Skip to Content
Whole SectionText only Print Print Manager Link


The internal controls must include, but not be limited to, those relating to the following:

(a) The development and or acquisition of the technology solutions to conduct the activity;
(b) Testing of the solutions and application program interfaces;
(c) Standards of communication and access and security of communication sessions;
(d) Safe authentication of the users;
(e) Processes and measures that protect customerG data confidentiality and personalised security credentials consistent with Law No. 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018;
(f) Tools and measures to prevent frauds and errors;
(g) Security policy;
(h) Information security testing including web applications testing, configuration reviews, penetration testing and smart device application testing
(i) Risk management controls;
(j) Prevention of anti-money laundering (AML) and combating terrorist financing (CTF);
(k) Record keeping and audit trails; and
(l) Operational and financial controls.
Added: December 2018
(1 Version)
Dec 1 2018 onwards
Back to top