Regulator strengthens requirements for banks’ information security
The Financial Market Supervisory Body (FMSB) of Azerbaijan will conduct diagnostics of the level of digitization of local commercial banks, said Ilgar Hidayatov, a senior analyst at the FMSB department for control over payment systems.
Hidayatov, addressing a forum on risk management in Baku, noted that the FMSB intends to create a special working group for this purpose.
"The readiness of banks to this process will be checked, as well as the world experience in this field will be studied. Following the diagnosis, relevant changes will be made in the regulations on the security of information systems in banks, as well as in other normative documents," Hidayatov said.
The FMSB has already sent a number of new requirements to the banks on information security, according to him.
"The package of requirements reflects the availability of workstations, web security, risk detection, email protection, information channel encryption and other requirements. The banks also were urged to improve the work regarding the notification of the team about information security, training and inspections," he noted.
Hidayatov pointed that another important goal is to regulate the activities of non-banking credit organizations.
"Currently, we do not have regulatory documents regulating the activities of these organizations, as well as other companies providing payment services. By the end of the year, we expect the adoption of the law "On Financial Market Supervision Body ", after which we will be able to present a number of rules and regulations allowing regulate activities of the above mentioned companies,” Hidayatov added.
Some 32 banks, more than 140 non-banking credit organizations and 97 credit unions operate in Azerbaijan. Advisory Director of Deloitte Azerbaijan Tural Hajiyev said that the recent survey showed the level of risk management in the sector of information technology and management mechanisms.
“One of the negative factors is related to the audit process in Azerbaijani companies,” Hajiyev noted. “About 12 percent of the respondents said that the audits don’t cover the risks associated with information technology and security, and this shows the ineffectiveness of the internal audit function. The second problem is the lack or inefficiency of the technology committees’ operation.”
“Only seven percent of the respondents talked about the availability and efficient operation of technology committees in companies,” he added. “Some 93 percent of respondents said that technology committees in companies are either absent, or operate inefficiently. In addition, IT security risk assessment is not carried out in companies.”