OM-3.1 OM-3.1 Board and Management Oversight
OM-3.1.1
This section sets out the requirements related to systems risk management and controls relevant to services offered through electronic banking activities and electronic funds transfer. Such services are prone to technical complexity, operational and security issues.
Added: January 2020OM-3.1.2
The Board of Directors, or a designated Board Committee and
senior management must establish effective management oversight over the risks associated with activities involving e-banking and electronic funds transfer. The licensee must establish policies and procedures to manage these risks which include but are not be limited to the following:(a) The development and/or acquisition of the technology solutions;(b) Testing of application program interfaces;(c) Standards of communication and access and security of communication sessions, such as PCI-DSS compliance for cards;(d) Authentication of the users;(e) Processes and measures that protectcustomer data confidentiality consistent with Law No. 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018;(f) The use of enhanced fraud monitoring of movements in customers’ accounts to guard against electronic frauds using various tools and measures, such as limits on value, volume and velocity; and(g) Security policy and risk management controls.Amended: January 2021
Added: January 2020OM-3.1.3
The Board of Directors and
senior management must ensure they possess the required competence, experience and skills to oversee, review and approve the key aspects of the licensee's security control process.Added: January 2020OM-3.1.4
The Board of Directors and
senior management must establish a comprehensive and ongoing due diligence and oversight process for managing the licensee's outsourcing relationships and other third-party dependencies supporting e-banking.Added: January 2020
