LogoRegulatory Alerts
2025-01-01

Instructions No. 12 of 2025 Regarding Operational Events (1)

The Palestine Monetary Authority issued Instructions No. 12 of 2025 to regulate the reporting process for operational events across all licensed banks. The Instructions mandate immediate telephone and email notifications, followed by detailed official reports within three working days, covering disruptions, human errors, cyberattacks, fraud, and third-party impacts. Furthermore, banks must submit comprehensive reports detailing event causes, status, financial impact, and corrective actions, while maintaining approved internal policies and documentation mechanisms to ensure operational continuity.

Palestine Monetary Authority logo

Palestine

Palestine Monetary Authority

Click to view thumbnail

[Logo of the Palestine Monetary Authority] PALESTINE MONETARY AUTHORITY

Instructions No. (12) of 2025 Regarding Operational Events

Based on the provisions of Law Decree No. (9) of 2010 concerning Banks, particularly Articles (43) and (72) thereof, and in accordance with the powers delegated to us, and in pursuit of the public interest, we have issued the following Instructions:

Article (1) Definitions

The following words and phrases shall, wherever they appear in these Instructions, have the meanings assigned to them below unless the context indicates otherwise: Operational Events: Exposure to losses resulting from inadequate or failed internal processes, people, systems, or arising from external events.

Article (2) Objective and Scope of Application

  1. The provisions of these Instructions aim to regulate the reporting process for operational events.
  2. The provisions of these Instructions apply to all banks licensed by the Palestine Monetary Authority to conduct banking business.

Article (3) Reporting of Operational Events

The bank shall comply with the following:

  1. Notify the Palestine Monetary Authority immediately via telephone and email regarding any of the following operational events, followed by a detailed report through official communication channels within a maximum of three working days from the date of discovery or occurrence of the event:

1 www.pma.ps | Ramallah & Al-Bireh Governorate - Palestine P.O. Box 452 | Postal Code: P6160675 | Tel: +970 2 2415251 | Fax: +970 2 2415310 | info@pma.ps

[Logo of the Palestine Monetary Authority] PALESTINE MONETARY AUTHORITY

a. Business disruption, failure, or interference for more than (15) minutes in any of the following: banking services, banking systems, electronic channels of all types, systems managed by third parties such as (SWIFT, Visa, MasterCard), anti-money laundering systems, camera recording systems, and any other systems through which banking operations are executed. b. Human errors that affect customer accounts or may affect the bank's reputation, such as incorrect data entry. c. Cyberattacks and electronic hacking, and any breach of information security or data leakage/spillage. d. Counterfeiting or forgery of cards of all types, checks, documents, and records... etc. e. Internal or external fraud, such as events related to embezzlement, breach of trust, and credit mismanagement. f. Events related to any contracted third party that affect or are likely to affect the bank's systems and services. g. Damage or losses to critical assets or buildings resulting from negligence, weak internal controls, or due to (assault, intrusion, riots, natural disasters). h. Robbery or theft. i. Any other events that may affect the bank and its ability to continue operations. 2. The report shall include, at a minimum, the following information: a. The nature and description of the event and its causes. b. The date of occurrence and discovery of the event. c. The status of the event (resolved/pending). d. The impact of the event (financial, strategic, reputational, legal... etc.), and identification of the affected systems. e. Actual or potential losses, and recovered insurance amounts, if any. f. The immediate measures taken by the bank to mitigate them. g. Corrective measures to prevent recurrence of the event. 3. Preparing a clear and approved policy, operational procedures, and internal channels regarding the internal reporting of operational events that protect and encourage employee reporting, along with a documentation mechanism for all operational events, including internal investigations and results, follow-up on corrective measures, and review of supervisory controls.

2 www.pma.ps | Ramallah & Al-Bireh Governorate - Palestine P.O. Box 452 | Postal Code: P6160675 | Tel: +970 2 2415251 | Fax: +970 2 2415310 | info@pma.ps

[Logo of the Palestine Monetary Authority] PALESTINE MONETARY AUTHORITY

Article (4) Repeal

  1. Circular No. (2017/46) issued on 2017/03/20 regarding events related to operational risks is hereby repealed.
  2. All provisions inconsistent with these Instructions are hereby repealed.

Article (5) Penalties

Any person who violates the provisions of these Instructions shall be penalized in accordance with Law Decree No. (9) of 2010 concerning Banks.

Article (6) Implementation and Enforcement

All competent authorities shall, each within their respective jurisdiction, implement the provisions of these Instructions, which shall apply from the date of their issuance.

Issued in the city of Ramallah, on date: 09 / 09 / 2025 AD

[Signature] Yahya Al-Shenar Governor

3 www.pma.ps | Ramallah & Al-Bireh Governorate - Palestine P.O. Box 452 | Postal Code: P6160675 | Tel: +970 2 2415251 | Fax: +970 2 2415310 | info@pma.ps

Share