Control over fraudulent transfers has been expanded: the regulator is now responsible for online services as well.
On March 20, the Central Bank published an updated procedure for informing the regulator about fraudulent transfers for payment system operators and electronic platform operators on the portal of legal acts. The project concerns financial transactions carried out "without the consent of customers" of banks and payment services, and "attempts to make" such transfers.
According to a Kommersant source close to the Central Bank, the key change is the extension of the regulator's requirements to operators of electronic platforms. According to the register of the Central Bank, these include PJSC Moscow Exchange, JSC Financial Platform and other online services for the financial industry and bank clients
Also under the requirement are operators of the exchange of digital financial assets, such as the St. Petersburg Stock Exchange - in case of attempts or theft of assets from customer accounts, they will be required to inform the Central Bank within the established time limit.
Operators will be required to report incidents to the Central Bank no later than the next business day, including transmitting data about attempts to perform illegal operations on the client's account or cyber attacks on the EEP infrastructure.
The new order comes into force at the end of June. Starting from October 2023, banks and other payment system operators will transmit expanded information about all participants in fraudulent transfers to the Central Bank. Information from the regulator's database is sent to all credit institutions through the FinCERT system.
The draft also clarifies the list of measures to counteract transfers of funds without the client's voluntary consent: "The document also sets out the procedure for the regulator to request and receive information from banks about transactions in respect of which the Ministry of Internal Affairs received information about illegal actions committed."
The NSPK added that the Central Bank makes a number of clarifications to reduce the risks of operations without the consent of customers.
According to the Central Bank, in 2023, the amount of funds stolen by fraudsters increased to 15.8 billion rubles. against the background of the growth of non-cash payments. Banks returned only 1.4 billion rubles to their customers.
On March 20, the Central Bank published an updated procedure for informing the regulator about fraudulent transfers for payment system operators and electronic platform operators on the portal of legal acts. The project concerns financial transactions carried out "without the consent of customers" of banks and payment services, and "attempts to make" such transfers.
According to a Kommersant source close to the Central Bank, the key change is the extension of the regulator's requirements to operators of electronic platforms. According to the register of the Central Bank, these include PJSC Moscow Exchange, JSC Financial Platform and other online services for the financial industry and bank clients
Also under the requirement are operators of the exchange of digital financial assets, such as the St. Petersburg Stock Exchange - in case of attempts or theft of assets from customer accounts, they will be required to inform the Central Bank within the established time limit.
Operators will be required to report incidents to the Central Bank no later than the next business day, including transmitting data about attempts to perform illegal operations on the client's account or cyber attacks on the EEP infrastructure.
The new order comes into force at the end of June. Starting from October 2023, banks and other payment system operators will transmit expanded information about all participants in fraudulent transfers to the Central Bank. Information from the regulator's database is sent to all credit institutions through the FinCERT system.
The draft also clarifies the list of measures to counteract transfers of funds without the client's voluntary consent: "The document also sets out the procedure for the regulator to request and receive information from banks about transactions in respect of which the Ministry of Internal Affairs received information about illegal actions committed."
The NSPK added that the Central Bank makes a number of clarifications to reduce the risks of operations without the consent of customers.
According to the Central Bank, in 2023, the amount of funds stolen by fraudsters increased to 15.8 billion rubles. against the background of the growth of non-cash payments. Banks returned only 1.4 billion rubles to their customers.
