Cybersecurity updates: Russias Central Bank to supervise all financial institutions

Previously, only banks were required to report to the Central Bank in cybersecurity matters, however, starting with October 2018, insurance, microfinance and other supervised organizations will also fall under the Central Banks supervision.

Thus, banks will have to assess the risks of unauthorized money transfers and develop their own criteria for such transfers. The Central Bank, in turn, will develop and by that time publish its criteria for potentially fraudulent transactions. However, operations involving transfers of funds from a legal entitys account to many personal accounts in other regions fall into the “questionable” category, as well as transactions with “unusual” purpose of payment.

Banks will also have to implement mechanisms to block such transactions and make changes to existing contracts with customers. If there are signs of unauthorized transfer of funds, banks are required to suspend execution of the payment for up to two days and request confirmation from the client, according to Russian News agency Tass.

The law also includes the procedure for banks for situations when customers themselves report fraudsters gaining access to managing their accounts.