Decision on Minimum Information System Management Standards for Financial Institutions
In its meeting of 12 March, the NBS Executive Board adopted the Decision on Minimum Information System Management Standards for Financial Institutions, setting the minimum standards and requirements for safe and sound business operations in terms of information system management and business continuity of financial institutions.
For the first time, all financial institutions supervised by the NBS shall be encompassed under a single and comprehensive decision which regulates corporate information system management, information system risk management, information system internal audit and safety, business continuity planning and disaster recovery, information system development and maintenance, and outsourcing of information system-related activities. In addition, the Decision prescribes the conditions pertaining to electronic banking for banks.
We expect that the application of provisions of the new Decision will considerably improve information system management, which is a necessary precondition for safe and sound business operations of financial institutions. The risk-based approach is crucial for the prevention of unwanted events by requiring financial institutions to perform continual risk management of their information systems and to enhance the system of controls in order to mitigate the risks.
The above decision shall come into force eight days after its publication in the RS Official Gazette and shall be applied by banks as of 1 January 2014, and by insurance companies, financial leasing providers and voluntary pension funds as of 1 July 2014.
Centre for Information Systems Supervision