LogoRegulatory Alerts
2022-01-01

Circular No. 67: Electronic Clearing System at the Bank

The Palestine Monetary Authority issued Circular No. 67/2022 mandating all Palestinian banks to implement stricter controls over their electronic clearing systems following a fraud incident. The directive requires enhanced dual control, strict segregation of duties, comprehensive system reviews and user acceptance testing, centralized database linking, revocation of premature print permissions, and strengthened internal audit oversight. Additionally, banks must activate SMS notifications for customers upon check deposits to improve transaction transparency and monitoring.

Palestine Monetary Authority logo

Palestine

Palestine Monetary Authority

Click to view thumbnail

[Logo of the Palestine Monetary Authority]

Palestine Monetary Authority PALESTINE MONETARY AUTHORITY

Circular No. (67 / 2022) To all banks operating in Palestine Date: Tuesday, March 15, 2022

Subject: Electronic Clearing System at the Bank

In light of the findings revealed during recent inspection rounds at banks, to address deficiencies identified in the electronic clearing system that led to a fraud incident, and to mitigate the risks of exploiting any vulnerabilities in banking systems and connected systems, and based on best standards and practices, all banks are required to comply with the following:

  1. Enhance dual control in the implemented electronic clearing system and adhere to best practices regarding segregation of duties, ensuring that no single employee combines input/modification/cancellation/approval functions within the system, whether in branches or the central operations department.
  2. Conduct a comprehensive review of all available functions on the electronic clearing system and their necessity, and perform system function testing and user acceptance testing (UAT) scenarios covering all system functions. Additionally, conduct a comprehensive risk assessment and review of available supervisory controls to strengthen the principles of dual control and segregation of duties, thereby mitigating the risk of exploiting any vulnerabilities.
  3. Prohibit storing any data at any stage of the check input or processing process on the devices of employees with input authorization. All check input stages must be linked centrally to the electronic clearing system's database, enabling the saving and retrieval of system modifications and transactions as needed, while ensuring all core data is retained in the main banking system.
  4. Revoke any authorization that enables an employee to print any notification for a transaction before its stages are completed and recorded in the system database.
  5. Strengthen the supervisory role of Internal Audit and Information Security within the Risk Department in monitoring any system modifications, particularly at the level of granting functional groups and modifying functions and their associated screens, ensuring these modifications do not conflict with the segregation of duties principle and enhance dual control. Additionally, conduct a comprehensive risk assessment for various functions, processes, and screens related to the electronic clearing system.
  6. Activate SMS notifications for customer accounts, ensuring an SMS is sent to the customer upon check deposit into the account.

Supervisory Group Palestine Monetary Authority

www.pma.ps Ramallah and Al-Bireh Governorate - Palestine P.O. Box 452 | Tel: +970 2 2415251 | Fax: +970 2 2415310 | info@pma.ps Gaza - Palestine P.O. Box 4026 | Tel: +970 8 2825713 | Fax: +970 8 2844487

Share