Guidance on management of operation and information exchange in banking operations in Vietnam

According to Article 20 of the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, responsibility for management and operational procedures is prescribed as follows:

1. Promulgate procedures or manual for operation of the information system of level 3 or higher, which shall, inter alia, include the following contents: procedures for system startup and shutdown, data backup and restoration, application operation, troubleshooting, supervision and recording of system operations into the logbook. For the purposes of such procedures, scope of work and responsibilities of persons who use and operate the information system must be clearly defined. The procedures for operation of the information system must be reviewed, updated and amended at least once a year to ensure its conformity with actual conditions.

2. Disseminate promulgated procedures to all persons who engage in the operation of the information system, and supervise their compliance with such procedures.

3. The operating environment of an information system of level 3 or higher and any information system that processes client's personal information must meet the following requirements:

- It must be independent of development environment and examination and testing environment;

- Measures to ensure information security must be applied;

- Application development tools and equipment are not installed on the system;

- Functions and utility software that are not currently in use on the information system must be eliminated or turned off.

4. An information system that is employed to process client’s transactions must meet the following requirements:

- A single individual is not allowed to participate in different processes varying from initiation to approval of a transaction;

- Multi-factor authentication shall be taken at the final step of approving a financial transaction which is conducted to make an interbank electronic funds transfer of VND 100 million or more (except the Straight Through Process through which transactions between intersystems are automatically authenticated);

- Measures to ensure the integrity of data of transactions must be applied;

- All activities on the information system must be tracked and recorded so that they are traceable to facilitate examination or control efforts whenever necessary.

View more details at the Circular No. 09/2020/TT-NHNN of the State Bank of Vietnam, effective from January 01, 2021.

Thuy Tram

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE