Bank of Russia extends data protection requirements for credit institutions

The new Regulation issued by the Bank of Russia obliges credit institutions to ensure data protection for the following bank operations: taking households’ and legal entities’ funds on deposit, placing funds raised in its own name and at its own cost, opening and maintaining households’ and legal entities’ bank accounts, etc. Previously, credit institutions only had to maintain data protection measures for funds transfer operations.

Maximum requirements will be applied to systemically important credit institutions, banks acting as payment infrastructure operators of systemically important payment systems, as well as credit institutions that are important in the payment services market. All other participants will operate under standard requirements.

The regulation lists data protection requirements related to information infrastructure, applied software, and protected data processing.

The document seeks to protect the funds of credit institutions and their customers against the activities of cyber criminals.