Banks in Moldova will need to improve risk management related to ICT, information security and business continuity.
In particular, this is provided for by the corresponding amendments to the Law on the Activities of Banks, which Parliament adopted in the first reading as part of a general law aimed at strengthening cybersecurity at the national level. In particular, the Law on Banking Activities will be supplemented with a new article “Management of risks associated with information and communication technologies (ICT), information security and business continuity.” It will stipulate that every bank must have effective information and communications technology (ICT) staff, systems and services that enable the bank to operate in accordance with the nature, scale and complexity of the risks inherent in the bank's operations and business model. To this end, the bank establishes roles and responsibilities, approves and implements an ICT and information security strategy and action plans to achieve its goals. The bank must establish a business continuity management system capable of ensuring continued operations while ensuring the protection of all critical information, including limiting losses in the event of a major business interruption. To do this, the bank must identify the continuity risks to which it is exposed and approve and implement business continuity plans. The bank must have an ICT and information security risk management system that includes processes and procedures to ensure that risks are identified, analyzed, assessed, mitigated, monitored, reported and maintained within the bank's risk appetite. In addition, the bank's information security management system should define the principles, rules and procedures for protecting the confidentiality, integrity and availability of data and information of the bank and its customers, and establish measures to reduce the level of ICT and information security risks to which it is exposed. In addition, the bank must establish risk analysis, information security and business continuity review processes that confirm the effectiveness of controls and the applicability of business continuity plans. Specific requirements for the implementation of these points will be established by regulations of the National Bank. Supervision and control of compliance with the obligations provided for in this article will be carried out by the national competent authority in the field of cybersecurity, appointed on the basis of the Law on Cybersecurity, in cooperation with the National Bank of Moldova. // 29.02.2024 — InfoMarket.
