Thông tư 09/2003/TT-NHNN

CIRCULAR

GUIDING THE IMPLEMENTATION OF SEVERAL PROVISIONS OF THE DECREE NO. 55/2001/ND-CP DATED 23 AUGUST, 2001 OF THE GOVERNMENT ON THE MANAGEMENT, PROVISION AND USE OF INTERNET

Pursuant to the Article 17 and 36 of the Decree No. 55/2001/ND-CP dated 23 August, 2001 of the Government on the management, provision and use of Internet, the State Bank of Vietnam provides the guidance on the implementation of several specific contents on the management, provision and use of Internet in banking sectors as follows:

I. GENERAL PROVISIONS

1. Governing scope and subjects of application.

a. This Circular provides the guidance on several contents of the management, provision and use of Internet based services in banking sectors in accordance with the Decree No. 55/2001/ND-CP dated 23 August, 2001 of the Prime Minister.

b. Subjects of application.

- Organizations, units operating in banking sectors, which provide Internet based services in banking sectors.

- Organization, units, individuals using Internet based services in banking sectors.

2. Terms in this Circular shall be construed as follows:

a. Information network and database of the State Bank's operations shall be the State Bank's internal network, which is specifically used for the State Bank's operation and activities only. Information and database in this network, which are secured in a confidential system, shall not be transmitted in the Internet network.

b. Internet equipment system shall be the combination of electronic, telecommunication, informatics equipments and other supporting equipments, including hardware, software which are set up by subjects (provided for in paragraph 1, section I of this Circular) at a place with its specific address and scope and those subjects shall be entitled to have full powers to use in accordance with provisions of applicable laws in order to serve directly for the provision and use of Internet services.

c. Intranet shall be an information system, which is linked by IP and uses a unified address system within the scope of an organization, unit to provide different services and applications to users.

d. Internet based service in banking sectors shall be the service, which uses the Internet network to provide banking services to users.

II. SPECIFIC PROVISIONS

1. The provision and use of Internet based service in banking sectors shall be carried out through contract in accordance with provisions of applicable laws and in line with the actual business conditions of units.

2. Contracts of the provision and use of Internet based service in banking sectors shall be made in writing. On the basis of provisions of applicable laws on the contracts, the management of the provision and use of Internet service, organizations, units, which provide the Internet based service in banking sectors shall be responsible for the preparation, issuance of special contract form to unify the performance in their units.

3. Organizations, units operating in banking sectors, which desire to provide Internet based service shall be permitted by the Governor of the State Bank of Vietnam under following conditions:

a. Availability of clear purposes;

b. Availability of a computer information network design with adequate equipment to make the examination, supervision convenient to ensure the security and information security.

c. Availability of a technician team satisfying system's requirements;

d. Compliance with the Regulation on the provision and use of Internet based service.

4. Organizations, units operating in banking sectors, which use the Internal information network (Intranet), must establish the Operation Committee for the management and use of Intranet and Internet. The Head of the unit shall appoint the Committee Head. The Operation Committee for the management of provision and use of Intranet and Internet network service shall only have the authority and responsibility for units, individuals, which are within the scope of management of their unit.

5. Authorities, responsibilities of the Operation Committee for the management and use of Intranet and Internet network.

a. Authorities:

- Making decision on types, contents of information in Intranet network within their management in accordance with current provisions;

- Examination and issuance of certifications to units, individuals, which satisfy fully conditions for the establishment of Intranet network and/or for the connection to the Internet;

- Suspension of units, individuals, which violate provisions on the management and use of Intranet network in banking sectors;

- Making proposal as to discipline to violated units, individuals.

b. Responsibilities:

- Being responsible before the Head of unit for the use of Intranet, Internet network in accordance with current legal documents;

- Provision of technical conditions to secure information security to computer network system, which is connected to the Internet.

6. Information networks and databases of banking operations of units, individuals in banking system shall not be connected directly to the Internet network. When the connection to the Internet network is required, it is required to set up a special network (or connection place), to codify information, to possess effective technical measures for anti-access, anti-stealing, anti-vandalization for professional information system, specific database, at the same time, the information exchange must be controlled.

7. Authorities and responsibilities of organizations, units operating in banking sectors, which are permitted to provide Internet based service.

a. Authorities:

- To take the initiative of design, establishment of technical equipment system to provide Internet based service to members being objects, which are stipulated in the license.

- To be permitted to use Internet based services upon demands and duties of their units in accordance with the plan and provisions of the Internet resources management.

- To use administrative and technical measures in order to manage, exploit, use, provide Internet based services managed by themselves.

- To decide to suspend the provision of services or provide limited services in emergency cases to secure the national security, in accordance with the requirement of the State competent agencies.

b. Responsibilities:

- To carry out procedures to receive permission from the State management agency of the Internet service and be responsible for the compliance with provisions of applicable laws on the electronic news and information activities.

- To obtain the acceptance, approval by the Governor of the State Bank when expanding the Internet based services in banking sectors.

- To be responsible by themselves for damages, risks caused by the use of Internet.

- To closely control units, individuals that use and provide Internet based services, which are being forbidden or have not been permitted to use, provide.

- To guide users of Internet based services to comply with provisions of the exploitation, use of Internet based services in accordance with provisions of applicable laws.

- To fully perform clauses, conditions stated in the contract, which has been entered into with a party participating to their Internet based services.

- To issue procedures and formalities of exploiting Internet service within the management scope of their units.

- To disseminate, guide member units, users of Internet based services in banking sectors to implement this Circular and related documents.

8. Rights and obligations of organizations, units, individuals, which use Internet based service.

a. Rights:

- To exploit, use Internet based services in banking sectors under the agreement between parties;

- To claim and to be compensated when their legal rights have been violated in accordance with provisions of applicable laws.

b. Obligations:

- To guarantee the safety, security to Internet equipment system. To manage closely password, special information and secure Internet equipment system;

- To guarantee contents provided for, reserved and transmitted by themselves when using Internet based services;

- To provide information to network administration units on the illegal access, or the access to Internet based services in banking sectors, which have not been permitted or are being forbidden;

- To co-operate with and facilitate the State agencies to carry out security measures of Internet equipment system, information security and investigation to prevent computer offenders in Internet activities.

- To pay fee for the use of Internet based services under the agreement between parties.

9. The Banking Information Technology Department shall be responsible for the appraisal, assessment, following-up and making petition to the Governor on technical conditions to secure the provision of Internet based services in banking sectors by organizations, units in banking sectors.

III. IMPLEMENTING PROVISIONS

1. This Circular shall be effective after 15 days from the date of publication in the official gazette. Provisions, which are in contrary with this Circular, shall cease their effectiveness.

2. The Director of the Administrative Department, the Director of the Banking Information Technology Department, Head of units of the State Bank, General Managers of the State Bank's branches in provinces, cities under the central Government's management, Directors of organizations, units providing Internet services in banking sectors, General Directors (Directors) of credit institutions shall be responsible for the implementation of this Circular.

3. Any obstacle, which may arise during the implementation, shall be informed timely to the State Bank for consideration and solution.