The State Bank of Vietnam (SBV) is drafting a Circular regulating the safety of the information system in banking banking operations, replacing Circular 18/2018.

The draft has added a number of subjects of application within the scope of management and licensing of the State Bank of Vietnam for which there are currently no regulations on information system security compliance such as: Vietnam Credit Information Joint Stock Company - PCB), Vietnam Asset Management Company (VAMC), Vietnam National Money Printing Factory, Deposit Insurance of Vietnam.

Subjects of microfinance institutions, local People's Credit Funds have been added for cases where these organizations have established and used the information system to serve one or many technical and professional activities of the organization.

In addition, the draft circular specifies that online service delivery systems for customers must comply with the system classification in accordance with Decree 85/2016 and its guidance documents.

For other systems, classification is made according to 5 levels based on the reference to the provisions of Decree 85/2016/ND-CP and in accordance with the banking industry, replacing the 3-level classification according to the provisions of Circular 18/2018/TT-NHNN that show several shortcomings that cause difficulties for organizations when implementing.

Regarding the application of multi-factor authentication solutions in the management and operation of information systems, the draft regulations stipulate: Applying multi-factor authentication when approving financial transactions arising from electronic money transfer to external partners valued at VND 100 million or more.

Regarding the reasons for the replacement of Circular 18/2018, the State Bank of Vietnam said that in 2019 and the first half of 2020, according to information from the Ministry of Public Security, the Ministry of Information and Communications and through supervision of cybersecurity of the banking industry, cyber attacks aimed at the banking system increased both in scale and level of persistence and sophisticated techniques.

At the end of 2019, Vietnam's banking industry had incidents related to information security, i.e. leaking customer information, detecting malicious code infiltrated into the information system.

Through the inspection and survey, the Information Technology Department, the State Bank of Vietnam has noted the difficulties, obstacles and proposals in the implementation process of Circular 18/2018 of credit institutions and intermediaries providing intermediary payment services. Therefore, it is necessary to issue a circular to replace Circular 18/2018 to solve problems that arise.

Kylie Nguyen