BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



Location: Central Bank of Bahrain Volume 5—Specialised Licensees > Specific Modules (By Type of Licensee) > Type 7: Ancillary Service Providers > Part A > Business Standards > OB Open Banking Module > OB-1 Risks, Systems and Controls > OB-1.1 Risks, Systems and Controls > Internal Controls > OB-1.1.1
  • Internal Controls

    • OB-1.1.1

      The Board of Directors or equivalent authority must take responsibility for the establishment and oversight of effective risk management and internal controls.

      Added: December 2018

    • OB-1.1.2

      Account information service providers (AISPs) and payment initiation service providers (PISPs) must use technology solutions which are capable of interfacing with software and systems used by licensees maintaining customerG accounts with no material modifications to their systems.

      Added: December 2018

    • OB-1.1.3

      Consistent with Module PB: Principles of Business, Paragraph, PB-1.1.10, AISPs and PISPs must establish adequate internal controls to safeguard the business, its customersG and licensees to which they have online access to.

      Added: December 2018

    • OB-1.1.4

      The internal controls must include, but not be limited to, those relating to the following:

      (a) The development and or acquisition of the technology solutions to conduct the activity;
      (b) Testing of the solutions and application program interfaces;
      (c) Standards of communication and access and security of communication sessions;
      (d) Safe authentication of the users;
      (e) Processes and measures that protect customerG data confidentiality and personalised security credentials consistent with Law No. 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018;
      (f) Tools and measures to prevent frauds and errors;
      (g) Security policy;
      (h) Information security testing including web applications testing, configuration reviews, penetration testing and smart device application testing
      (i) Risk management controls;
      (j) Prevention of anti-money laundering (AML) and combating terrorist financing (CTF);
      (k) Record keeping and audit trails; and
      (l) Operational and financial controls.
      Added: December 2018

Back to top