On March 20, the Central Bank published an updated procedure on its portal for informing the regulator about fraudulent transfers involving payment systems and electronic platform operators (OEP). This project focuses on financial transactions that are carried out “without coordination with customers” of banks and payment services, and also addresses “attempts to make such transfers.”
One key change, according to a source from Kommersant close to the Central Bank, is the expansion of the regulator’s requirements to include electronic platform operators. This includes entities like PJSC Moscow Exchange, financial platform JSC, and other online services in the financial industry that cater to bank customers.
Another requirement outlined in the updated procedure involves the exchange of digital financial assets. Institutions like St. Petersburg Exchange will now be required to inform the Central Bank within a specified time frame in case of attempted or successful asset theft from customer accounts.
Operators are mandated to report any incidents to the Central Bank no later than the following business day. This includes providing details on attempts to conduct illegal operations on a client’s account or cyber attacks on the OEP infrastructure.
The new procedure will officially come into effect at the end of June. From October 2023 onwards, all fraudulent transfer information will be transmitted to the Central Bank by banks and other payment systems. This information will be disseminated to all credit organizations via the finser system.
Additionally, the project outlines a list of measures aimed at preventing the transfer of funds without the voluntary consent of the client. It also specifies the process through which the regulator can request and obtain information from banks regarding operations where illegal activities have been reported to the Ministry of Internal Affairs.
NSPK stated that the Central Bank’s updates aim to minimize the risks associated with operations conducted without the consent of customers. In 2023, scammers reportedly stole 15.8 billion rubles, with banks only returning 1.4 billion rubles to affected customers amidst the growing trend of cashless payments, as highlighted by the Central Bank.