LogoRegulatory Alerts
2017-01-01

Circular No. 16/2017: Operational Risk Events

The Palestine Monetary Authority mandates all Palestinian banks to immediately report specified operational risk events, including fraud, system downtime exceeding two hours, theft, cybercrime, and employee assault, via email or phone followed by a detailed written report within three business days. Each incident report must contain a standardized set of details covering the event's nature, location, dates, status, impact, causes, financial losses, and corrective actions taken. The circular repeals previous directive 2007/107, requires banks to notify competent authorities and pursue legal action per prevailing laws, and maintains existing obligations regarding counterfeit currency reporting.

Palestine Monetary Authority logo

Palestine

Palestine Monetary Authority

Click to view thumbnail

Palestine Monetary Authority

PALESTINE MONETARY AUTHORITY

Circular No. (16/2017)

To all banks operating in Palestine Date: Monday, March 20, 2017

Subject: Operational Risk Events

In order to ensure the safety and stability of the banking sector in Palestine, and to mitigate operational risks that banks may face, which could negatively impact their financial position and continuity of banking activities, and consequently increase the sector's exposure to operational, legal, and reputational risks, all banks are required to comply with the following:

A. Immediate reporting to the Palestine Monetary Authority via email or phone of the following operational risk events, followed by a detailed written report within a maximum of three business days from the date of discovery.

  1. Internal and/or external fraud.
  2. Downtime of sensitive automated systems (core banking, transfer systems, check systems, electronic channels, ATM systems, anti-money laundering systems, CCTV recording systems, and any other sensitive systems) for more than two hours.
  3. Events related to embezzlement, breach of trust, and credit abuse.
  4. Theft / Robbery.
  5. Forgery / Counterfeiting of credit cards, ATM cards, checks, documents, and papers, etc.
  6. Cybercrime / Electronic fraud.
  7. Damage or losses to financial assets resulting from natural disasters, fire, or any other events.
  8. Bribery and extortion.
  9. Assault on employees.

B. The bank's reporting letter must include the following minimum information:

| - Nature of the event. | | - Location of the event. | | - Date of discovery of the event. | | - Date of occurrence of the event. | | - Status of the event (resolved/ongoing). | | - Description of the event. | | - Nature of the event's impact (financial, operational, strategic, reputational, and legal impact). | | - Causes of the event. | | - Impact of the event. | | - Actual and/or potential losses. | | - Measures taken by the bank to address the event, including review of supervisory controls, operations, transactions, and accounts, formation of investigation committees, preparation of investigation reports, and compensation procedures. |

C. Establishment of a mechanism to ensure that bank management and branches immediately report operational risk events to the Risk Department.

Circular No. (2007/107) is hereby repealed. The Palestine Monetary Authority emphasizes the necessity of taking legal measures in accordance with prevailing laws and regulations, including notifying the competent authorities and informing us thereof. Banks must continue to comply with reporting requirements regarding counterfeit/ forged currency as per relevant PMA directives.

Deputy Governor for Financial Stability Affairs

Page 1 of 2

Ramallah - Palestine P.O. Box 452 | Tel: +970 2 2415250 | Fax: +970 2 2409922 Gaza - Palestine P.O. Box 4026 | Tel: +970 8 2825292 | Fax: +970 8 2844487 Email: info@pma.ps www.pma.ps

Palestine Monetary Authority

PALESTINE MONETARY AUTHORITY

B. The bank's reporting letter must include the following minimum information:

| - Nature of the event. | | - Location of the event. | | - Date of discovery of the event. | | - Date of occurrence of the event. | | - Status of the event (resolved/ongoing). | | - Description of the event. | | - Nature of the event's impact (financial, operational, strategic, reputational, and legal impact). | | - Causes of the event. | | - Impact of the event. | | - Actual and/or potential losses. | | - Measures taken by the bank to address the event, including review of supervisory controls, operations, transactions, and accounts, formation of investigation committees, preparation of investigation reports, and compensation procedures. |

C. Establishment of a mechanism to ensure that bank management and branches immediately report operational risk events to the Risk Department.

Circular No. (2007/107) is hereby repealed. The Palestine Monetary Authority emphasizes the necessity of taking legal measures in accordance with prevailing laws and regulations, including notifying the competent authorities and informing us thereof. Banks must continue to comply with reporting requirements regarding counterfeit/ forged currency as per relevant PMA directives.

Deputy Governor for Financial Stability Affairs

Page 2 of 2

Ramallah - Palestine P.O. Box 452 | Tel: +970 2 2415250 | Fax: +970 2 2409922 Gaza - Palestine P.O. Box 4026 | Tel: +970 8 2825292 | Fax: +970 8 2844487 Email: info@pma.ps www.pma.ps

Share