Back Custom print Link Text Only Rich Text Print

  • OM-3.1 OM-3.1 Electronic Financial Services

    • OM-3.1.1

      As the Board of Directors and senior management should take an explicit, informed and documented strategic decision as to whether and how the licensee is to provide electronic financial services. The initial decision should include the specific accountabilities, policies and controls to address risks, including those arising in a cross-border context.

      January 2014

    • OM-3.1.2

      Effective management oversight should include the review and approval of the key aspects of the licensee's security control process, such as the development and maintenance of a security control infrastructure that properly safeguards the electronic financial systems and data from both internal and external threats. The review should also include a comprehensive process for managing risks associated with increased complexity of and increasing reliance on outsourcing relationships and third-party dependencies to perform electronic financing functions.

      January 2014

    • OM-3.1.3

      Senior management should ensure that appropriate security control processes are in place for electronic financing. Such processes should include establishing appropriate authorisation privileges and authentication measures, logical and physical access controls, adequate infrastructure security to maintain appropriate boundaries and restrictions on both internal and external user activities and data integrity of transactions, records and information.

      January 2014

    • OM-3.1.4

      The existence of clear audit trails for all electronic financing transactions should be ensured and measures to preserve confidentiality of key electronic financing information should be appropriate with the sensitivity of such information.

      January 2014

    • OM-3.1.5

      To protect licensees against business, legal and reputation risk, electronic financial services should be delivered on a consistent and timely basis in accordance with high customer expectations for constant and rapid availability and potentially high transaction demand. Licensees should have the ability to deliver electronic financing services to all end-users and be able to maintain such availability in all circumstances.

      January 2014

    • OM-3.1.6

      Licensees should develop appropriate incident response plans, including communication strategies that ensure business continuity, control reputation risk and limit liability associated with disruptions in their electronic financing services.

      January 2014

    • OM-3.1.7

      Licensees must implement enhanced fraud monitoring of movements in customers’ accounts to guard against electronic frauds using various tools and measures, such as limits in value, volume and velocity.

      Added: January 2021

    • OM-3.1.8

      Licensees must have in place customer awareness communications, pre and post onboarding process, using video calls, short videos or pop-up messages, to alert and warn natural persons using online channels or applications about the risk of electronic frauds, and emphasise the need to secure their personal credentials and not share them with anyone, online or offline.

      Added: January 2021