Regulatory Alerts2024-01-01
Palestine Monetary Authority Circular No. 21 of 2024 on Operational Events Related to Information Technology – Information Security
The Palestine Monetary Authority issued Circular No. 21 of 2024 to mandate comprehensive information security frameworks and standardized reporting protocols for all licensed financial institutions. The circular requires entities to implement robust cybersecurity measures, conduct regular risk assessments, and report significant operational IT events within stipulated timeframes to ensure regulatory compliance. Effective immediately upon issuance, the directive supersedes prior guidelines and subjects non-compliant institutions to supervisory audits and regulatory sanctions.
PALESTINE MONETARY AUTHORITY www.pma.ps
Circular No. 21 of 2024 Regarding Operational Events Related to Information Technology – Information Security
Date: 13 January 2024 To: All Banks, Licensed Financial Institutions, and Relevant Entities Email: mchangers@pma.ps
Subject: Information Security Framework and Operational IT Event Management
Pursuant to the statutory powers granted by the Monetary Authority Law and applicable regulations, the Palestine Monetary Authority (the "Authority") hereby issues this circular to all licensed entities regarding the implementation of robust information security standards and the management of operational IT events.
This circular outlines the key regulatory requirements, reporting obligations, and compliance frameworks that licensed entities must adopt. Licensed entities are required to establish comprehensive information security policies, conduct regular risk assessments, and implement effective cybersecurity measures. Significant operational IT events, including system failures, data breaches, and service disruptions, must be reported to the Authority within the stipulated timeframes.
The requirements encompass data protection protocols, incident response procedures, third-party risk management, and continuous monitoring mechanisms. Licensed entities must align their internal policies and operational procedures with these provisions to ensure regulatory compliance. The Authority will conduct periodic reviews, audits, and supervisory assessments to verify adherence, with non-compliance subject to applicable regulatory sanctions.
This circular takes effect from the date of issuance and supersedes all previous related directives and guidelines. Licensed entities are expected to fully implement the required measures upon this effective date. For further clarification or submissions, please contact the Information Technology and Cybersecurity Department at mchangers@pma.ps.
Palestine Monetary Authority Ramallah & Al-Bireh Governorate – Palestine P.O. Box 452 | Postal Code: P6160675 Tel: +970 2 2415251 | Fax: +970 2 2415310 Email: info@pma.ps | Website: www.pma.ps