LogoRegulatory Alerts
2021-01-01

Circular No. 129 (2021): Electronic Authorization for Customer Inquiry

The Palestine Monetary Authority permits lending institutions to replace direct written consent with electronic authorization for customer data inquiries, contingent upon implementing specific verification and security protocols. Institutions must design systems that cross-reference customer identification and mobile numbers against PMA databases, require SMS-based one-time passwords for explicit consent, and strictly limit data exchange to internal application processing without disclosing PMA records to applicants. Each institution bears full liability for the accuracy of submitted customer data, must retain copies of electronic authorizations, and is required to secure prior PMA approval before launching the service.

Palestine Monetary Authority logo

Palestine

Palestine Monetary Authority

Click to view thumbnail

Palestine Monetary Authority

PALESTINE MONETARY AUTHORITY

Circular No. (2021/129)

To All Lending Institutions Operating in Palestine

Date: Wednesday, June 16, 2021

Subject: Electronic Authorization for Customer Inquiry

Reference is made to PMA Memorandum No. 2009/26 dated May 26, 2009, and the related clause requiring written authorization for inquiring about and disclosing customer data on the PMA databases. In alignment with the PMA's strategy to enhance and support the fintech sector in Palestine and direct lending institutions toward adopting electronic channels for delivering financial services and products, we hereby inform you that the PMA approves granting lending institutions the ability to obtain electronic authorization for customer inquiries instead of direct written authorization. The following constraints and provisions must be considered when designing the electronic inquiry mechanism:

  • The mechanism must be designed to support matching customer ID number and mobile phone number data according to the PMA databases against data sent by the prospective customer, ensuring alignment with the PMA regarding the authentication mechanism's programming.

  • When implementing the verification and matching mechanism, reliance must be placed on sending an SMS to the customer's phone number containing a one-time password (OTP) code that the customer must enter to complete the process, which shall constitute the customer's written consent.

  • Data exchange is strictly limited between lending institutions and the PMA, and customers shall never be disclosed any data derived from the PMA databases. The use of electronic authorization shall be strictly limited to the review of the application submitted by the customer.

  • Each lending institution is responsible for the accuracy and currency of its customers' data disclosed on the PMA databases and bears full responsibility if any information disclosed by it is found to be inaccurate.

  • Each lending institution shall retain a copy of the electronic authorization sent by the customer.

  • The approval under the above conditions does not include sending the inquiry and disclosure authorization via email or fax.

Accordingly, lending institution management is requested to circulate the contents of this circular to relevant personnel, emphasizing the necessity of obtaining prior PMA approval before launching the service.

Financial Advisory Group Palestine Monetary Authority

Ramallah & Al-Bireh Governorate - Palestine P.O. Box 452 info@pma.ps | Fax: +970 2 2415310 | Tel: +970 2 2415251 Gaza - Palestine P.O. Box 4026 Fax: +970 8 2844487 | Tel: +970 8 2825713 www.pma.ps

Share