The Central Bank of Russia plans to update the procedure for reporting fraudulent transfers for online financial transaction services and digital money operators, which will increase the effectiveness of combating illegal activities and ensure safer work with finances in the digital space. The key change will be the extension of Bank of Russia requirements to operators of electronic platforms. The new procedure for notifying the Central Bank of cyber incidents may come into force at the end of June this year.
Reasons for the appearance of the bill and its goals
The Central Bank (CB) of Russia plans to update the procedure for reporting fraudulent transfers in online services for financial transactions and the exchange of digital financial assets .
As criminals sharpen their arsenal of scams, the financial security of Russian citizens is under constant threat. Modern scammers do not wear masks or weapons , but instead they use social engineering through phone calls or emails. Fraudsters can record a voice and then use software to create an imitation “deepfake” version that they can use to impersonate you. For victims of bank fraud, the realization that they have been deceived often comes too late, and the money itself is sometimes impossible to return.
The Central Bank plans to improve counteraction to illegal actions and ensure more effective work in cases of fraudulent withdrawals of funds from citizens. According to the regulator, the volume of funds stolen by fraudsters in 2023 increased to 15.8 billion rubles, which is 11.5% more than in 2022. The financial regulator noted that this increase occurred due to an increase in the volume of monetary transactions using payment cards.
Photo: DC Studio / Photobank Freepik
In accordance with the new rules of the Central Bank, the document of which was published on the portal of draft regulatory legal acts on March 20, 2024 under number 146519. From June 2024, operators of payment systems and electronic platforms, including banks and payment systems , will have to transfer data on stolen client funds to the financial regulator.
It follows from the document that this expansion of information exchange in Russia can help prevent crimes and reduce losses. This document addresses the problem of illegal transfers made without the consent of clients by banks and payment services. It examines fraudulent attempts and their consequences for affected parties. Thus, operators must notify the Bank of Russia about the incident no later than the next working banking day. In addition, it is expected to transmit data about attempts to carry out illegal transactions on the client’s account or cyber attacks on the infrastructure of electronic platforms.
The Central Bank reported that the list of measures to prevent the transfer of funds without the client’s consent has also been clarified. The document also establishes the procedure for the financial regulator to request and receive from banks information about transactions in respect of which information about illegal actions has been received from the Ministry of Internal Affairs .
More about the bill
The list of companies subject to new requirements includes Moscow Exchange PJSC , Financial Platform JSC and other online services in the financial sector. Mandatory information to the Central Bank also includes “digital financial asset exchange operators,” including PJSC St. Petersburg Exchange .
The new system for reporting incidents in cyberspace will begin to operate at the end of June 2024. Data from the regulator’s register will be distributed to all credit institutions through the system of the Center for Monitoring and Response to Computer Attacks in the Credit and Financial Sphere ( FinCERT ). The system will be responsible for information exchange between financial institutions, telecom operators and companies in the field of information security (IS), as well as state law enforcement agencies .
As of October 1, 2023, an updated version of the rules regarding the exchange of information about cyber attacks and incidents in the financial sector is already in effect. As a result, the Central Bank of Russia received additional data about the participants in fraudulent transfers, and not just about the recipient of the stolen funds. According to the regulator, this has increased effectiveness in combating fraud in the financial sector. The new rules allowed Russian banks to provide information about dubious transfers based on 50 unique characteristics. Banks also began to pay attention to monetary transactions that are atypical for the client from a new phone or computer.
The regulator indicates that information about cyber attacks and personal data leaks on Russian territory is also required to be provided in as much detail as possible in accordance with the international system for classifying the actions of attackers .
