Document from CIS Legislation database © 2003-2019 SojuzPravoInform LLC

INFORMATION OF CENTRAL BANK OF THE RUSSIAN FEDERATION

Answers to the standard questions connected with realization of the Provision of the Bank of Russia of June 9, 2012 No. 382-P "About requirements to ensuring information security when implementing money transfers and about procedure the Bank of Russia of control of observance of requirements to ensuring information security when implementing money transfers

1. Question: By what Federal Laws, regulations members of national payment service provider should be guided in case of personal data protection when implementing money transfers?

Answer: Requirements to personal data protection when implementing money transfers are established by the Federal Law of July 27, 2006 No. 152-FZ now "About personal data", the Order of the Government of the Russian Federation of November 1, 2012 No. 1119 "About approval of requirements to personal data protection in case of their processing in information systems of personal data", and also the Provision of the Bank of Russia of June 9, 2012 No. 382-P "About requirements to ensuring information security when implementing money transfers and about procedure the Bank of Russia of control of observance of requirements to ensuring information security when implementing money transfers" (further - the Provision No. 382-P).

Please note that now the formation of the regulatory base provided by the Federal Law of July 27, 2006 No. 152-FZ "About personal data" as the Federal Security Service of the Russian Federation and the Federal Service for Technical and Export Control do not approve all documents, stipulated in Article the 19th this law is not completed.

2. Question: How the Order of the Government of the Russian Federation of June 13, 2012 No. 584 and the Provision No. 382-P correspond?

Answer: According to part 1 of article 27 of the Federal Law of June 27, 2011 No. 161-FZ "About national payment system" (further - the Federal Law No. 161-FZ) the Order of the Government of the Russian Federation of June 13, 2012 No. 584 "Regulations on information security in payment system" regulates general questions of information security. According to part 3 of the Federal Law No. 161-FZ Provision No. 382-P establishes requirements to information security when implementing money transfers.

3. Question: Whether the credit institution in all cases, even shall in case of detection of insignificance of certain risk by it according to the existing techniques, to take the measures provided by the Provision No. 382-P?

Answer: The provision No. 382-P establishes requirements according to which operators on money transfer, bank payment agents (subagents), operators of payment service providers, operators of services of payment infrastructure provide information security when implementing money transfers. Accomplishment of these requirements is provided, including the choice of organizational measures and technical means of information security.

The requirements to ensuring information security when implementing money transfers established by the Provision No. 382-P are mandatory, at the same time the operator can consider results of risks assessment in case of the choice of organizational measures and technical means of information security.

4. Question: Whether information containing in the customer notification about making of each transaction with use of electronic instrument of payment and in the check of the ATM belongs to information on committed money transfers protected according to the Provision No. 382-P (including information containing in notices (confirmations) concerning acceptance to execution of orders of members of payment service provider)?

Answer: Information containing in the customer notification about making of transactions with use of electronic instrument of payment and also information on money transfers printed on the check of the ATM belongs to information on committed money transfers.

Please note that the operator on money transfer does not bear responsibility for ensuring information security during the processing, the storage and other actions made by the client with the protected information transferred to it.

5. Question: Whether it is required from the operator on money transfer who is the client of the Bank of Russia, simultaneous execution of the requirements to information security established by the agreement on exchange of electronic messages signed between the Bank of Russia and the client of the Bank of Russia, and requirements to information security when implementing the money transfers established by the Provision No. 382-P?

Answer: The operator on money transfer who is the client of the Bank of Russia when implementing money transfers with use of payment system of the Bank of Russia shall perform both requirements of the Provision No. 382-P, and the requirements to information security established by the agreement on exchange of electronic messages in case of money transfer within payment system of the Bank of Russia.

6. Question: In what procedure in what form and with what frequency the operator on money transfer shall inform clients on various threats and risks, and also on measures of their neutralization?

Answer: The operator on money transfer independently makes decisions concerning procedure, forms, frequency of bringing to clients of information according to subitems 2.7. 2, 2.8.2, 2.12.3 Items 2. 7, 2.8 and 2.12, respectively, Provisions No. 382-P, in particular, depending on features of client base (physical persons or legal entities, features and scale of work with clients, etc.) and features of implementation of money transfers by clients (uses of electronic instruments of payment, different types of access to services of bank, etc.).

7. Question: Whether the operator needs to notify on money transfer the operator of payment system on incidents (in particular, on detection of malicious code) if the operator of payment system did not establish procedure, form and terms of such notification? Whether the operator on money transfer shall inform each of operators of payment system on detection of malicious code?

Answer: According to subitem 2.13.1 of Item 2.13 of the Provision No. 382-P the operator of payment system shall determine procedure, form and terms of informing by his operator by money transfer. Otherwise the fact of violation of requirements of the Provision No. 382-P takes place.

Full text available with active License only!

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 38000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.