After the central bank announced the criteria for overseeing the risks of information technology in financial institutions, they have set a standard for mobile banking service that must not cease for more than 8 hours per year. The news also stated that if a bank fails to meet these criteria, they will be fined up to 500,000 baht and an additional 5,000 baht per day. Blognone has requested additional information from the central bank.
Regarding the timeframe criteria specifically for Mobile Banking, the central bank specifies that the announcement includes measures for other IT systems as well. However, the maximum allowable timeframe disruption is specifically for Mobile Banking due to the potential widespread impact on service users.
As for the penalties, the central bank states that they comply with the Financial Institutions Business Act of 2551 (revised in 2561), which sets penalties for various cases in articles 121-155. The maximum penalties for financial institutions that fail to comply with the central bank’s announcements are capped at 300,000 baht, 500,000 baht, and 1,000,000 baht, depending on the category of violation. Additionally, there is a daily penalty of 1% of the maximum fine for the 500,000 baht penalty and 5,000 baht per day, as specified in article 126, for violations where financial institutions deviate from the criteria set by the central bank for consumer protection.
In the past, the central bank has revealed reports on system disruptions of various banks, but they have not disclosed specific information regarding specialized financial institutions such as Government Savings Bank or the Bank for Agriculture and Agricultural Cooperatives. These latest criteria announcements also have implications for these banking institutions. Although the central bank has not disclosed the timeframe, they have collected data and indicated that the trend is improving.
TLDR: The central bank has established criteria for overseeing IT risks in financial institutions and set a maximum allowable disruption timeframe for mobile banking. Failure to meet these criteria can result in fines of up to 500,000 baht and an additional 5,000 baht per day. The penalties are in accordance with the Financial Institutions Business Act, and the central bank collects data on system disruptions while indicating an overall improvement trend.