The Financial Services Authority has introduced significant new obligations for commercial banks relating to the provision of digital services.* The purpose of the new regulations is to provide a robust regulatory framework for digital banking by upgrading risk management, customer data security, and consumer protection.
The new regulations introduce, for the first time, the requirement for commercial banks to enforce two-factor authentication for financial transactions. In addition, the new regulations provide more stringent standards relating to the collection and use of customers’ personal data, the use of electronic signatures, digital services partnerships, IT infrastructure, and submission of reports by financial institutions for assessment purposes.
Commercial banks must have overhauled all their internal processes and policies by March 2024 and reorganised their IT infrastructure by December 2024. Non-compliance will lead to administrative sanctions including prohibition on providing digital services or a decline in the bank’s health rating.
Once these new regulations have been fully implemented, the Financial Services Authority hopes that public trust in the banking sector will be significantly enhanced.
*Financial Services Authority Regulation No. 21 Year 2023 on Digital Services by Commercial Banks