Financial Crime World

Financial Institution Security Measures in Cambodia: A Regulatory Overview

Introduction

Cambodia’s financial institutions are increasingly relying on cloud services to operate their businesses efficiently and securely. However, with the growing adoption of cloud technology comes a heightened need for regulatory compliance.

Regulatory Requirements for Financial Institutions in Cambodia

The National Bank of Cambodia (NBC), the country’s central bank, is responsible for supervising local and foreign banks as well as other financial institutions such as microfinance institutions and leasing companies. The NBC has issued several regulations and guidelines governing the use of cloud services by financial institutions in Cambodia.

Technology Risk Management Guidelines

One key regulation is the Technology Risk Management Guidelines, which was released in July 2019. This framework provides a comprehensive set of standards for financial institutions to assess and manage technology risks, including those associated with cloud services. Under this guideline, financial institutions are encouraged to implement cloud services on a voluntary basis within two years from the date of publication.

Data Privacy and Protection Requirements

Financial institutions in Cambodia using AWS must also comply with data privacy and protection requirements. The AWS whitepaper “Using AWS in the Context of Common Privacy and Data Protection Considerations” provides valuable information for customers who store or process personal data using AWS cloud services. Additionally, financial institutions that handle or plan to handle personal data from the European Union (EU) should visit AWS’ General Data Protection Regulation (GDPR) Center.

Steps to Ensure Compliance

To ensure compliance with regulatory requirements, financial institutions in Cambodia using AWS can take several steps:

  • Consider the purpose of their workload and the categories of data involved to anticipate which regulations may apply
  • Assess the criticality of their workloads and procure the necessary approvals or issue relevant notices
  • Review the AWS Shared Responsibility Model to understand their responsibilities and those of AWS for each service used
  • Use AWS Artifact to access AWS’ audit reports and conduct their own assessment of control responsibilities

Additional Resources

For further guidance on how AWS services can support security and compliance needs, financial institutions in Cambodia can contact their account representative or reach out to AWS directly. The following resources are available to help financial institutions in Cambodia understand their regulatory obligations:

  • AWS Regulatory Approval Resource for Financial Services in Cambodia
  • User Guide for Financial Institutions in Cambodia
  • AWS Compliance Quick Reference Guide
  • Navigating GDPR Compliance on AWS
  • Using AWS in the Context of Common Privacy and Data Protection Considerations

These resources are available through AWS Artifact, which requires an AWS account to access.