Custom print

OM-A.2.2

Past version: Effective from 01 Apr 2021 to 30 Jun 2021
To view other versions open the versions tab on the right

The changes made to this Module are detailed in the table below:

Summary of Changes

Module Ref. Change Date Description of Changes
OM-5.1 01/04/05 Physical security measures.
OM-4.2 01/10/05 Succession planning for locally incorporated banks.
OM-5.1 01/10/05 Clarification of security manager role for smaller banks and deletion of requirement for cash trays.
OM-B & OM-1.2 01/04/06 Minor amendments concerning roles of Board and management and editing of OM B.
OM-5.1.15-OM-5.1.24 01/04/06 New security requirements for ATM security arrangements and reporting of security related complaints.
OM-A.2.1-OM-A.2.6 01/10/07 Purpose (expanded)
OM-A.2.1-OM-A.2.6 01/10/07 Key Requirements (deleted)
OM-5.1-OM-5.9 01/10/07 Business Continuity Planning (expanded)
OM-7 01/10/07 New Books and Records Chapter transferred from Module GR
OM-8 01/04/08 Basel II Qualitative Operational Risk Requirements
OM 01/2011 Various minor amendments to ensure consistency in CBB Rulebook.
OM-A.1.3 and OM-A.1.4 01/2011 Clarified legal basis.
OM-7.1.4 04/2011 This paragraph was deleted as Ministerial Order 23 does not apply to CBB licensees.
OM-7.3.4 04/2011 Clarified retention period of records for promotional schemes.
OM 07/2011 Various minor amendments to clarify Rules and have consistent language.
OM-2.4 07/2011 Amended CBB reporting requirements regarding succession planning.
OM-3.1.7 07/2011 Paragraph deleted as no longer applicable since standard conditions and licensing criteria document has now been incorporated as part of Volume 2.
OM-6.2 10/2011 Added new Section on internet security.
OM-7.1.7 10/2011 Corrected typo.
OM-A.1.3 01/2012 Updated legal basis.
OM-2.1.4 01/2012 Corrected cross reference.
OM-3.2.2 04/2012 Deleted last sentence of Paragraph as it repeats the requirement under Paragraph OM-3.3.1
OM-6.2.2 04/2012 Clarified penetration testing interval for internet security.
OM-1.1.4 10/2012 Amended to reflect updated version of Basel Committee document.
OM-3.2.6, OM-5.2.1, OM-5.4.8, OM-8 10/2012 Amended to reflect the Basel June 2011 paper on Principles for the Sound Management of Operational Risk.
OM-6.2 07/2013 Amended reporting requirements related to internet security measures.
OM-6.2.1 10/2013 Amended Rule to apply to all banks.
OM-3.7.2 10/2015 Clarified Rule on internal audit outsourcing.
OM-6 04/2016 Updated ATM security measures for banks.
OM-3.9 07/2016 Added new Section dealing with outsourcing of functions containing customer information.
OM-5.10 10/2016 Added new Section on Cyber Security Risk Management
OM-6.1.1 10/2016 Added implementation deadline date
OM-6.4.3 10/2016 Corrected cross references
OM-6.4.4 10/2016 Corrected cross references
OM-6.4.5 10/2016 Corrected cross references
OM-6.6 10/2016 Added new Section on Cyber Security Measures
OM-3.9.2 01/2017 Amended Paragraph on customer information
OM-3.9.6 01/2017 Added new guidance paragraph on customer information
OM-6.4.22 04/2017 ATM requirement on Solid Wall deleted.
OM-6.4.23 04/2017 ATM requirement on Solid Wall deleted.
OM-6.3.1 07/2017 Clarified requirements on compliance date.
OM-6.3.2A 07/2017 Added new paragraph on Prohibition of Double Swiping.
OM-6.3.2B 07/2017 Added new paragraph on Prohibition of Double Swiping.
OM-6.3.2C 07/2017 Added new paragraph on Prohibition of Double Swiping.
OM-6.3.2D 07/2017 Added new paragraph on Prohibition of Double Swiping.
OM-6.3.2E 07/2017 Added new paragraph on Prohibition of Double Swiping.
OM-6.4.21 07/2017 Deleted paragraph.
OM-7.2.1 07/2017 Amended paragraph according to the Legislative Decree No. (28) of 2002.
OM-7.2.2 07/2017 Deleted paragraph.
OM-3.1.2 10/2017 Amended paragraph to allow the utilization of cloud services.
OM-3.1.5A 10/2017 Added a new paragraph on outsourcing requirements.
OM-3.2.3 10/2017 Amended paragraph.
OM-3.3.1 10/2017 Amended paragraph.
OM-3.3.2 10/2017 Amended paragraph.
OM-3.3.3 10/2017 Amended paragraph.
OM-3.3.4 10/2017 Amended paragraph.
OM-3.3.5 10/2017 Added a new paragraph on outsourcing.
OM-3.4.1 10/2017 Amended paragraph.
OM-3.4.2(b) 10/2017 Amended sub-paragraph.
OM-3.4.3 10/2017 Deleted paragraph.
OM-3.4.5 10/2017 Amended paragraph.
OM-3.5.1(a) 10/2017 Amended sub-sub-paragraph no. (5).
OM-3.5.1(c) 10/2017 Amended sub-sub-paragraphs no. (2) and (3).
OM-3.5.1(e) 10/2017 Amended sub-sub-paragraph no. (3).
OM-3.8.3 10/2017 Amended paragraph.
OM-3.9.1 10/2017 Amended paragraph.
OM-3.9.2 10/2017 Amended paragraph on third party outsourcing of functions.
OM-3.9.3 10/2017 Amended paragraph.
OM-3.9.4) 10/2017 Amended paragraph.
OM-3.9.4(b) 10/2017 Amended sub-paragraph.
OM-3.9.4(d) 10/2017 Deleted sub-paragraph.
OM-3.9.5 10/2017 Deleted paragraph.
OM-3.9.7 10/2017 Added a new paragraph for security measures related to cloud services.
OM-6.4.6 10/2017 Amended paragraph to include ancillary service providers.
OM-6.3.1A 04/2018 Added a new Paragraph on card (EMV) compliance.
OM-6.3.1B 04/2018 Added a new Paragraph on "provision of cash withdrawal and payment services through various channels".
OM-6.3.2 04/2018 Amended Paragraph to mention "Islamic bank licensees".
OM-3.9.2 07/2018 Amended Paragraph to include call centres.
OM-3.9.2A 07/2018 Added new Paragraph on customer notification.
OM-6.4.15A 10/2018 Added a new Paragraph on drive-thru ATMs.
OM-6.4.20A 10/2018 Added a new Paragraph on drive-thru ATMs.
OM Module 01/2020 Entire Module revised for better alignment with the principles and guidance from Basel Committee on Banking Supervision
OM-5.2.1A 07/2020 Added a new Paragraph on contactless payments.
OM-5.1.2A & OM-5.1.2B 10/2020 Added new Paragraphs on fraudulent phishing attempts measures.
OM-2.8.5 01/2021 Deleted Subparagraph (a).
OM-3.1.2(f) 01/2021 Amended Subparagraph on electronic fraud.
OM-3.3.11 01/2021 Added a new Paragraph on electronic fraud awareness.
OM-5.1.5 04/2021 Amended Paragraph.