CBR Enforces Stricter Data Protection Policy for Banks

UrBC, Moscow, May 23, 2019. The Central Bank of Russia recently made its data protection policy for banks even stricter, the CBR’s press service reports.

The CBR’s new regulations make it obligatory for the banks to ensure information security for the following transactions:

— collecting money from natural persons and legal entities to put in bank deposits;

— depositing the funds in question within the banking system;

— opening and administration of natural persons’ and legal entities’ bank accounts.

Russian banks only used to be obliged to ensure information security for money transfers.

The requirements will be the strictest for the key national banks, the banks that provide the payment infrastructure for the most important payment systems, and for other large payment service market players. The rest of the banks will only have to meet standard requirements, the CBR states.

The bank also explains that if a bank should change its status at some point, so that it will have to meet the new IT security requirements, the bank will have eighteen months at the most to bring its operations in compliance with the regulations.

The bank’s new regulations dwell on the data protection requirements for IT infrastructure components, software, and data-processing technologies.


Other materials on the topic::