Back Custom print Link Text Only Rich Text Print

  • OM-6.4 OM-6.4 ATM Security Measures: Physical Security for Retail Banks

    • Implementation

      • OM-6.4.1

        The requirements in this Section must be complied with in full by 31st March 2017. Failure to comply with any of these requirements will trigger a supervisory response, which may include formal enforcement measures, as set out in Module EN (Enforcement).

        Added: April 2016

    • Record Keeping

      • OM-6.4.2

        Banks must record the details of the site risk assessments and retain such records for a period of five years from the date of the ATM installation, or whatever other period required by the Ministry of the Interior or the CBB from time to time, whichever is the longer.

        Added: April 2016

    • Installation of an Off-site ATM in Bahrain

      • OM-6.4.3

        Applications for the installation of off-site ATMs must be sent in writing, and in accordance with the requirements set out in Paragraphs OM-6.4.6 to Paragraphs OM-6.4.12 to the Supervisory Point of Contact (SPoC), at the CBB.

        Amended: October 2016
        Added: April 2016

      • OM-6.4.4

        The purpose of the content of Paragraphs OM-6.4.5 to OM-6.4.12 is to set out the minimum criteria to be followed by banks for the installation and usage of off-site ATMs in the Kingdom of Bahrain.

        Amended: October 2016
        Added: April 2016

    • General Criteria

      • OM-6.4.5

        The ownership and operations of any off-site ATMs is subject to the prior written approval of the CBB and must comply with the Rules outlined in Paragraph OM-6.4.6.

        Amended: October 2016
        Added: April 2016

      • OM-6.4.6

        Off-site ATMs must be owned either individually or jointly by banks or ancillary service providers which are members of the BENEFIT Switch. Each relevant owning bank must already have linked its ATM capability to the BENEFIT Switch prior to requesting the CBB's permission to install an off-site ATM and, furthermore, must conform to the general standards set by the Benefit Company from time to time or the ancillary service provider licensed by the CBB.

        Amended: October 2017
        Added: April 2016

      • OM-6.4.7

        Banks must bear full legal responsibility for their respective off-site ATMs, as well as all costs associated with such ATMs (including, but not limited to, cash replenishment, installation, security etc.).

        Added: April 2016

      • OM-6.4.8

        Banks wishing to install an off-site ATM must submit an application (in writing) for the CBB's approval (see Paragraph BR-5.3.3). A copy of the written permission (for installation of that off-site ATM) of the legal owner of the proposed location must be provided to the CBB, as well as a copy of the written permission of any other relevant authorities in this context (e.g. the Ministry of Interior).

        Added: April 2016

      • OM-6.4.9

        The CBB will consider applications on a 'first come, first served' basis for a particular location. If more than one application is received to install an off-site ATM in the same location, the number of such applications which are approved will depend upon whether the location appears to the CBB to be capable of sustaining multiple off-site ATMs subject to the exact details of each individual application regarding security being acceptable to the CBB.

        Added: April 2016

      • OM-6.4.10

        Each application will be assessed on its individual merits, and at the CBB's sole discretion, taking into account factors which the CBB considers relevant including, but not limited to:

        (a) The suitability of the location in question;
        (b) The level of overall activities of the applicant in the market as well as the size and make-up of its customer base; and
        (c) The type and range of facilities which the applicant proposes offering through the off-site ATM at the location in question.
        Added: April 2016

      • OM-6.4.11

        In addition to the information required by the CBB under Paragraph OM-6.4.8, the CBB may require further information/clarification to be provided to it before it takes a decision regarding the application. The CBB's decision in this regard will be notified to each relevant applicant bank in writing.

        Added: April 2016

      • OM-6.4.12

        A bank must request in writing the CBB's permission to close any of its off-site ATMs.

        Added: April 2016

      • OM-6.4.13

        The CBB may, at its sole discretion, require an off-site ATM to be closed and decommissioned at any time.

        Added: April 2016

    • ATM Alarms

      • OM-6.4.14

        In addition to alarming the premises, banks must alarm the ATM itself, in a way which activates audibly when the ATM is under attack. The system must be monitored by remote signaling to an appropriate local police response designated by the Ministry of the Interior. Banks must consider the following:

        (a) The design of the system must ensure that the ATM has a panic alarm installed;
        (b) The design of the system must give an immediate, system controlled warning of an attack on the ATM, and all ATMs must be fitted with fully operational fraud detection and inhibiting devices;
        (c) A maintenance record must be kept for the alarm detection system and routine maintenance must be conducted in accordance with at least the manufacturer's recommendations. The minimum must be two planned maintenance visits and tests every 6 months; and
        (d) The alarm system must be monitored from an ARC 24 hours daily. It must automatically generate an alarm signal if the telephone/internet line fails or is cut.
        Added: April 2016

    • Closed-circuit Television (CCTV)

      • OM-6.4.15

        Banks must ensure that ATMs are equipped with Closed-circuit television (CCTV). The location of camera installation must be carefully chosen to ensure that images of the ATM are recorded, however keypad entry are not recorded. The camera must support the detection of the attachment of alien devices to the fascia (external body) and possess the ability to generate an alarm for remote monitoring if the camera is blocked or otherwise disabled.

        Added: April 2016

      • OM-6.4.15A

        For the purposes of Paragraph OM-6.4.15, the location of camera installation in drive-thru ATMs must be carefully chosen to ensure that the images of the vehicle number plates are clearly captured at both daytime and nighttime.

        Added: October 2018

      • OM-6.4.16

        As a minimum, CCTV activity must be recorded (preferably in digital format) and, where risk dictates, remotely monitored by a third party ARC.

        Added: April 2016

      • OM-6.4.17

        When an ATM is located in an area where a public CCTV system operates, the deployer or agent must liaise with the agency responsible for the CCTV system to include the ATM site in any preset automatic camera settings or to request regular sweeps of the site. The CCTV system must not be able to view the ATM keypad thereby preventing observation of PIN entry.

        Added: April 2016

      • OM-6.4.18

        Banks must ensure that the specifications of CCTV cameras meet the following minimum requirements:

        (a) Analogue Cameras:
        Resolution — Minimum 700 TVL
        Lens — Vari-focal lenses from 2.8 to 12mm
        Sensitivity — Minimum 0.5 Luminance (Lux) without Infrared (IR), 0 Lux with IR
        IR — At least 10 to 20 meters (Camera that detects motion)
        (b) IP Cameras:
        Resolution — 2 MP — 1080 p
        Lens — Vari-focal lenses from 2.8 to 12mm
        Sensitivity — Minimum 0.5 Lux without IR, 0 Lux with IR
        IR — At least 10 to 20 meters
        Added: April 2016

      • OM-6.4.19

        Banks must ensure that the following network requirements are met for connecting the Banks CCTV system to MOI Control room:

        (a) The minimum speed of the upload should be 2 Mbps for each node (ATM's and branches);
        (b) Speed/storage limit threshold must not be applied in a manner which permits a network delay; and
        (c) Access must be restricted to authorised personnel.
        Added: April 2016

    • ATM Lighting

      • OM-6.4.20

        Banks must ensure that adequate and effective lighting is operational at all times within the ATM environment. The standard of the proposed lighting must be agreed with the Ministry of the Interior and other relevant authorities, and tested at least once every three months to ensure that the lighting is in good working order.

        Added: April 2016

      • OM-6.4.20A

        Banks must ensure that adequate and effective lighting is operational within drive-thru ATMs to enable the CCTV cameras to capture the vehicle number plates at both daytime and nighttime.

        Added: October 2018

      • OM-6.4.21

        This Paragraph was deleted in July 2017.

        Deleted: July 2017
        Added: April 2016

    • Deleted

      Deleted: April 2017

      • OM-6.4.22

        This Paragraph was deleted in April 2017.

        Deleted: April 2017
        Added: April 2016

      • OM-6.4.23

        This Paragraph was deleted in April 2017.

        Deleted: April 2017
        Added: April 2016

    • Fire Alarm

      • OM-6.4.24

        Banks must ensure that effective fire alarm and fire defense measures, such as a sprinkler, are installed and functioning for all ATMs. These alarms must be linked to the "General Directorate of Civil Defense" in Bahrain.

        Added: April 2016

    • Cash Replenishment

      • OM-6.4.25

        All cash movements between branches, to and from the CBB and to off-site ATMs must be performed by specialised service providers.

        Added: April 2016

    • ATM Service/ Maintenance

      • OM-6.4.26

        Banks must maintain a list of all maintenance, replenishment and inspection visits by staff or other authorised parties.

        Added: April 2016