Banks buckle up to tackle security issues head on
Banks buckle up to tackle security issues head on
Many local banks are wading through troubled waters as they strive to comply with personal data protection regulations, navigating the delicate balance between privacy rights, regulatory compliance, and cybersecurity.
Vietcombank and Techcombank last week updated data protection policies in accordance with Decree No.13/2023/ND-CP outlining new regulations on personal data protection, which took effect on July 1.
The revised conditions aim to comply with new regulations on personal data protection. These updates are part of the banks’ commitment to respecting customers’ privacy rights and include detailed information on data processing, rights, and obligations.
Banks buckle up to tackle security issues head on, illustration photo/ Source: freepik.com
According to the new directive, their customers, by virtue of using the bank’s array of products, services, or digital platforms, are deemed to have accepted these terms. A withdrawal of consent or non-acceptance could potentially limit the provision of the bank’s services.
In such instances, banks holds no liability for any subsequent losses, and it explicitly reserves their legal rights regarding any restrictions, suspensions, or cancellations.
In a parallel stride, other financial institutions such as FE Credit, VPBank, HDBank, Shinhan Bank, Shinhan Finance, Home Credit, and Mirae Asset Finance have also made similar updates.
The impetus behind this wave of policy reform stems from the Vietnamese government’s enactment of Decree 13, a landmark legislation that establishes a critical legal framework to regulate data protection obligations and cybersecurity in personal data processing activities. By implementing it, Vietnam aims to align its personal data protection standards with international best practices.
Pham Anh Tuan, head of the Payment Department at the State Bank of Vietnam (SBV), appreciated the significance of Decree 13 in bringing Vietnam’s personal data protection standards closer to international benchmarks. However, he underscored the anticipated challenges during the implementation phase.
“Decree 13 should not be regarded as the sole governing document, as it interacts with other laws that regulate credit organisations and financial institutions operating under the Law on Credit Organisations. Clarification and guidance from relevant authorities are thus imperative to navigate these intricacies effectively.”
To facilitate effective implementation, the Vietnam Bankers Association (VBA) proposes further guidelines that provide standardised interpretations and applications of Decree 13. The VBA also suggests the inclusion of a transition period to help institutions adapt to the new requirements.
During this transitional phase, joint circulars issued by the Ministry of Public Security (MoPS) and the SBV could offer much-needed explanations and provide practical guidance to financial institutions as they navigate the regulatory landscape.
Tran Thi Minh Tam, vice president of legal under the VBA, underscored the complexity faced by banks. Tam pointed out that, within the existing legal framework governing banking, activities involving the collection and processing of customer data, including personal data, are regulated by relevant legal documents.
However, challenges arise concerning the requirement for customer consent to process their data. Tam believed the practical difficulties in seeking consent from millions of customers, particularly when banks rely on data analysis to drive innovation and enhance their products and services.
“Striking a delicate balance between legal compliance and operational agility becomes crucial in these circumstances,” she said.
The implementation of Decree 13 coincides with a transformative period in the banking sector, characterised by the rise of open banking, increased connectivity with multiple partners, and a relentless focus on delivering superior user experiences.
Compliance with the decree’s requirements presents a formidable task, especially considering the evolving landscape of cyber threats.
Banks are taking proactive measures by adopting technological solutions to fortify their cybersecurity posture. The shift towards electronic systems and the digitalisation of transactions introduces new challenges, as criminals continuously adapt their tactics. However, even countries at the forefront of technology are not immune to data breaches, highlighting the persistent need for robust security measures.
Furthermore, in addition to Decree 13, banks must prepare for upcoming regulations that encompass categorising, assessing, and fortifying systems to ensure safety and mitigate the risk of data leaks. These endeavours contribute to effective and holistic management practices within the banking sector.
Underlining the gravity of the situation, lieutenant colonel Trieu Manh Tung, deputy head of the Department of Cybersecurity and High-Tech Crime Prevention under the MoPS, emphasised the constitutional importance of protecting personal data, as rampant online trading of leaked personal information persists.
The VBA also stressed the critical nature of implementing Decree 13, recognising the formidable task faced by Vietnamese banks. Achieving the delicate balance between maintaining customer trust, legal compliance, and safeguarding sensitive data against evolving cyber threats remains a top priority for the industry.