Skip to main content
Entire section Custom print Text Only Rich Text Print

6.1.1 Policies, Procedures and Systems

C 8/2020 STA Effective from 25/12/2020
  1. 6.1.1.1Pursuant to Article (120) in Decretal Federal Law No. (14) of 2018, Regarding the Central Bank & Organization of Financial Institutions and Activities, Licensed Financial Institutions must have policies, procedures and control frameworks regarding the collection, protection, confidentiality and authorized use of Consumers’ Data. Consumers must be informed in Writing with respect to how their personal information will be processed, e.g. collected, used, disclosed, Data mined and profiled.
  2. 6.1.1.2Licensed Financial Institutions must protect Consumer Data and maintain the confidentiality of the Data, including when it is held, accessed or used by Authorized Agents.
  3. 6.1.1.3Licensed Financial Institutions are responsible for ensuring Data protection and individual Consumer confidentiality with respect to any profiling, Data mining, marketing and sale of financial services through use of new technologies and social media.
  4. 6.1.1.4Licensed Financial Institution must provide a safe, secure and confidential environment in all of its delivery channels to ensure a high level of confidentiality and privacy of Personal Data.
  5. 6.1.1.5Licensed Financial Institutions have a legal obligation of confidentiality towards a Consumer except:
    1. a.When disclosure of Consumer Data is properly imposed by a legal authority; or
    2. b.When disclosure is made with the expressed consent of the Consumer, or through a representative nominated by the Consumer.
  6. 6.1.1.6Licensed Financial Institutions must have a proper Data Management Control Framework with policies, procedures, system controls, and checks and balances to protect Consumer Data and to identify and resolve any incidents of information security breaches, when they may occur.
  7. 6.1.1.7Where the Consumer’s identity verification is conducted online, the Licensed Financial Institution must apply more than one evidence of identity verification for electronic services. Licensed Financial Institutions must advise Consumers regarding any directed and repeated attempts of online fraud on their accounts for the Consumers to take additional precautions.
  8. 6.1.1.8Licensed Financial Institutions must secure digital transaction processing and controls, implement detailed activity monitoring and enhance Consumer identification methods in accordance with the Central Bank’s requirements for strengthening Digital Channels.
  9. 6.1.1.9Licensed Financial Institutions must provide employee training and awareness programs on their Data control framework for accessing and handling Consumer Data and reporting security and policy breaches. The Licensed Financial Institution must promote the importance of protecting Consumer’s Data as an ongoing responsibility of Staff with reminders sent on an annual basis.
  10. 6.1.1.10Licensed Financial Institutions must ensure that access to personal information and Personal Data of Consumers is limited to authorized business lines and their Staff only. Licensed Financial Institutions must maintain logs for audit and supervisory purposes, recording the names of Staff who have accessed Consumer databases and the timing. Such records must be provided to the Central Bank as and when requested.