OM-A.3.3
The most recent changes made to this Module are detailed in the table below:
Summary of Changes
Module Ref. | Change Date | Description of Changes |
OM-5.1 | 01/04/05 | Physical security measures. |
OM-4.2 | 01/10/05 | Succession planning for locally incorporated banks. |
OM-5.1 | 01/10/05 | Clarification of security manager role for smaller banks. |
OM-B & OM-1.2 | 01/04/06 | Minor amendments concerning roles of Board and management. |
OM-5.1.15–OM-5.1.24 | 01/04/06 | New security requirements for ATM security arrangements and reporting of security related complaints. |
OM-A.2.1–OM-A.2.6 | 01/10/07 | Purpose (expanded) |
OM-A.2.1–OM-A.2.6 | 01/10/07 | Key Requirements (deleted) |
OM-2.1–2.2 & 2.4 | 01/10/07 | Relocation of Succession Planning Requirements from OM-4 |
OM-5.1–OM-5.9 | 01/10/07 | Business Continuity Planning (expanded) |
OM-7 | 01/10/07 | Books and Records Chapter transferred from Module GR |
OM-8 | 01/04/08 | Basel II Qualitative Operational Risk Requirements |
OM | 01/2011 | Various minor amendments to ensure consistency in CBB Rulebook. |
OM-A.1.3 and OM-A.1.4 | 01/2011 | Clarified legal basis. |
OM-7.1.4 | 04/2011 | This Paragraph was deleted as Ministerial Order 23 does not apply to CBB licensees. |
OM-7.3.4 | 04/2011 | Clarified retention period of records for promotional schemes. |
OM | 07/2011 | Various minor amendments to clarify Rules and have consistent language. |
OM-2.4 | 07/2011 | Amended CBB reporting requirements regarding succession planning. |
OM-3.1.7 | 07/2011 | Paragraph deleted as no longer applicable since standard conditions and licensing criteria document has now been incorporated as part of Volume 1. |
OM-6.2 | 10/2011 | Added new Section on internet security. |
OM-7.1.7 | 10/2011 | Corrected typo. |
OM-A.1.3 | 01/2012 | Updated legal basis. |
OM-2.1.4 | 01/2012 | Corrected cross reference. |
OM-3.2.2 | 04/2012 | Deleted last sentence of Paragraph as it repeats the requirement under Paragraph OM-3.3.1 |
OM-6.2.2 | 04/2012 | Clarified penetration testing interval for internet security. |
OM-1.1.4 | 10/2012 | Amended to reflect updated version of Basel Committee document. |
OM-3.2.6, OM-5.2.1, OM-5.4.8, OM-8 | 10/2012 | Amended to reflect the Basel June 2011 paper on Principles for the Sound Management of Operational Risk. |
OM-6.2 | 07/2013 | Amended reporting requirements related to internet security measures. |
OM-6.2.1 | 10/2013 | Amended Rule to apply to all banks. |
OM-3.7.2 | 10/2015 | Clarified Rule on internal audit outsourcing. |
OM-6 | 04/2016 | Updated ATM security measures for banks. |
OM-3.9 | 07/2016 | Added new Section dealing with outsourcing of functions containing customer information. |
OM-5.10 | 10/2016 | Added new Section on Cyber Security Risk Management |
OM-6.4.3 | 10/2016 | Corrected cross references |
OM-6.4.4 | 10/2016 | Corrected cross references |
OM-6.4.5 | 10/2016 | Corrected cross references |
OM-6.6 | 10/2016 | Added new Section on Cyber Security Measures |
OM-3.9.2 | 01/2017 | Amended paragraph on customer information |
OM-3.9.6 | 01/2017 | Added new guidance paragraph on customer information |
OM-6.4.22 | 04/2017 | ATM requirement on Solid Wall deleted. |
OM-6.4.23 | 04/2017 | ATM requirement on Solid Wall deleted. |
OM-6.3.1 | 07/2017 | Clarified requirements on compliance date. |
OM-6.3.2A | 07/2017 | Added new paragraph on Prohibition of Double Swiping. |
OM-6.3.2B | 07/2017 | Added new paragraph on Prohibition of Double Swiping. |
OM-6.3.2C | 07/2017 | Added new paragraph on Prohibition of Double Swiping. |
OM-6.3.2D | 07/2017 | Added new paragraph on Prohibition of Double Swiping. |
OM-6.3.2E | 07/2017 | Added new paragraph on Prohibition of Double Swiping. |
OM-6.4.21 | 07/2017 | Deleted paragraph. |
OM-7.2.1 | 07/2017 | Amended paragraph according to the Legislative Decree No. (28) of 2002. |
OM-7.2.2 | 07/2017 | Deleted paragraph. |
OM-3.1.2 | 10/2017 | Amended paragraph to allow the utilization of cloud services. |
OM-3.1.5A | 10/2017 | Added a new paragraph on outsourcing requirements. |
OM-3.2.3 | 10/2017 | Amended paragraph. |
OM-3.3.1 | 10/2017 | Amended paragraph. |
OM-3.3.2 | 10/2017 | Amended paragraph. |
OM-3.3.3 | 10/2017 | Amended paragraph. |
OM-3.3.4 | 10/2017 | Amended paragraph. |
OM-3.3.5 | 10/2017 | Added a new paragraph on outsourcing |
OM-3.4.2(b) | 10/2017 | Amended sub-paragraph. |
OM-3.4.3 | 10/2017 | Deleted paragraph. |
OM-3.4.5 | 10/2017 | Amended paragraph. |
OM-3.5.1(a) | 10/2017 | Amended sub-sub-paragraph no. (5) |
OM-3.5.1(c) | 10/2017 | Amended sub-sub-paragraphs no. (2) and (3). |
OM-3.5.1(e) | 10/2017 | Amended sub-sub-paragraph no. (3). |
OM-3.8.3 | 10/2017 | Amended paragraph. |
OM-3.9.1 | 10/2017 | Amended paragraph. |
OM-3.9.2 | 10/2017 | Amended paragraph on third party outsourcing of functions. |
OM-3.9.3 | 10/2017 | Amended paragraph. |
OM-3.9.4(b) | 10/2017 | Amended sub-paragraph. |
OM-3.9.4(c) | 10/2017 | Amended sub-paragraph. |
OM-3.9.4(d) | 10/2017 | Deleted sub-paragraph. |
OM-3.9.5 | 10/2017 | Deleted paragraph. |
OM-3.9.7 | 10/2017 | Added a new paragraph for security measures related to cloud services. |
OM-6.4.6 | 10/2017 | Amended paragraph to include ancillary service providers. |
OM-6.3.1A | 04/2018 | Added a new Paragraph on card (EMV) compliance. |
OM-6.3.1B | 04/2018 | Added a new Paragraph on provision of cash withdrawal and payment services through various channels. |
OM-6.3.2 | 04/2018 | Amended Paragraph to mention “conventional bank licensees". |
OM-3.9.2 | 07/2018 | Amended Paragraph to include call centres. |
OM-3.9.2A | 07/2018 | Added new Paragraph on customer notification. |
OM-6.4.15A | 10/2018 | Added a new Paragraph on drive-thru ATMs. |
OM-6.4.20A | 10/2018 | Added a new Paragraph on drive-thru ATMs. |
OM-6.1.2 | 07/2019 | Amended Paragraph on deployment of Private Security Guards at Head Offices of Licensees. |
OM-6.3.1C, OM6.3.1D, OM-6.3.1E, OM-6.3.1F | 10/2019 | Added new Paragraphs on Near Field Communication "NFC". |