Circular Letter No. 9/30/DPNP - Risk Management in the Use of Information Technology by Commercial Banks - Bank Sentral Republik Indonesia
Navigate Up
Sign In
February 19, 2019
Summary Of Regulations Bank Indonesia

Summary : Circular Letter of Bank Indonesia Number 9/30/DPNP on Implementation of Risk Management in the Use of Information Technology by Commercial Banks
Valid as of : March 31st 2008

Summary :

  1. Following the issuance of Regulation of Bank Indonesia Number 9/15/PBI/2007 dated November 30th 2007 on the Implementation of Risk Management in the use of Information Technology by Commercial Banks, it is deemed necessary to establish functional directives in the form of a Circular Letter.
  2. Main directives include the followings:
    1. Implementation of Risk management must be conveyed into policies, procedures, standards or guidelines used to manage IT resources (hardware, software, networks, human resources, data/information) and mitigate IT risks.
    2. Policies and procedures in the use of Information Technology and guidelines for risk management in the use of Information Technology refer to either the Guidelines for Risk Management in the Use of Information Technology by Commercial Banks, which comprises Appendix 1 of this Circular Letter or the Standard Guidelines for Bank Risk Management as arranged in Circular Letter Number 5/21/DPNP on Risk Management for Commercial Banks. Such guidelines are the main principles of risk management in the use of Information Technology which are mandatory for Banks in order to mitigate the risks associated with the carrying out of Information Technology.
    3. Risk management will be applied according to the Bank’s goals, business policies, and magnitude of business, as long as the Bank has taken into account the results of risk analysis on the Bank’s business activities, its Information Technology security profile, and cost and benefit.
    4. Banks that already have IT policies and procedures are required to modify them by December 31st 2008. Said policies and procedures must at least include the following aspects:
      1. Management;
      2. Development and establishment;
      3. Operational Information Technology;
      4. Communication networks;
      5. Information security;
      6. Business Continuity Plan;
      7. End user computing;
      8. Audit;
      9. Electronic Banking; and
      10. Employment of Information Technology service providers.
    5. Banks are required to submit the following reports:
      1. Report on the Use of Information Technology, submitted by September 30th 2008 at the latest;
      2. Annual Report on the Use of Information Technology, submitted at least 1 (one) month after the end of each report year. The Annual Report on the Use of Information Technology for 2008 is to be submitted by January 31st 2009 at the latest;
      3. Reports on Fundamental Alteration Plans of Information Technology;
      4. Reports on the Realization of Fundamental Alteration Plans of Information Technology. Banks that submit reports on the realization of alteration plans concerning new products or activities using this report are not required to submit a New Product and Activity Report as directed in Bank Indonesia’s regulations on risk management for commercial banks;
      5. Reports on Cirtical Occurences, Misuse and/or Illegal Activities in the Carrying out of Information Technology (IT).
    6. Banks can only establish Data Centers, Disaster Recovery Centers and/or carry out Information Technology Based Transaction Processing out of state after receiving approval for plans to do so from Bank Indonesia;
    7. Banks that have previously reported the establishment or carrying out of Information Technology by a third party in out of country prior to the validation of this regulation must submit a renewed request for approval to Bank Indonesia for the continuation of the employment of said parties in the establishment or carrying out of Information Technology used by the Bank.
Tags:  

Survey

Is this article give you useful information?
Rate this article:
Comment:
Show Left Panel