Regulatory Alerts2024-01-01
Circular No. 29 on the Implementation of a Digital Risk Protection System
The Palestine Monetary Authority mandates all banks operating in Palestine to implement a comprehensive digital risk protection system and conduct continuous Dark Web monitoring. This requirement, issued under Circular No. 29/2024 following Cybersecurity Regulatory Framework No. 11, addresses rising electronic payment fraud by safeguarding brand reputation against external threats such as domain spoofing, phishing attacks, and fraudulent social media pages or links. Banks must also establish ongoing Dark Web surveillance to promptly detect unauthorized data breaches or the exploitation of customer and employee login credentials.
Palestine Monetary Authority
Circular No. (29 / 2024) To all banks operating in Palestine Date: Wednesday, 20 March, 2024
Subject: Implementation of a Digital Risk Protection System
Following our instructions regarding the requirements of Cybersecurity Regulatory Framework No. (11) for 2022, and in line with the Palestine Monetary Authority's efforts to develop the technological environment and electronic services within banks, and as a result of the increased use of electronic means in executing banking operations alongside the corresponding rise in threats related to fraud through electronic payment channels, all banks are requested as follows:
- Provide a system to protect the bank's digital risks and brand reputation from external threats, such as: use of a domain name similar to the bank's domain name, phishing attacks, creation of fake pages under the bank's name on social media platforms, creation of fake links utilizing the bank's logo and name.
- Continuous monitoring via the (Dark Web) to identify any unauthorized leakage or exploitation of the bank's and customers' data, or employees' login credentials.
Supervision Group Palestine Monetary Authority