Financial Crime World

Cambodia’s Financial Institutions Must Comply with Stringent Regulatory Requirements

The National Bank of Cambodia (NBC) has implemented strict regulations for local and foreign banks, micro-finance institutions, and leasing companies that use cloud services. The goal is to ensure the security and integrity of financial data.

Compliance Guidelines

The NBC’s Technology Risk Management Guidelines, effective since July 2019, require financial institutions to:

  • Conduct due diligence on their use of cloud services
  • Manage risks associated with cloud usage
  • Monitor and control access to sensitive information

These guidelines emphasize the importance of implementing robust controls to prevent unauthorized access to sensitive information.

Regulatory Requirements

Financial institutions using cloud services must comply with a range of legal and regulatory requirements, including:

  • Data privacy and protection regulations
  • Local requirements for data storage and processing

The AWS whitepaper “Using AWS in the Context of Common Privacy and Data Protection Considerations” provides valuable insights into compliance requirements for financial institutions storing or processing personal data.

Compliance Best Practices

To ensure compliance, financial institutions should:

  • Evaluate which legal and regulatory requirements apply based on the purpose of their workload and relevant categories of data
  • Assess the criticality of their workload in light of local requirements
  • Obtain necessary approvals or issue appropriate notices

AWS offers a range of resources to help financial institutions navigate these complex regulations, including:

  • Regulatory Approval Resource for Financial Services in Cambodia
  • User Guide for Financial Institutions in Cambodia
  • Compliance Quick Reference Guide
  • “Navigating GDPR Compliance on AWS”

Security and Compliance

Financial institutions using or planning to use cloud services should take proactive steps to understand their compliance needs by:

  • Reviewing the AWS Shared Responsibility Model
  • Mapping AWS responsibilities and customer responsibilities for each service used
  • Accessing AWS Artifact to view audit reports and conduct their own assessment of control responsibilities

For further information on how AWS services can enable security and compliance needs, financial institutions can contact their account representative or reach out to AWS directly.