(iii) Financial Capacity
a) Audited financial statements for each of the last five (5) years, along with a summary turnover sheet certified by a registered auditor, must be submitted to demonstrate financial stability.
(iv) Technical Capacity and Track Record
a) The firm must demonstrate its ability to deploy multidisciplinary teams with internationally qualified professionals across ICT strategy, cyber security, governance, procurement, and risk domains.
b) Firms holding industry-recognized certifications such as ISO 27001 (Information Security Management), ISO 20000 (IT Service Management), CMMI Level 3+, or equivalent will receive favorable consideration.
c) Team members holding relevant professional certifications such as CISA, CISSP, CISM, PMP, TOGAF, ITIL, COBIT, CCNA, CCNP, CCI, OCP, etc. will also receive favorable consideration. |
| Other Details (if applicable) |
: |
04. Conflict of Interest
The attention of interested consultants is drawn to Section III, Paragraphs 3.14, 3.16, 3.17, 7.3 of the World Bank’s Procurement Regulations for IPF Borrowers, February 2025, which set forth the World Bank’s policy on conflict of interest.
Consulting firms may submit Expressions of Interest (EOIs) individually or in association with other firms to enhance their qualifications. Such associations may take the form of:
a) Joint Ventures (JV): All members of the JV shall be jointly and severally responsible for the entire assignment; or
b) Sub-consultants: The lead consultant shall remain fully responsible, including for the services of its sub-consultants.
In the case of associations, consultants must explain in their EOI submission:
a) The rationale for forming the association; and
b) The anticipated role and relevant qualifications of each JV member and/or sub-consultant.
Failure to provide this explanation may result in the association not being shortlisted. To maintain efficiency, it is preferable to limit associations to a maximum of three (3) firms. However, the qualifications and experience of sub-consultants will not be considered for short listing purposes.
05. Selection Method
A Consultancy Firm will be selected in accordance with the ‘Quality and Cost Based Selection’ (QCBS) method of the World Bank Group set out in the Procurement Regulations which will also follow open International competitive process.
06. Information and Submission
Further information can be obtained at the address below during office hours (10:00 AM to 18:00 PM BST). The detailed Terms of Reference (ToR) for the assignment can be downloaded from www.bb.org.bd or www.worldbank.org website or can be obtained upon request from the address below either by e-mail or in person during the office hours (Local Time: 10:00 to 16:00 hours).
Expression of Interest must be delivered in a written form to the address below (in person, or by mail, or by e-mail) by 18:00 PM (BST) of 23 November, 2025.
The client will not be responsible for any expenses incurred by the firm(s) in connection with the preparation or delivery of the EOI.
The Procuring Entity (PE) reserves the right to accept or reject any or all EOIs without assigning any reason whatsoever. |
| Association with foreign firms is |
: |
Encouraged |
| Eoi Detail Information |
|---|
| Ref No |
Phasing Of Services |
Location |
Start Date |
Completion Date |
| S-2_PPA_FSSP-II |
a) Conduct a detailed ICT infrastructure and systems audit, perform a gap analysis, and prepare recommendations; |
Dhaka |
Duration: 06 Months |
Duration: 06 Months |
| S-2_PPA_FSSP-II |
b) Assess the ICT infrastructure, prepare a needs assessment report, and propose an ICT strategy and implementation plan; |
Dhaka |
Duration: 06 Months |
Duration: 06 Months |
| S-2_PPA_FSSP-II |
c) Prepare an ICT resource plan and skill development plan; |
Dhaka |
Duration: 06 Months |
Duration: 06 Months |
| S-2_PPA_FSSP-II |
d) Ensure comprehensive coverage of information and cyber security aspects. |
Dhaka |
Duration: 06 Months |
Duration: 06 Months |
|
PROCURING ENTITY DETAILS
|
| Name of Official Inviting EOI |
: |
Md. Ashraful Alam |
| Designation of Official Inviting EOI |
: |
Executive Director & Project Director (PPA under FSSP-II) |
| Address of Official Inviting EOI |
: |
Bangladesh Bank, Head Office, Motijheel, Dhaka-1000, Bangladesh. |
| Contact details of Official Inviting EOI |
: |
Phone : Phone: +88-02-9530537, IP Phone: +88-02-55665001-6, Ext- 20030, Fax : , Email : mashraful.alam@bb.org.bd |
| The procuring entity reserves the right to accept or reject all tenders |
