Cyber incident data submission formats and timeframes to be standardised

The Bank of Russia has approved the format and procedure for supervised entities’ interactions with FinCERT, which includes the detection of information security incidents. The rules are laid out in the Industrial Standard.

The document aims to enshrine banks’ and, moving forward, possibly other supervised entities’ obligation to monitor client transactions for fraud (i.e. detect fraudulent transactions) and suspend them for up to two days should signs suggest that they were meant to be conducted without the knowledge of the fund proprietor. The legal framework for these operations is enabled by Federal Law No.167-FZ, becoming effective in late September. The law approves the mechanism for banks to suspend unlawful transactions and refund legal fund proprietors (corporate entities).

The new Industrial Standard comprises two parts. Part I lists data that are used in payee and recipient identification (account, card and telephone numbers), while Part 2 presents data that describe technical details of cyber-attacks.

The potential application of the standard has been concurred with the Federal Security Service of Russia. The Bank of Russia will update the newly developed standard as the agency's requirements change.