Bank of Russia publishes list of threats for banks to consider when implementing biometric identification

The Bank of Russia has established a list of information security threats that banks will need to take into account when collecting, using and transferring biometric personal data of their clients. The list is provided in the ordinance registered by the Ministry of Justice and published on the regulator’s website.

These threats include violations of integrity (substitution, deletion), accessibility (transfer blocking) and confidentiality of clients’ biometric personal data.

Credit institutions will need to consider these criteria when opening a deposit or an account, granting a loan, transferring funds and providing other services to their clients in order to protect them from illegal activities.

The regulation was developed by the Bank of Russia in cooperation with the FSB and the FSTEC and is the key document for credit institutions to consult with when selecting information protection facilities, in particular, data encryption tools. Considering that credit institutions will need to take certain organisational and technological measures to comply with the ordinance, the Bank of Russia has postponed imposing supervisory sanctions for non-compliance.