OM-3.1.2
The Board of Directors, or a designated Board Committee and
(a) The development and/or acquisition of the technology solutions;
(b) Testing of application program interfaces;
(c) Standards of communication and access and security of communication sessions, such as PCI-DSS compliance for cards;
(d) Authentication of the users;
(e) Processes and measures that protect customer data confidentiality consistent with Law No. 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018;
(f) The use of enhanced fraud monitoring of movements in customers’ accounts to guard against electronic frauds using various tools and measures, such as limits on value, volume and velocity; and
(g) Security policy and risk management controls.
Amended: January 2021
Added: January 2020
Added: January 2020