Back Custom print Link Text Only Rich Text Print

  • OM-A.2 OM-A.2 Module History

    • OM-A.2.1

      This Module was first issued in January 2014 by the CBB. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG 3 provides further details on Rulebook maintenance and version control.

      January 2014

    • OM-A.2.2

      The most recent changes made to this Module are detailed in the table below:

      Summary of Changes

      Module Ref. Change Date Description of Changes
      OM-2.9 07/2016 Added new Section dealing with outsourcing of functions containing customer information.
      OM-4.9 10/2016 Added new Section on Cyber Security Risk Management
      OM-5.3 10/2016 Added new Section on Cyber Security Measures
      OM-2.9.2 01/2017 Amended Paragraph on customer information
      OM-5.1.19 & OM-5.1.19A 01/2017 Added Paragraphs on PCI-DSS certification.
      OM-5.1.20 04/2017 Added a Paragraph on Geolocation Limitation
      OM-5.1.20A 07/2017 Added new paragraph on Prohibition of Double Swiping.
      OM-5.1.20B 07/2017 Added new paragraph on Prohibition of Double Swiping.
      OM-5.1.20C 07/2017 Added new paragraph on Prohibition of Double Swiping.
      OM-5.1.20D 07/2017 Added new paragraph on Prohibition of Double Swiping.
      OM-5.1.20E 07/2017 Added new paragraph on Prohibition of Double Swiping.
      OM-2.1.2 10/2017 Amended Paragraph on outsourcing, to allow the utilization of cloud services and customer call centres.
      OM-2.1.4 10/2017 Added a new Paragraph on outsourcing.
      OM-2.1.5 10/2017 Added a new Paragraph on outsourcing.
      OM-2.3.1 10/2017 Amended Paragraph.
      OM-2.3.6 10/2017 Amended Paragraph.
      OM-2.3.7 10/2017 Amended Paragraph.
      OM-2.4.2 10/2017 Amended Paragraph.
      OM-2.4.3 10/2017 Deleted Paragraph.
      OM-2.4.5 10/2017 Amended Paragraph.
      OM-2.5.1(a) 10/2017 Amended sub-sub-paragraph no. (5).
      OM-2.5.1(c) 10/2017 Amended sub-sub-paragraphs no. (2) and (3).
      OM-2.5.1(e) 10/2017 Amended sub-sub-paragraph no. (3).
      OM-2.8.3 10/2017 Amended Paragraph.
      OM-2.9.1 10/2017 Amended Paragraph.
      OM-2.9.4(b) 10/2017 Amended sub-paragraph.
      OM-2.9.4(c) 10/2017 Amended sub-paragraph.
      OM-2.9.4(d) 10/2017 Deleted sub-paragraph.
      OM-2.9.5 10/2017 Deleted paragraph.
      OM-2.9.6 10/2017 Added a new paragraph for security measures related to cloud services.
      OM-5.1.20AA 04/2018 Added a new Paragraph on card (EMV) compliance.
      OM-5.1.20BB 04/2018 Added a new Paragraph on provision of cash withdrawal and payment services through various channels.
      OM-2.9.2 07/2018 Amended Paragraph to include call centres.
      OM-2.9.2A 07/2018 Added new Paragraph on customer notification.
      OM-5.1.21 & OM-5.1.22 10/2019 Added new Paragraphs on Contactless Payment Transactions.
      OM-5.1.20AAA 07/2020 Added a new Paragraph on contactless payment.
      OM-2.9.4 01/2021 Deleted sub-paragraph (a).
      OM-3.1.7 01/2021 Added a new Paragraph on electronic fraud.
      OM-3.1.8 01/2021 Added a new Paragraph on electronic fraud awareness.
      OM-1.5.7(g) 04/2022 Amended Subparagraph on vacation policy.
      OM-2 07/2022 Replaced Chapter OM-2 with new Outsourcing Requirements.
      OM-3.2 07/2023 Added a new Section on secured customer authentication requirements.

    • Superseded Requirements

      • OM-A.2.3

        This Module supersedes the following provisions contained in circulars or other regulatory requirements:

        Document Ref. Document Subject
        Volumes 1 and 2 Module OM
        EDBS/KH/C/33/2018 Amendments to the Operational Risk Management Module
        Amended: July 2018
        January 2014