THEGOVERNMENT | | THE SOCIALIST REPUBLIC OF VIETNAM Independence - Freedom - Happiness |
No. 165/2018/ND-CP | | Hanoi, December 24, 2018 |
DECREE
On e-transactions in financial activities[1]
Pursuant to the June 19, 2015 Law on Organization of the Government;
Pursuant to the November 29, 2005 Law on E-Transactions;
At the proposal of the Minister of Finance;
The Government promulgates the Decree on e-transactions in financial activities.
Chapter I
GENERAL PROVISIONS
Article 1.Scope of regulation
This Decree prescribes e-transactions in financial activities.
Article 2.Subjects of application
1. Agencies, organizations and individuals that manage information systems serving e-transactions in financial activities.
2. Agencies, organizations and individuals that participate in e-transactions in financial activities.
3. Agencies, organizations and individuals that need to search or verify information about e-transactions in financial activities of other agencies, organizations and individuals within the law-prescribed scope.
Article 3.Interpretation of terms
In this Decree, the terms below are construed as follows:
1. “E-transactions in financial activities” means e-transactions between/among agencies, organizations and individuals in professional operations related to state budget, state treasury, taxes, charges, fees and other state budget revenues, state reserves, public assets, state financial funds, financial investment, corporate finance, cooperative finance, customs, accounting, state management of prices, securities, financial services, accounting services, auditing services, insurance business and other financial services under the state management by the Ministry of Finance. The performance of these professional operations must comply with relevant specialized laws.
2. “Specialized laws” means laws on the state budget; taxes; charges and fees; management and use of state capital invested in production or business at enterprises; management of public debts; customs; state reserves; public assets; accounting; prices; securities; independent audit; and insurance business, and other financial laws.
3. “E-documents in financial activities” (below referred to as e-documents) means information created, sent, received and stored by electronic means when e-transactions are conducted in financial activities. They include documents, reports, statements, contracts, agreements, information about transactions, information about the performance of administrative procedures, and other information and data specified by specialized laws.
4. “Agencies, organizations and individuals creating e-documents” means those creating or sending an e-document before it is stored, excluding intermediaries transmitting such e-document. The identification of agencies, organizations and individuals creating e-documents must comply with Clause 2, Article 16 of the Law on E-Transactions.
5. “Managers of information systems serving e-transactions in financial activities” (below referred to as information system managers) means agencies, organizations and individuals competent to directly manage information systems serving e-transactions in financial activities.
6. “Finance agency” means one of the following agencies:
a/ The Ministry of Finance and its attached agencies and units having the function of performing the state management in the sectors and fields under the management by the Ministry of Finance;
b/ Specialized agencies advising on the state management of the financial sector of People’s Committees at all levels (local finance agencies).
7. “Intermediary service in e-transactions in financial activities” means the service of representing (partially or wholly) another agency, organization or individual in sending, receiving, storing, supporting the creation of or processing e-documents, or certifying the performance of an e-transaction by parties to such e-transaction.
8. “Invalidation of an e-document” means a measure to invalidate such e-document in an information system.
9. “Deletion of an e-document” means a measure to make such e-document no longer exist in an information system or make it impossible to access and refer to information contained in such e-document.
10. “Sealing of an e-document” means a measure to ensure the integrity of information contained in such e-document and make it impossible to illegally modify, copy or move, or invalidate or delete such e-document from the starting point to the ending point of the sealing process.
11. “Information systems serving e-transactions in financial activities” (below referred to as information systems) means information systems mentioned in Clause 8, Article 4 of the Law on E-Transactions which are provided and used to conduct e-transactions in financial activities.
12. “Authentication” means verification in an information system in order to ensure that a person currently conducting an e-transaction is permitted to do so or check digital signatures on an e-document in accordance with the law on certification of digital signatures.
13. “Authentication code” means a sequence of characters (numbers, letters, marks, or special characters) created or recognized by an information system to be assigned to a person conducting e-transactions every time he/she conducts an e-transaction in order to serve the authentication.
14. “Biometric authentication” means authentication carried out through using the unique biological characteristics of humans (as recognized by state-of-the-art sciences and technologies).
15. “Identification code of an e-document” means a bar code or a sequence of numbers or letters to be assigned to such e-document in order to identify it in an information system and serve the query for information about such e-document.
Article 4.Principles of conducting e-transactions in financial activities
1. Agencies, organizations and individuals entering into e-transactions in financial activities shall adhere to the principles prescribed in Article 5 of the Law on E-Transactions, and comply with the relevant specialized laws and regulations.
2. E-transactions in financial activities involved in administrative procedures must comply with the regulations on administrative procedures and online public services.
3. The use of digital certificates and signatures in e-transactions in financial activities must comply with the regulations on digital signatures and services of certification of digital signatures.
Chapter II
SPECIFIC PROVISIONS
Article 5.Legal validity of e-documents
1. E-documents must fully satisfy the state management requirements and comply with the relevant specialized laws. The display format, creation, sending, receipt and legal validity of e-documents must comply with the Law on E-Transactions.
2. An e-document is valid as an original when:
a/ It bears a digital signature of the agency, organization or individual that has created it and related responsible agencies, organizations and individuals as prescribed by the relevant specialized laws.
b/ The information system has measures to ensure its integrity in the course of transmitting, receiving or storing it in the system; to recognize the agency, organization or individual that has created it and related responsible agencies, organizations and individuals that have participated in processing it, and applies one of the following measures to authenticate the agency, organization or individual that has created it and related responsible agencies, organizations and individuals that have participated in processing it: authentication by digital certificates, biometric authentication, and authentication by two or more factors, including the factor of single-use or random authentication code.
c/ Another measure which is applied as agreed upon by the parties to the transaction to ensure the integrity of data, and authenticity, irrevocability and compliance of the e-document with the Law on E-Transactions.
Article 6.Conversion of paper documents into e-documents
1. Method of converting paper documents into e-documents:
a/ A paper document may be converted into an e-document by the method of copying and conversion into a file in an information system, or,
b/ Contents of a paper document may be converted into data for storage in an information system.
2. An e-document converted from a paper document must satisfy the following conditions:
a/ It reflects all contents of the paper document;
b/ An individual, agency or organization carrying out (or responsible for) the conversion puts his/her its digital signature on the e-document converted from the paper document or authenticated by one of the measures prescribed at Point b, Clause 2, Article 5 of this Decree.
3. An e-document converted from a paper document is as valid as the paper document, unless otherwise prescribed by a specialized law.
Article 7.Conversion of e-documents into paper documents
1. An agency, organization or individual may print an e-document which it/he/she has created, while the manager of an information system may print e-documents of agencies, organizations and individuals under its/his/her management from the information system for storage or comparison of information or production to a competent agency for checking of information about such documents or provision to agencies and organizations that need to search and verify information within the law-prescribed scope.
2. An agency, organization or individual may request the manager of an information system to certify in writing the performance of an e-transaction for production to a competent agency for checking of information about documents or provision to other agencies, organizations or individuals that need to search and verify information within the law-prescribed scope. When being carried out at a state agency, such request and certification must comply with the regulations, order and procedures for provision of information in accordance with the law on access to information.
3. A paper document converted from an e-document must satisfy the following conditions:
a/ It accurately reflects all contents of the e-document;
b/ It has information evidencing that it has been processed in the information system and stating the name of the information system or name of the information system manager;
c/ It has the identification code of the e-document to serve the search for and verification of information or bears the full name and signature of the person that has carried out the conversion;
d/ It bears the seal of the agency or organization that has carried out the conversion as required by law or agreed upon by the parties to the transaction;
dd/ It is accessible at any time during the period of normal operation of the information system.
4. A paper document converted from an e-document is as valid as the e-document, unless otherwise prescribed by a specialized law.
Article 8.Modification of e-documents
1. The modification of an e-document not yet officially approved or transmitted to serve the performance of an e-transaction must follow the management process of the agency, organization or individual that has created it or the information system manager.
2. The modification of an e-document after it is officially approved or transmitted to serve the performance of an e-transaction shall be carried out right from the stage of creation and in compliance with the relevant specialized laws.
3. An information system must record the person carrying out, time of, and other information related to, the modification of an e-document.
Article 9.Storage of e-documents
1. E-documents shall be stored in accordance with the relevant specialized laws and suitability to the environment and conditions for e-storage and other relevant provisions of the law on archives.
2. Agencies and units that store e-documents shall satisfy the conditions prescribed in Clause 1, Article 15 of the Law on E-Transactions.
Article 10.Invalidation of e-documents
1. An e-document shall be invalidated in one of the following cases:
a/ It is invalidated according to the procedures and regulations of the unit that has created and processed it in accordance with the relevant specialized laws.
b/ It is invalidated on the basis of agreement and certification by parties to the transaction. Such certification may be displayed in a document bearing signatures of the parties to the transaction or their authorized representatives (in case of an e-document, the provision on legal validity of Article 5 of this Decree shall apply); or a request for revocation of the document made by a party to the transaction and acceptance of such request by the other party(ies) in the form of email or data message created in the same information system in which the e-document has been created or stored, which is authenticated by one of the measures accepted to be applied to e-documents specified in Article 5 of this Decree.
2. An invalidated e-document shall be marked with the time of and person carrying out the invalidation recorded in the information system and notified to related parties.
3. An invalidated e-document shall be stored for reference by competent state agencies within the time limit prescribed by the relevant specialized law.
4. As soon as an e-document is invalidated, the paper document (if any) converted from such e-document shall become invalid and no longer be usable.
Article 11.Deletion of e-documents
1. Upon the expiration of the prescribed time limit of storage, an e-document or a paper document converted from an e-document may be deleted unless otherwise decided by a competent state agency.
2. The deletion of an e-document may not affect the integrity of undeleted e-documents and normal operation of the information system.
3. An information system must record the deletion of an e-document in a list of deleted e-documents enclosed with information about the time of and persons carrying out the deletion, and store this list in the system for reference when necessary.
Article 12.Sealing of e-documents
1. The competence to seal e-documents must comply with the regulations on sealing of documents and exhibits to serve the examination, inspection, audit and investigation.
2. The sealing of an e-document must ensure that:
a/ It does not affect the normal operation of the information system and production and business activities of organizations and individuals;
b/ It is possible to fully retrieve the sealed e-document in the information system of an organization or individual after the time limit of sealing;
c/ It is possible to identify the access to and changes in contents of the sealed e-document;
d/ The information system must mark the sealed e-document and record the time of and persons carrying out the sealing of the e-document.
3. After a competent state agency decides on and apply measures to seal an e-document, no organization or individual may access, exploit, copy, modify or use such e-document in its/his/her information system for transaction or any other purpose.
Article 13.Provisions on information systems
1. An information system must be accurate in time and synchronous with Vietnam’s time zone (standard ISO 8601). It is encouraged to use time-stamping services of organizations licensed to provide such services under the regulations on digital signatures and digital signature certification services for types of documents of which the creation or processing time is regulated by specialized legal documents or may lead to conflicts of interest or legal disputes between the parties to the transaction.
2. An information system serving the creation and processing of e-documents must have the function of converting e-documents into paper documents to serve the purposes specified in Clauses 1 and 2, Article 7 of this Decree.
3. An information system must be capable of storing e-documents or enabling retrieval of e-documents stored in the storage system separated from the information system. In case the information system is upgraded or experiences a technological change, its manager shall provide possibilities for retrieval of e-documents created or stored in the information system before the time of upgrading or technological change.
4. Information systems of finance agencies and related state agencies must be capable of linking to and exchanging e-documents under the Government’s regulations on organization of an e-government. Information systems of other agencies and organizations must be capable of linking to and exchanging e-documents with information systems of finance agencies under the relevant specialized laws.
5. At-law representatives of agencies and organizations using information systems to automatically give digital signatures on e-documents shall take responsibility before law for e-documents bearing these signatures.
Article 14.Assurance of safety in e-transactions in financial activities
1. If collecting personal information of parties to transactions, information system managers shall comply with the Law on Cyberinformation Security, Law on Cyber Security and relevant regulations on protection of personal information.
2. An information system manager shall ensure safety and confidentiality of its/his/her information system and transactions conducted in its/his/her information system in accordance with the law on cyberinformation security, and apply at least the following measures:
a/ Determining the level of and implementing plans to ensure safety of its/his/her information system in accordance with the Law on Cyberinformation Security and the Government’s Decree No. 85/2016/ND-CP of July 1, 2016, on assurance of level-based safety of information systems. In case an information system manager is a non-state organization, it shall determine only the level of safety of its information system and apply measures to protect the system satisfying at least the requirements for the corresponding level under the regulations of the Ministry of Information and Communications, without having to carry out the procedures for appraising and approving a dossier of safety level.
b/ Encrypting connections from agencies, organizations and individuals to the information system. Websites or portals serving e-transactions in financial activities must use digital certificates to keep confidential information in transmission lines and prevent faking.
Article 15.Use of intermediary services in e-transactions
1. Information technology service providers in the mobile telecommunications network or the Internet, and digital signature certification service providers may provide intermediary services in e-transactions in financial activities.
2. Agencies, organizations and individuals may choose intermediary service providers meeting their needs in conducting e-transactions in financial activities.
3. Intermediary service users and providers shall sign agreements or contracts stating responsibilities and powers of parties thereto (within the scope prescribed by law).
Article 16.Verification of information about e-transactions in financial activities
1. If wishing to verify information about e-transactions of an agency, organization or individual, a competent agency carrying out examination, inspection or investigation in accordance with specialized laws or related agency responsible for completing administrative procedures shall carry out the verification by one of the following methods:
a/ Using an e-certification of results of the performance of the e-transactions sent by the information system manager to such agency, organization or individual in the form of file or email.
b/ Observing in the information system the results of retrieval of information carried out by such agency, organization or individual.
c/ Using the function of retrieving information about e-documents by electronic means provided by the information system manager.
d/ Connecting, transmitting data or exchanging information with the finance agency in order to obtain information about e-transactions of those performing administrative procedures. The provision of this Point applies to related agencies responsible for completing administrative procedures.
2. Agencies carrying out examination, inspection or investigation and agencies responsible for completing administrative procedures may only request agencies, organizations and individuals to produce paper documents converted from e-documents in case they are unable to carry out the verification by one of the methods specified in Clause 1 of this Article.
Chapter III
IMPLEMENTATION PROVISIONS
Article 17.Responsibilities of managers of information systems serving e-transactions in financial activities
1. To comply with this Decree.
2. To assist the performance of transactions in their information systems by one or several of the following methods: providing direct assistance, assistance via telephone, email, website or portal, and using other technological methods.
3. To provide information about e-transactions in financial activities within the scope of their information systems for management agencies competent to examine, inspect or investigate financial activities and agencies, organizations and individuals that need to search and verify information within the scope prescribed by law under Article 16 of this Decree and other relevant regulations.
4. To directly certify paper documents converted from e-documents or authorize their member units or branches to do so at the request of agencies, organizations and individuals participating in transactions in their information systems in accordance with law.
5. To keep confidential personal information and information of enterprises, agencies and organizations in their information systems in accordance with law.
6. To ensure safety of their information systems, and participate in responding to, handling and remediating incidents in accordance with the laws on cyberinformation security and cyber security, and this Decree.
7. Agencies, organizations and individuals that hire information technology infrastructure services of other enterprises to provide e-transactions in financial activities shall coordinate with such enterprises in fully discharging the responsibilities prescribed in Clauses 1 thru 6 of this Article.
Article 18.Responsibilities of agencies, organizations and individuals participating in or using results of e-transactions in financial activities
1. Agencies, organizations and individuals participating in e-transactions in financial activities shall manage and keep secret means and information serving the giving or certification of digital signatures; and promptly notify information system managers of loss or disclosure of such means and information.
2. Agencies, organizations and individuals participating in e-transactions with finance agencies shall notify the latter of their electronic addresses for contact methods and stably maintain these addresses for information exchange in the course of participating in e-transactions with finance agencies; if changing their addresses, they shall notify finance agencies of new addresses.
3. Agencies, organizations and individuals using results of e-transactions in financial activities shall recognize and use e-documents according to their legal validity.
4. To comply with other relevant provisions of this Decree.
Article 19.Responsibilities of the Ministry of Finance
1. To work out and implement a roadmap of application of e-transactions between agencies, organizations and individuals and the finance agencies of the Ministry of Finance; to set up connections and exchanges of information about e-transactions in financial activities between the finance agencies of the Ministry of Finance and other ministries, agencies and organizations according to the Government’s objectives and programs on e-government as suitable to practical conditions and in compliance with law.
2. To direct and organize the public communication and education about the regulations on e-transactions in financial activities.
3. To guide, examine and inspect the implementation of the regulations on e-transactions in financial activities.
4. To settle complaints, denunciations and petitions of agencies, organizations and individuals about e-transactions in financial activities.
Article 20.Responsibilities of local finance agencies
1. To work out and implement roadmaps of application of e-transactions between agencies, organizations and individuals and local finance agencies (online public services regarding finance in localities).
2. To carry out and coordinate with the Ministry of Finance in carrying out the public communication and education about the regulations on e-transactions in financial activities in their localities under their management.
Article 21.Transitional provisions
1. Enterprises that start providing intermediary services in e-transactions in financial activities before the effective date of this Decree may continue to do so under this Decree.
2. Pending the grant of digital certificates by the Government’s specialized digital signature certification service provider, state budget-funded units may use public digital certificates to conduct e-transactions with finance agencies for which digital signatures may be applied. After their digital certificates are granted by the Government’s specialized digital signature certification service provider, state budget-funded units shall use these digital certificates in replacement of public digital certificates and notify related finance agencies of the change of digital certificates.
Article 22.Implementation provisions
1. This Decree takes effect on February 10, 2019.
2. The Government’s Decree No. 27/2007/ND-CP of February 23, 2007, on e-transactions in financial activities, and Decree No. 156/2016/ND-CP of November 21, 2016, amending and supplementing a number of articles of Decree No. 27/2007/ND-CP, cease to be effective on the effective date of this Decree.
3. Ministers, heads of ministerial-level agencies, heads of government-attached agencies, and chairpersons of provincial-level People’s Committees shall implement this Decree.-
On behalf of the Government
Prime Minister
NGUYEN XUAN PHUC