OM-A.3.3

The most recent changes made to this Module are detailed in the table below:

Summary of Changes

Module Ref. Change Date Description of Changes
OM-5.1 01/04/05 Physical security measures.
OM-4.2 01/10/05 Succession planning for locally incorporated banks.
OM-5.1 01/10/05 Clarification of security manager role for smaller banks.
OM-B & OM-1.2 01/04/06 Minor amendments concerning roles of Board and management.
OM-5.1.15–OM-5.1.24 01/04/06 New security requirements for ATM security arrangements and reporting of security related complaints.
OM-A.2.1–OM-A.2.6 01/10/07 Purpose (expanded)
OM-A.2.1–OM-A.2.6 01/10/07 Key Requirements (deleted)
OM-2.1–2.2 & 2.4 01/10/07 Relocation of Succession Planning Requirements from OM-4
OM-5.1–OM-5.9 01/10/07 Business Continuity Planning (expanded)
OM-7 01/10/07 Books and Records Chapter transferred from Module GR
OM-8 01/04/08 Basel II Qualitative Operational Risk Requirements
OM 01/2011 Various minor amendments to ensure consistency in CBB Rulebook.
OM-A.1.3 and OM-A.1.4 01/2011 Clarified legal basis.
OM-7.1.4 04/2011 This Paragraph was deleted as Ministerial Order 23 does not apply to CBB licensees.
OM-7.3.4 04/2011 Clarified retention period of records for promotional schemes.
OM 07/2011 Various minor amendments to clarify Rules and have consistent language.
OM-2.4 07/2011 Amended CBB reporting requirements regarding succession planning.
OM-3.1.7 07/2011 Paragraph deleted as no longer applicable since standard conditions and licensing criteria document has now been incorporated as part of Volume 1.
OM-6.2 10/2011 Added new Section on internet security.
OM-7.1.7 10/2011 Corrected typo.
OM-A.1.3 01/2012 Updated legal basis.
OM-2.1.4 01/2012 Corrected cross reference.
OM-3.2.2 04/2012 Deleted last sentence of Paragraph as it repeats the requirement under Paragraph OM-3.3.1
OM-6.2.2 04/2012 Clarified penetration testing interval for internet security.
OM-1.1.4 10/2012 Amended to reflect updated version of Basel Committee document.
OM-3.2.6, OM-5.2.1, OM-5.4.8, OM-8 10/2012 Amended to reflect the Basel June 2011 paper on Principles for the Sound Management of Operational Risk.
OM-6.2 07/2013 Amended reporting requirements related to internet security measures.
OM-6.2.1 10/2013 Amended Rule to apply to all banks.
OM-3.7.2 10/2015 Clarified Rule on internal audit outsourcing.
OM-6 04/2016 Updated ATM security measures for banks.
OM-3.9 07/2016 Added new Section dealing with outsourcing of functions containing customer information.
OM-5.10 10/2016 Added new Section on Cyber Security Risk Management
OM-6.4.3 10/2016 Corrected cross references
OM-6.4.4 10/2016 Corrected cross references
OM-6.4.5 10/2016 Corrected cross references
OM-6.6 10/2016 Added new Section on Cyber Security Measures
OM-3.9.2 01/2017 Amended paragraph on customer information
OM-3.9.6 01/2017 Added new guidance paragraph on customer information
OM-6.4.22 04/2017 ATM requirement on Solid Wall deleted.
OM-6.4.23 04/2017 ATM requirement on Solid Wall deleted.
OM-6.3.1 07/2017 Clarified requirements on compliance date.
OM-6.3.2A 07/2017 Added new paragraph on Prohibition of Double Swiping.
OM-6.3.2B 07/2017 Added new paragraph on Prohibition of Double Swiping.
OM-6.3.2C 07/2017 Added new paragraph on Prohibition of Double Swiping.
OM-6.3.2D 07/2017 Added new paragraph on Prohibition of Double Swiping.
OM-6.3.2E 07/2017 Added new paragraph on Prohibition of Double Swiping.
OM-6.4.21 07/2017 Deleted paragraph.
OM-7.2.1 07/2017 Amended paragraph according to the Legislative Decree No. (28) of 2002.
OM-7.2.2 07/2017 Deleted paragraph.
OM-3.1.2 10/2017 Amended paragraph to allow the utilization of cloud services.
OM-3.1.5A 10/2017 Added a new paragraph on outsourcing requirements.
OM-3.2.3 10/2017 Amended paragraph.
OM-3.3.1 10/2017 Amended paragraph.
OM-3.3.2 10/2017 Amended paragraph.
OM-3.3.3 10/2017 Amended paragraph.
OM-3.3.4 10/2017 Amended paragraph.
OM-3.3.5 10/2017 Added a new paragraph on outsourcing
OM-3.4.2(b) 10/2017 Amended sub-paragraph.
OM-3.4.3 10/2017 Deleted paragraph.
OM-3.4.5 10/2017 Amended paragraph.
OM-3.5.1(a) 10/2017 Amended sub-sub-paragraph no. (5)
OM-3.5.1(c) 10/2017 Amended sub-sub-paragraphs no. (2) and (3).
OM-3.5.1(e) 10/2017 Amended sub-sub-paragraph no. (3).
OM-3.8.3 10/2017 Amended paragraph.
OM-3.9.1 10/2017 Amended paragraph.
OM-3.9.2 10/2017 Amended paragraph on third party outsourcing of functions.
OM-3.9.3 10/2017 Amended paragraph.
OM-3.9.4(b) 10/2017 Amended sub-paragraph.
OM-3.9.4(c) 10/2017 Amended sub-paragraph.
OM-3.9.4(d) 10/2017 Deleted sub-paragraph.
OM-3.9.5 10/2017 Deleted paragraph.
OM-3.9.7 10/2017 Added a new paragraph for security measures related to cloud services.
OM-6.4.6 10/2017 Amended paragraph to include ancillary service providers.
OM-6.3.1A 04/2018 Added a new Paragraph on card (EMV) compliance.
OM-6.3.1B 04/2018 Added a new Paragraph on provision of cash withdrawal and payment services through various channels.
OM-6.3.2 04/2018 Amended Paragraph to mention “conventional bank licensees".
OM-3.9.2 07/2018 Amended Paragraph to include call centres.
OM-3.9.2A 07/2018 Added new Paragraph on customer notification.
OM-6.4.15A 10/2018 Added a new Paragraph on drive-thru ATMs.
OM-6.4.20A 10/2018 Added a new Paragraph on drive-thru ATMs.
OM-6.1.2 07/2019 Amended Paragraph on deployment of Private Security Guards at Head Offices of Licensees.
OM-6.3.1C, OM6.3.1D, OM-6.3.1E, OM-6.3.1F 10/2019 Added new Paragraphs on Near Field Communication "NFC".