Chỉ thị 02/CT-NHNN

DIRECTIVE

PROMOTING DIGITALIZATION AND ASSURANCE OF INFORMATION SECURITY AND SAFETY IN BANKING ACTIVITIES

In implementation of orientations and policies of the Government and Prime Minister regarding the Program for “National digitalization to 2025 and orientation until 2030”, in recent years, the State Bank of Vietnam (SBV) has reviewed and promulgated multiple policies facilitating digitalization and promoting application of technology in professional operations and provision of products, services on the basis of ensuring security, safety and protecting legal rights, benefits of customers. Digitalization in banking sector has made drastic improvement, expanded its scale and scope, and attained multiple achievements: (i) many banking services can now be implemented digitally (payment, deposit, saving, etc.) to meet demands of the general public and enterprises, especially during social distancing to prevent COVID-19; payment on mobile devices has made rapid development; Vietnamese banks have the highest growth rate in application of digital bank within the region by evaluation; (ii) SBV is ranked second in digital transformation index (DTI) and ranked first in institution formulation; ranked A in 2 consecutive years for assuring information safety. In addition to attained results, digitalization also poses multiple difficulties for banking sector regarding development of regulations, synchronization and standardization of facilities to connect, integrate and create digital ecosystem, changes to demands and behaviors of customers, assurance of security, safety, and privacy of customers’ data, etc.

In order to utilize attained results, overcome difficulties and challenges, and continue to promote digitalization and assurance of information security and safety in banking operations, the Governor of SBV hereby requests entities affiliated to the SBV, credit institutions, branches of foreign banks (hereinafter referred to as “credit institutions”), intermediary payment service providers shall effectively implement the following tasks and solutions:

I. GENERAL REQUIREMENTS

1. Extensively and effectively implement tasks and solutions mentioned under Digitalization plan in banking sector to 2025 and orientation until 2030 attached to Decision No. 810/QD-NHNN dated May 11, 2021 of the Governor of SBV.

2. Improve awareness of groups and individuals in banking sector regarding role and benefits of digitalization. The heads shall be responsible for directing digitalization within their agencies and organizations.

3. Prioritize and enhance security and safety assurance, minimize risks during provision and implementation of banking activities in digital environment.

4. Promote communications, publicize, popularize financial knowledge, instruct the general public and enterprises to grasp and utilize banking products and services on digital platform safely as per the law.

5. Promote cooperation, experience sharing, research, and application of digital technology in banking activities to develop and provide a multitude of banking products and services conveniently, safely, improve customer’s experience, and fulfill increasing demands and expectation of the general public and enterprises.

II. FOR ENTITIES AFFILIATED TO CENTRAL SBV

1. Review, research, and propose promulgation or amendment to regulations and law facilitating digitalization in banking sector, for the time being, focus on:

1.1. Develop and present Decree replacing Decree No. 101/2012/ND-CP of the Government on cashless payment and guiding documents to facilitate provision of a multitude of modern, safe payment services and products to the Government;

1.2. Present the Mechanisms for controlled testing of financial technology (Fintech) in banking sector (Regulatory Sandbox);

1.3. Review, amend regulations on loan lending in order to permit implementation via digital means, and automate the lending procedures of credit institutions for small loans taken by individual customers;

1.4. Research, review, and promulgate regulations on collection, extraction, processing, and sharing of payment data in order to implement open API in payment sector in order to move toward digital payment ecosystem;

1.5. Review and amend regulations on security, safety, and privacy in operation of digital banks depending on digital banking service development trend and provision of banking products and services on digital platform;

1.6. Review and amend regulations on recognizing and verifying customers in banking transactions via digital means.

2. Cooperate with relevant entities of Ministry of Information and Communications and Ministry of Public Security in organizing pilot implementation of making payment via telecommunication accounts for goods of small values (Mobile - Money).

3. Enhance state management of information technology activities in banking sector, develop policies, technology orientations, and framework regulations regarding technological development and digitalization. Organize inspection and assessment of security of important information systems in banking sector. Regularly and promptly issue warnings and recommendations regarding risks as well as security and safety measures in electronic banking activities.

4. Cooperate with relevant entities of Ministry of Public Security in implementing and enabling credit institutions and intermediary payment service providers to connect, extract information and data from the National population database and Citizen identity card database to verify know your customer (KYC) information electronically.

5. Continue to upgrade and develop technology infrastructure (inter-bank electronic payment system, financial switching and electronic clearing system, national credit information system, etc.) in order to assist credit institutions and intermediary payment service providers in implementing and providing safe, convenient products and services on digital platform. Enhance security, safety, and continuous operations of Inter-bank electronic payment system and important information systems of the SBV.

6. Promote cooperation and experience exchange, sharing with foreign partners regarding digitalization in banking sector. Actively participate in bilateral and multilateral cooperation forums in the region and around the world regarding innovation and creativity.

III. FOR BRANCHES OF SBV IN PROVINCES AND CITIES

1. Research and organize implementation of solutions and tasks under Decision No. 316/QD-TTg dated March 9, 2201, Decision No. 810/QD-NHNN dated May 11, 2021, and Decision No. 2006/QD-NHNN dated December 17, 2021 depending on local conditions and situations.

2. Actively monitor and acknowledge digitalization situation in banking sector and assurance of security, safety within their provinces and cities, and cooperate with relevant agencies and local governments in advising and promptly informing the People’s Committees of provinces and cities, and Governor of the SBV to implement tasks and specific, feasible solutions in order to promote digitalization in general and digitalization in banking sector to be specific, ensure security and safety according to targets and orientation of the Government and SBV.

3. Increase management, monitor, supervision, inspection, and examination in order to discover and take actions against violations of the law in operation of electronic banking activities and property security, safety assurance, and customer’s information and security within their competence.

4. Increase communication, dissemination, and popularization of knowledge regarding digitalization in banking sector, implement financial education program, instruct, and raise awareness of the local general public and enterprises about risk of cybersecurity, common and recent criminal activities, schemes and frauds relating to banking activities.

IV. FOR CREDIT INSTITUTIONS AND INTERMEDIARY PAYMENT SERVICE PROVIDERS

1. Continue to develop and implement Digitalization plan/strategy suitable with development orientation and resources, capabilities of the entities while prioritizing development and provision of innovative, safe, convenient, and appropriate products and services in a way that focuses on the customers in order to improve customers’ experiences.

2. Develop and implement General risk management framework including minimum risks during operation, professional activities, information technology, and legal affairs; increase internal inspection regarding information security and safety; regularly review and assess risks in order to develop precautions and timely responses during design, operation, and provision of products, services on internet environment.

3. Actively research and implement solutions and technologies (cloud computing, big data analysis, artificial intelligence/machine learning, biometric authentication, etc.) in designing, providing services and products, managing risks, optimizing operational procedures, etc. conforming to orientations of SBV regarding digitalization in banking sector, ensure consistency, synchronization, and connectivity in application and technical products thereby increasing operational effectiveness, improving customers’ experiences, etc.

4. Continue to extensively integrate and connect products, services, and platforms with other sectors in order to establish digital ecosystem and provide products, services for customers with a coherent and thorough experience while prioritizing sectors such as: medical, education, traffic, public administration, etc.

5. Adopt advanced solutions, technologies, and international safety, security standards for information technology system. Implement solutions for supervising, detecting, reporting, and promptly intercepting transactions that exceed the limit, suspicious transactions, and transactions not compliant with regulations and law.

6. Closely cooperate with entities affiliated to Ministry of Public Security and relevant agencies in researching and implementing solutions for connecting, sharing, and extracting information, data from Citizen identity card database and information on Chip-based ID cards to serve identification and verification of KYC information.

7. Strictly report on information security incidents in accordance with Circular No. 09/2020/TT-NHNN. Share information on threats to cybersecurity with members of the Vietnam cybersecurity incident response teams (VNCSIRTs) network in banking sector.

8. Disseminate novel, safe, convenient products and services; provide financial education and raise customers’ awareness about risks of cybersecurity and internet frauds; walk customers through knowledge and skills in safely, reasonably using banking services and deal with difficulties and complaints of customers. Produce recommendations and warnings in a timely and effective fashion regarding fraudulent methods and schemes of hi-tech crimes.

9. Closely cooperate with authorities in intercepting and controlling internet frauds and property appropriation crimes. Promptly submit reports on issues that cause lack of security and safety during service provision to the SBV.

V. IMPLEMENTATION

1. This Directive comes into effect from the date of signing.

2. Entities affiliated to SBV, credit institutions and intermediary payment service providers shall implement tasks under this Directive while submitting reports on implementing tasks under Decision No. 810/QD-NHNN. The reports must be submitted on an annual basis before December 15.

3. Chief of Office, Director of Payment Department, Director of Department of Information Technology, heads of entities affiliated to SBV, Directors of branches of SBV in provinces and central-affiliated cities, Chairpersons of Boards of Directors, Chairpersons of Boards of Members, General Directors of credit institutions, Chairpersons of Boards of Directors, and General Directors of intermediary payment service providers are responsible for implementing this Directive./.