OB-1.1.13

Entire section

Custom print

Link

Text Only

Rich Text

Print

Location:

Versions

Dec 01 2018 - Jun 30 2021
Jul 01 2021

An AISP must establish procedures to ensure:

(a) it does not provide account information services without the customer's explicit consent;

(b) that it will not store the customer's personalised security credentials such as customer’s KYC and biometric information and that such data are:

i. not accessible to other parties, with the exception of the issuer of the credentials; and

ii. transmitted through safe and efficient channels;

(c) for each communication session, communicate securely with licensee and the customer in accordance with the regulatory requirements of this Module;

(d) that it does not access any information other than information from designated accounts;

(e) it will not access, use or store any information for any purpose except for the provision of the account information service explicitly requested by the customer;

(f) that any data accessed and stored is encrypted in transit and at rest and, must not be accessible to any unauthorised person within the licensee’s organisation; and

(g) that customer information accessed must not be stored in a form which permits identification of customer once the customer consent is withdrawn.

Amended: July 2021
Added: December 2018