Nabil Bank Invites Bids for Information System Audit Services

1st June 2026, Kathmandu

Nabil Bank Limited has published a Request for Proposal inviting qualified firms and companies to provide Information System Audit Services.

Nabil Bank Invites Bids 

The notice offers an opportunity for experienced audit and cybersecurity consulting firms to participate in one of the leading banking institutions technology risk assessment initiatives.

The RFP was first published on May 27, 2026, and interested bidders are required to submit their proposals by June 26, 2026.

Objective of the RFP

The bank is seeking professional firms with proven expertise in information system audits, cybersecurity assessments, information security reviews, IT risk management, and technology infrastructure audits.

The selected firm will be responsible for conducting a comprehensive audit of the banks information systems in accordance with industry standards and regulatory requirements.

Eligibility Criteria for Bidders

Nabil Bank has outlined several requirements that interested firms must meet before participating in the bidding process.

Registered Firm or Company
We require applicants to be legally registered firms or companies capable of providing professional IS audit services.

Proven Audit Experience
The bidder must have at least three references demonstrating successful execution of Information System Audit assignments.

Qualified Audit Team
The proposed lead auditor and core audit team must possess strong professional qualifications and relevant industry experience.

The lead auditor should have a minimum of seven years of recent experience in information systems auditing, IT risk, or information security. They must also possess experience working with banks, financial institutions, or organizations of similar complexity.

Recognized certifications may include CISA, CISSP, CRISC, COBIT, Security+, ISO/IEC 27001 Lead Auditor, or other equivalent certifications.

Additionally, key team members should have at least five years of relevant technical experience in areas such as IT audit, cybersecurity, infrastructure security, applications, databases, and network security. The bank also expects evidence of ongoing professional education and certification maintenance.

Restrictions on Participation

To ensure transparency and independence, the bank has stated that bidders should not have acted as vendors of IT equipment, software, peripherals, or related services to the bank within the past three years.

Furthermore, applicants must not have been criminally prosecuted, blacklisted, or penalized by any authority for fraud, money laundering, or other prohibited activities.

How to Obtain the RFP Document

Interested companies can obtain the detailed RFP document by submitting a formal request letter alongside proof of payment of the non-refundable application fee.

The application fee has been fixed at NPR 5,000.

Nepal-based companies are required to submit the request physically to the banks Administration Department. Meanwhile, international firms may request the document via email after providing proof of payment.

Proposal Submission Deadline

The completed proposal along with supporting documents must be submitted to the Administration Department, Nabil Bank Limited, Ghantaghar Building, Kathmandu, Nepal.

The strict submission deadline is June 26, 2026, at 4:00 PM. Late submissions will not be accepted under any circumstances.

Important Submission Requirements

The bank has specified that proposal documents must be complete and properly bound. Unbound or loosely compiled submissions may be disqualified from the process. Any incomplete proposal can be rejected without further clarification. These requirements are intended to ensure fairness and consistency throughout the evaluation process.

Bid Opening Details

According to the notice, submitted bids will be opened at Nabil Bank Ltd., Ghantaghar, Kathmandu on June 29, 2026, at 11:00 AM. The absence of bidder representatives during the opening process will not affect the bid opening procedure.

Why Information System Audits Matter

As digital banking continues to expand, Information System Audits have become increasingly important for financial institutions.

These audits help organizations strengthen cybersecurity by identifying vulnerabilities and improving protection against cyber threats. They enhance regulatory compliance by ensuring alignment with banking regulations and international standards.

Additionally, regular assessments improve risk management by evaluating technology-related risks and strengthening internal controls. This process safeguards sensitive financial and personal information from unauthorized access, thereby protecting customer data. For banks, regular IS audits are essential to maintaining trust, operational resilience, and regulatory compliance.

What This Means for Audit and Cybersecurity Firms

The RFP presents a significant opportunity for firms specializing in information security, cybersecurity consulting, IT governance, risk assessment, and technology auditing.

Organizations with strong banking-sector experience and internationally recognized certifications may find this project particularly valuable for expanding their portfolio in Nepals financial services industry.

Final Thoughts

The latest Request for Proposal issued by Nabil Bank reflects the growing importance of technology governance and cybersecurity within the banking sector. By seeking qualified Information System Audit professionals, the bank aims to strengthen its digital infrastructure, enhance security controls, and ensure compliance with industry best practices.

Interested firms should carefully review the eligibility criteria, prepare complete documentation, and submit their proposals before the June 26, 2026 deadline to be considered for this important assignment.

For More: Nabil Bank Invites Bids