of March 14, 2018 No. 47
About approval of Regulations about the minimum requirements for information and communication systems of banks
Based on Art. 38 of the Law on activities of banks No. 202 of October 6, 2017 the Executive committee of National Bank of Moldova DECIDES:
1. Approve Regulations about the minimum requirements for information and communication systems of banks according to appendix.
2. This resolution becomes effective from the date of its publication in the Official monitor of the Republic of Moldova.
3. Banks shall take necessary measures for ensuring compliance with provisions of Chapter II, part 2, of these regulations till January 1, 2019. For this purpose to provide to banks to National Bank of Moldova within two months from the effective date of this decision action plans on achievement of provisions of this Item.
Chairman of Executive committee of National Bank of Moldova
Serdzhiu Chokl
Approved by the Resolution of Executive committee of National Bank of the Republic of Moldova of March 14, 2018, No. 47
1. These regulations are applied to all banks of the Republic of Moldova and departments of the foreign banks opened in the territory of the Republic of Moldova and establish the minimum requirements to information and communication systems of banks.
2. Task of these regulations is providing banks with the corresponding information and communication technologies (further ICT) brought into accord with general business strategy, establishment of adequate internal control processes concerning ICT of bank and the corresponding protection of the ITS systems of banks internal basis of risk management and internal control.
3. The concepts and expressions used in these regulations have the values provided in the Regulations about bases of management of activities of bank approved by the Resolution of Executive committee of National Bank of Moldova No. 146 of June 7 2017, registered in the Ministry of Justice of the Republic of Moldova at No. 1229 of June 14, 2017 (The official monitor of the Republic of Moldova, 2017, No. 201-213, Art. 1183 of 23:06. 17)
4. In addition in these regulations the following determinations are used:
the systems connected with ICT, - ICT adjusted and united in one mechanism or one network which support implementation of transactions of bank;
the services connected with ICT - the services provided by means of the ICT systems to one or several internal or external users;
the systems/services connected with critical ICT - the ICT systems/services which is critical for bank from prospect of their continuity and availability or information security of the processed and/or stored information, and very important for adequate functioning of management processes, critical corporate roles / obligations (including risk management), processes of activities and transactions of bank;
the risk of availability and continuity connected with ICT - risk that the indicators or availability of systems/services and data connected with ICT can be negatively mentioned, including inability to recover processes and services of bank in acceptable time limits;
the risk of safety connected with ICT - risk of unauthorized access to systems/services and data ICT from the outside of or from within bank;
the risk of change connected with ICT - the risk which is result of inability of bank timely and orderly to manage the changes connected with systems and services ICT;
the risk of integrity of data connected with ICT, - risk, that this, stored and/or processed by systems/services ICT, can be incomplete, inexact or inconsistent at the level of the ICT various systems;
the risk connected with outsourcing of ICT - risk that involvement of the third party or other subject, group (intergroup outsourcing) for delivery of the ICT systems or adjacent services, will negatively affect indicators and risk management within bank;
the risk of compliance connected with ICT - risk of violation or discrepancy to the legal base, the agreements recommended to practicians or the ICT ethical standards;
the significant risk connected with ICT - the risk connected with ICT which can negatively affect systems or services of critical ICT;
auditor record - one log entry of audit which describes emergence of one audited event;
the magazine of audit - the chronological sequence of records of audit everyone containing proofs of result of accomplishment of process or function within system;
internal structure of ICT - set of the domestic situations, organizational processes and structures of ICT established within bank which provide the corresponding risk management, connected with ICT, and achievement of tasks on ICT of bank;
profile of risk of ICT - the amount of podverzhennost of bank to the real or potential risks connected with ICT.
5. The bank shall have the strategy of ICT which corresponds and supports general business strategy of bank and which is approved and is monitored by properly governing bodies of bank.
6. The bank takes measures for providing proper internal structure of the ICT which adequately protects the systems and services ICT pro rata to nature, scale and complexity of immanent risks for business model, and the performed activities, and supports implementation of strategy of ICT, and tendency to risk includes also the risks connected with ICT in category of operational risk.
7. The bank shall provide proper organizational structure from the point of view of responsibility on the ICT pro rata to nature, scale and complexity of immanent risks for business model and the performed activities.
8. The bank by establishment of specific control procedures shall provide adequate risk management, connected with ICT, and revealed as considerable and which can negatively affect systems and services of critical ICT.
9. The bank provides determination of roles and responsibility on risk management, connected with ICT, and on collection and combination of information on the risks connected with ICT, submission of reports to governing bodies. These roles are reported responsible and to bank staff is accurate, are allocated and join in internal structure of the organization and the corresponding processes of bank.
10. For risk management processes, connected with ICT, the bank shall provide sufficient financial, human and technical resources, and also other necessary resources which quantitatively and will qualitatively correspond to nature, scale and the complexity of immanent risks for business model and performed by bank of activities.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.