Regulatory Alerts2024-01-01
Palestine Monetary Authority Circular No. 21 of 2024 on IT Operational Events and Information Security
The Palestine Monetary Authority issued Circular No. 21 of 2024 to establish mandatory requirements for reporting IT operational events and ensuring information security within regulated entities. The directive mandates the immediate notification of significant IT incidents and outlines specific protocols for maintaining the confidentiality, integrity, and availability of information systems. Compliance with these standards is enforced to mitigate operational risks and safeguard the stability of the Palestinian financial sector.
PALESTINE MONETARY AUTHORITY
Circular No. 21 of 2024
IT Operational Events and Information Security
Ramallah & Al-Bireh Governorate - Palestine P.O. Box 452 info@pma.ps | Fax: +970 2 2415310 | Tel: +970 2 2415251 Postal code: P6160675
(2024/ 21)
IT Operational Events and Information Security
Date: 13 January 2024
To: All Banks and Financial Institutions Email: mchangers@pma.ps
Subject: IT Operational Events and Information Security
Reference: Circular No. 21 of 2024
Dear Sir/Madam,
In light of the increasing reliance on information technology in the financial sector and the growing threats to information security, the Palestine Monetary Authority (PMA) has issued this circular to regulate the reporting of IT operational events and to strengthen information security standards among regulated entities.
This circular requires all banks and financial institutions to implement robust information security frameworks and to report any significant IT operational events to the PMA immediately upon detection. The purpose is to ensure timely response, mitigate risks, and maintain the integrity and stability of the financial system.
Key requirements include:
- Information Security Framework: Entities must establish and maintain a comprehensive information security policy aligned with international standards.
- Incident Reporting: Any IT operational event that impacts the confidentiality, integrity, or availability of critical systems or data must be reported to the PMA without delay.
- Risk Management: Regular risk assessments and audits must be conducted to identify and mitigate potential vulnerabilities.
- Business Continuity: Entities must have effective business continuity and disaster recovery plans in place.
Failure to comply with this circular may result in regulatory sanctions.
We trust that you will take the necessary steps to ensure full compliance.
Sincerely,
Governor Palestine Monetary Authority