OM-A.3.3
Past version: Effective from 01 Apr 2018 to 30 Jun 2018
To view other versions open the versions tab on the right
The most recent changes made to this Module are detailed in the table below:
Summary of Changes
| Module Ref. | Change Date | Description of Changes |
| OM-5.1 | 01/04/05 | Physical security measures. |
| OM-4.2 | 01/10/05 | Succession planning for locally incorporated banks. |
| OM-5.1 | 01/10/05 | Clarification of security manager role for smaller banks. |
| OM-B & OM-1.2 | 01/04/06 | Minor amendments concerning roles of Board and management. |
| OM-5.1.15-OM-5.1.24 | 01/04/06 | New security requirements for ATM security arrangements and reporting of security related complaints. |
| OM-A.2.1-OM-A.2.6 | 01/10/07 | Purpose (expanded) |
| OM-A.2.1-OM-A.2.6 | 01/10/07 | Key Requirements (deleted) |
| OM-2.1-2.2&2.4 | 01/10/07 | Relocation of Succession Planning Requirements from OM-4 |
| OM-5.1-OM-5.9 | 01/10/07 | Business Continuity Planning (expanded) |
| OM-7 | 01/10/07 | New Books and Records Chapter transferred from Module GR |
| OM-8 | 01/04/08 | Basel II Qualitative Operational Risk Requirements |
| OM | 01/2011 | Various minor amendments to ensure consistency in CBB Rulebook. |
| OM-A.1.3 and OM-A.1.4 | 01/2011 | Clarified legal basis. |
| OM-7.1.4 | 04/2011 | This paragraph was deleted as Ministerial Order 23 does not apply to CBB licensees. |
| OM-7.3.4 | 04/2011 | Clarified retention period of records for promotional schemes. |
| OM | 07/2011 | Various minor amendments to clarify Rules and have consistent language. |
| OM-2.4 | 07/2011 | Amended CBB reporting requirements regarding succession planning. |
| OM-3.1.7 | 07/2011 | Paragraph deleted as no longer applicable since standard conditions and licensing criteria document has now been incorporated as part of Volume 1. |
| OM-6.2 | 10/2011 | Added new Section on internet security. |
| OM-7.1.7 | 10/2011 | Corrected typo. |
| OM-A.1.3 | 01/2012 | Updated legal basis. |
| OM-2.1.4 | 01/2012 | Corrected cross reference. |
| OM-3.2.2 | 04/2012 | Deleted last sentence of Paragraph as it repeats the requirement under Paragraph OM-3.3.1 |
| OM-6.2.2 | 04/2012 | Clarified penetration testing interval for internet security. |
| OM-1.1.4 | 10/2012 | Amended to reflect updated version of Basel Committee document. |
| OM-3.2.6, OM-5.2.1, OM-5.4.8, OM-8 | 10/2012 | Amended to reflect the Basel June 2011 paper on Principles for the Sound Management of Operational Risk. |
| OM-6.2 | 07/2013 | Amended reporting requirements related to internet security measures. |
| OM-6.2.1 | 10/2013 | Amended Rule to apply to all banks. |
| OM-3.7.2 | 10/2015 | Clarified Rule on internal audit outsourcing. |
| OM-6 | 04/2016 | Updated ATM security measures for banks. |
| OM-3.9 | 07/2016 | Added new Section dealing with outsourcing of functions containing customer information. |
| OM-5.10 | 10/2016 | Added new Section on Cyber Security Risk Management |
| OM-6.4.3 | 10/2016 | Corrected cross references |
| OM-6.4.4 | 10/2016 | Corrected cross references |
| OM-6.4.5 | 10/2016 | Corrected cross references |
| OM-6.6 | 10/2016 | Added new Section on Cyber Security Measures |
| OM-3.9.2 | 01/2017 | Amended Paragraph on customer information |
| OM-3.9.6 | 01/2017 | Added new guidance paragraph on customer information |
| OM-6.4.22 | 04/2017 | ATM requirement on Solid Wall deleted. |
| OM-6.4.23 | 04/2017 | ATM requirement on Solid Wall deleted. |
| OM-6.3.1 | 07/2017 | Clarified requirements on compliance date. |
| OM-6.3.2A | 07/2017 | Added new paragraph on Prohibition of Double Swiping. |
| OM-6.3.2B | 07/2017 | Added new paragraph on Prohibition of Double Swiping. |
| OM-6.3.2C | 07/2017 | Added new paragraph on Prohibition of Double Swiping. |
| OM-6.3.2D | 07/2017 | Added new paragraph on Prohibition of Double Swiping. |
| OM-6.3.2E | 07/2017 | Added new paragraph on Prohibition of Double Swiping. |
| OM-6.4.21 | 07/2017 | Deleted paragraph. |
| OM-7.2.1 | 07/2017 | Amended paragraph according to the Legislative Decree No. (28) of 2002. |
| OM-7.2.2 | 07/2017 | Deleted paragraph. |
| OM-3.1.2 | 10/2017 | Amended paragraph to allow the utilization of cloud services. |
| OM-3.1.5A | 10/2017 | Added a new paragraph on outsourcing requirements. |
| OM-3.2.3 | 10/2017 | Amended paragraph. |
| OM-3.3.1 | 10/2017 | Amended paragraph. |
| OM-3.3.2 | 10/2017 | Amended paragraph. |
| OM-3.3.3 | 10/2017 | Amended paragraph. |
| OM-3.3.4 | 10/2017 | Amended paragraph. |
| OM-3.3.5 | 10/2017 | Added a new paragraph on outsourcing. |
| OM-3.4.1 | 10/2017 | Amended paragraph. |
| OM-3.4.2(b) | 10/2017 | Amended sub-paragraph. |
| OM-3.4.3 | 10/2017 | Deleted paragraph. |
| OM-3.4.5 | 10/2017 | Amended paragraph. |
| OM-3.5.1(a) | 10/2017 | Amended sub-sub-paragraph no. (5). |
| OM-3.5.1(c) | 10/2017 | Amended sub-sub-paragraphs no. (2) and (3). |
| OM-3.5.1(e) | 10/2017 | Amended sub-sub-paragraph no. (3). |
| OM-3.8.3 | 10/2017 | Amended paragraph. |
| OM-3.9.1 | 10/2017 | Amended paragraph. |
| OM-3.9.2 | 10/2017 | Amended paragraph on third party outsourcing of functions. |
| OM-3.9.3 | 10/2017 | Amended paragraph. |
| OM-3.9.4 | 10/2017 | Amended sub-paragraph. |
| OM-3.9.4(b) | 10/2017 | Amended sub-paragraph. |
| OM-3.9.4(d) | 10/2017 | Deleted sub-paragraph. |
| OM-3.9.5 | 10/2017 | Deleted paragraph. |
| OM-3.9.7 | 10/2017 | Added a new paragraph for security measures related to cloud services. |
| OM-6.4.6 | 10/2017 | Amended paragraph to include ancillary service providers. |
| OM-6.3.1A | 04/2018 | Added a new Paragraph on card (EMV) compliance. |
| OM-6.3.1B | 04/2018 | Added a new Paragraph on "provision of cash withdrawal and payment services through various channels" |
| OM-6.3.2 | 04/2018 | Amended Paragraph to mention "Islamic bank licensees". |