LEGAL DOCUMENTS ARE ISSUED IN 12/2023
1. Circular No. 15/2023/TT-NHNN regulating credit information activities of the State Bank of Vietnam
- Name of legal document: Circular No. 15/2023/TT-NHNN issued on 05/12/2023 by the State Bank of Vietnam regulating credit information activities of the State Bank of Vietnam (referred to as the “Circular No. 15/2023/TT-NHNN”).
- Effective date: 01/01/2025.
The content should be noted: Stipulating on rights and obligations of credit institutions.
Specifically, Article 16 of Circular No. 15/2023/TT-NHNN stipulates: “Article 16. Rights and obligations of credit institutions
- Establish an information infrastructure to meet the requirements of data creation and control of data provided to CIC; promulgate internal regulations and manage the credit information criteria system throughout the system.
- Pay in full and on time the fees for exploiting and using credit information services according to the contract signed with CIC.
- Send officials and employees to participate in credit information training courses organized or coordinated by CIC.
- Implement other rights and obligations as agreed with CIC and relevant provisions of law.”
2. Decision No. 2345/QD-NHNN on implementing safe and secure solutions in online payments and bank card payments
- Name of legal document: Decision No. 2345/QD-NHNN issued on 18/12/2023 by the State Bank of Vietnam on implementing safe and secure solutions in online payments and bank card payments (referred to as the “Decision No. 2345/QD-NHNN”).
- Effective date: 01/01/2025.
The content should be noted: Stipulating on applying authentication methods to online payment.
Specifically, Article 1 of Circular No. Decision No. 2345/QD-NHNN stipulates: “Article 1. Credit institutions, foreign bank branches (FBBs), organizations providing payment services shall, in accordance with the categorization in Appendix 01 hereof, apply authentication methods to online payment (internet banking, mobile banking) as follows:
No. | Transaction1 | Minimum authentication methods2 | |
Individual customers | Organization customers | ||
1 | Category A transactions | – Username, password or PIN (if a customer has been authenticated during log-in, authentication is not required during transaction) | – Username, password or PIN (if a customer has been authenticated during log-in, authentication is not required during transaction) |
2 | Category B transactions |
– OTP sent by SMS or Voice or Email; or – OTP Matrix Card; or – Basic OTP generated by soft/hard token; or – Two-factor authentication method; or – The customer’s handheld device3, or – Advanced OTP generated by soft/hard token; or – FIDO Authentication; or – Safe electronic signature. |
– OTP sent by SMS or Voice or Email; or – OTP Matrix Card; or – Basic OTP token without authentication of token user; or – Handheld device biometrics of the customer’s legal representative or accountant 3. |
3 | Category C transactions |
– The customer’s biometric identifier that: (i) matches the biometric data in the customer’s ID card issued by the police authority4; or (ii) is authenticated by the customer’s electronic identification account created by the electronic identification and authentication system5; or – The customer’s biometric identifier that matches the customer’s biometric data in the biometric database6. It is recommended to combine with SMS/Voice OTP or OTP generated by soft/hard token. |
– Basic OTP soft/hard token with authentication of software/token user; or – Two-factor authentication method. |
4 | Category D transactions |
The customer’s biometric identifier that: (i) matches the biometric data in the customer’s ID card issued by the police authority4; or (ii) is authenticated by the customer’s electronic identification account created by the electronic identification and authentication system; or (iii) matches the biometric data stored in the verified biometric database6, combined with one of the following authentication methods: – Advanced OTP generated by soft/hard token; or – FIDO authentication; or – Safe electronic signature. |
– Advanced OTP generated by soft/hard token; or – FIDO authentication; or – Safe electronic signature. |
Notes:
– Authentication methods of Category A, B, C transactions can be applied to Category D transactions.
– Authentication methods of Category A, B transactions can be applied to Category C transactions.
– Authentication methods of Category A transactions can be applied to Category B transactions.
– Units that apply authentication methods other than the methods specified above shall send written reports to State Bank of Vietnam (via Information Technology Department) at least 03 months before application.”
3. Circular No. 17/2023/TT-NHNN regulating inspection of compliance with monetary and banking policies and laws
- Name of legal document: Circular No. 17/2023/TT-NHNN issued on 25/12/2023 by the State Bank of Vietnam regulating inspection of compliance with monetary and banking policies and laws (referred to as the “Circular No. 17/2023/TT-NHNN”).
- Effective date: 08/02/2024.
The content should be noted:
- Firstly, stipulating inspection principles.
Specifically, Article 5 of Circular No. 17/2023/TT-NHNN stipulates: “Article 5. Inspection principles
- The inspection is carried out within authority and on the basis of legal regulations.
- Inspections are conducted regularly according to plan or unexpectedly.
- Ensure accuracy, objectivity, honesty, democracy, timeliness, and effective coordination.
- Ensure there is no overlap or duplication of content, time, or inspection objects between inspection activities of inspection units, between inspection activities and inspection activities.
When conducting inspection activities, if overlap or duplication is detected between inspection activities and inspection activities, carry out inspection activities; If overlap or duplication is detected in inspection activities, heads of inspection units shall agree to conduct an inspection.”
- Secondly, stipulating on inspection objects of the inspection unit.
Specifically, Article 8 of Circular No. 17/2023/TT-NHNN stipulates: “Article 8. Inspection objects of inspection units
- The Banking Inspection and Supervision Agency checks the compliance with monetary and banking policies and laws for inspection subjects, including:a) Credit institutions, except for those specified in Points a and c, Clause 3 of this Article;b) Foreign bank branches as assigned by the Governor of the State Bank;c) Organize credit information activities;d) Subjects of inspection by the State Bank branch, inspection and supervision of the State Bank branch if deemed necessary.
- The unit under the Bank Inspection and Supervision Agency inspects the inspection subjects specified in Clause 1 of this Article who are the unit’s banking inspection and supervision subjects according to their assigned functions and tasks.
- State Bank branches, inspection and supervision of State Bank branches check the observance of policies and laws on currency and banking for subjects of inspection in the province or centrally city where the State Bank branch is headquartered, including:a) People’s Credit Fund;b) Foreign bank branches, except for the subjects specified in Point b, Clause 1 of this Article;c) Branches and transaction offices of credit institutions;d) Representative offices in Vietnam of foreign credit institutions and other foreign organizations with banking activities;e) Organizations with foreign exchange activities and gold trading activities; The organization providing intermediary payment services is not a bank.
- Other administrative units under the State Bank inspect the observance of policies and implement legal documents within the scope of their advisory functions and assist the Governor of the State Bank in implementing management of that unit for inspection objects, including:a) Credit institutions, except for those specified in Point a, Clause 3 of this Article;b) Foreign bank branches;c) Organizations with foreign exchange activities and gold trading activities; The organization providing intermediary payment services is not a bank.
5. In case of necessity, inspection units shall carry out inspection on other inspection objects when assigned by the Governor of the State Bank.”