CBB Volume 5: Contents

Central Bank of Bahrain Volume 5—Specialised Licensees
Specific Modules (By Type of Licensee)
Type 7: Ancillary Service Providers
Part A
High Level Standards
AU Ancillary Service Providers Authorisation Module
AU-4 Information Requirements and Processes
BackRich TextPrint

You need the Flash plugin.

Download Macromedia Flash Player



  • Process for filing, monitoring, tracking and restricting access to sensitive payment data

    • AU-4.7.7

      The PISP and PSP should provide a description of the process in place to file, monitor, track and restrict access to sensitive payment data consisting of, but not limited to, the following:

      (a) a description of the flows of data classified as sensitive payment data in the context of the applicant's business model;
      (b) the procedures in place to authorise access to sensitive payment data;
      (c) a description of the monitoring tool;
      (d) the access right policy, detailing access to all relevant infrastructure components and systems, including databases and back-up infrastructures;
      (e) a description of how the collected data are encrypted such that the applicant will not be able to read or store it;
      (f) the expected internal and/or external use of the collected data;
      (g) the IT system and technical security measures that have been implemented including encryption and/or tokenisation;
      (h) confirmation that access to sensitive customer data is not available to the applicant;
      (i) an explanation of how breaches will be detected and addressed; and
      (j) an annual internal control programme in relation to the safety of the IT systems.
      Added: December 2018

Back to top