This is an important content of the Decree No. 88/2019/NĐ-CP dated November 14, 2019 on penalties for administrative violations in monetary and banking sector in Vietnam.
According to Article 52 of the Decree No. 88/2019/NĐ-CP of the Vietnam’s Government, failing to provide instructions to customers on measures for ensuring security and confidentiality of information when using banking services on the Internet is considered as a violation against regulations on information system security in banking operations. To be specific:
Article 52. Violations against regulations on information system security in banking operations
1. A fine ranging from VND 10,000,000 to VND 20,000,000 shall be imposed for committing one of the following violations:
a) failing to carry out assessment of information technology (IT) risks and operational risks before using IT services rendered by a third party as prescribed by law.
b) failing to carry out assessment of security level of the information system providing online transaction services for customers before it is put into official operation.
2. A fine ranging from VND 20,000,000 to VND 30,000,000 shall be imposed for committing one of the following violations:
a) failing to disseminate or provide updated regulations on information security to all staff members at least once every year;
b) failing to take data backup or insufficiently backing up data to ensure data security as prescribed by law;
c) failing to implement network security solutions for controlling network connection as well as detecting and preventing attacks and illegal access to information systems providing online transaction services for customers;
d) failing to verify identity of service users when rending banking services on the Internet as prescribed by law;
dd) failing to provide instructions to customers on measures for ensuring security and confidentiality of information when using banking services on the Internet;
e) failing to keep logbooks of operations of information systems and users, errors and information security incidents as prescribed by law.
If the bank violates one of the above-mentioned activities, the maximum penalty shall be VND 30,000,000. Concurrently, additional penalties shall be applied which are the use of IT services by a third party shall be suspended for 01 – 03 months if the violation prescribed in Point a Clause 1 Article 52 of the Decree No. 88/2019/NĐ-CP is committed.
More details at the Decree No. 88/2019/NĐ-CP of the Vietnam’s Government, effective from December 31, 2019.
Phuong Thanh
Address: | 19 Nguyen Gia Thieu, Vo Thi Sau Ward, District 3, Ho Chi Minh City |
Phone: | (028) 7302 2286 |
E-mail: | info@lawnet.vn |