Circular 16/2023/TT-NHNN amend Circular 28/2015/TT-NHNN manage digital signatures, digital certificates of the State Bank

  • Summary
  • Content
  • Status
  • Vietnamese
  • Download
Save

Please log in to use this function

Send link to email

Please log in to use this function

Error message
Font size:

ATTRIBUTE

Circular No. 16/2023/TT-NHNN dated December 15, 2023 of the State Bank of Vietnam amending and supplementing a number of articles the Governor of the State Bank of Vietnam’s Circular No. 28/2015/TT-NHNN dated December 18, 2015, on the management, use of digital signatures, digital certificates and digital signature certification services of the State Bank
Issuing body: State Bank of VietnamEffective date:
Known

Please log in to a subscriber account to use this function.

Don’t have an account? Register here

Official number:16/2023/TT-NHNNSigner:Pham Tien Dung
Type:CircularExpiry date:Updating
Issuing date:15/12/2023Effect status:
Known

Please log in to a subscriber account to use this function.

Don’t have an account? Register here

Fields:Finance - Banking

SUMMARY

Contents of a digital certificate will be changed from July 1, 2024

On December 15, 2023, the State Bank of Vietnam issues Circular No. 16/2023/TT-NHNN amending and supplementing a number of articles the Governor of the State Bank of Vietnam’s Circular No. 28/2015/TT-NHNN dated December 18, 2015, on the management, use of digital signatures, digital certificates and digital signature certification services of the State Bank. Bellows are a number of remarkable contents of this Circular:

1. Change the content of the digital certificate. Specifically, the content "Encryption algorithm" replaces with "Name of the subscriber-managing organization".

2. Subscribers do not use tools, programs, software or any other forms to interfere, edit, change the private key’s information, the data in e-tokens or intentionally damage e-tokens

3. Add 01 method of sending dossiers, documents and reports related to digital certificates and digital signature certification services to the State Bank (the Information Technology Department) which is:

- Sending electronic documents via the State Bank's document management and administration system (applicable to units of the State Bank).

4. Reduce the processing deadline for requesting to grant a valid digital certificate to 03 days (instead of 05 days as the old regulations). The Information Technology Department shall grant digital certificates or supplement digital certificate operations for subscribers, send the notifications on digital certificate’s grant and the activation codes to emails or messages to the subscribers’ phone numbers.

- In case of invalid dossiers, the Information Technology Department shall reject and specify the reason within 02 working days from the date of receipt the dossiers.

This Circular takes effect from July 01, 2024.
For more details, click here.
Download files here.
LuatVietnam.vn is the SOLE distributor of English translations of Official Gazette published by the Vietnam News Agency
Effect status: Known

THE STATE BANK OF VIETNAM

__________________

No. 16/2023/TT-NHNN

THE SOCIALIST REPUBLIC OF VIETNAM

Independence - Freedom - Happiness

_______________________

Hanoi, December 15, 2023

CIRCULAR

Amending and supplementing a number of articles the Governor of the State Bank of Vietnam’s Circular No. 28/2015/TT-NHNN dated December 18, 2015, on the management, use of digital signatures, digital certificates and digital signature certification services of the State Bank

____________________________

                                       

Pursuant to the Law on the State Bank of Vietnam dated June 16, 2010;

Pursuant to the Law on Credit Institutions dated June 16, 2010; the Law Amending and Supplementing a Number of Articles of the Law on Credit Institutions dated November 20, 2017;

Pursuant to the Law on Information Technology dated June 29, 2006;

Pursuant to the Law on E-Transactions dated November 29, 2005;

Pursuant to the Government’s Decree No. 130/2018/ND-CP dated September 27, 2018, detailing the Law on E-Transactions regarding digital signatures and digital signature certification services;

Pursuant to the Government’s Decree No. 102/2022/ND-CP dated December 12, 2022, defining the functions, tasks, powers and organizational structure of the State Bank of Vietnam;

At the proposal of the Director of the Information Technology Department;

The Governor of the State Bank of Vietnam promulgates the Circular amending and supplementing a number of articles the Governor of the State Bank of Vietnam’s Circular No. 28/2015/TT-NHNN dated December 18, 2015, on the management, use of digital signatures, digital certificates and digital signature certification services of the State Bank (hereinafter referred to as Circular No. 28/2015/TT-NHNN).

 

Article 1. Amending and supplementing a number of articles of Circular No. 28/2015/TT-NHNN

1. To amend and supplement Article 1 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 1 Article 1 of the Governor of the State Bank’s Circular No. 10/2020/TT-NHNN dated November 2, 2020, amending and supplementing a number of articles of Circular No. 28/2015/TT-NHNN (Circular No. 10/2020/TT-NHNN)) as follows:

“This Circular defines the management, use of digital signatures, digital certificates, and specialized digital signature certification services of the State Bank of Vietnam (hereinafter referred to as the State Bank).”

2. To amend and supplement Clause 1 Article 2 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 2 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“1. Units of the State Bank; credit institutions; foreign bank branches; the Vietnam State Treasury; Deposit Insurance of Vietnam.”

3. To amend and supplement Clause 5, Clause 11, Clause 12, Clause 13, Clause 14, Clause 15 Article 3 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 3 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“5. “Subscriber-managing organizations” mean units of the State Bank, credit institutions, foreign bank branches, the Vietnam State Treasury, Deposit Insurance of Vietnam or other organizations requesting for grant of digital certificates to subscribers of their organizations and units.”

“11. “Activation code” means information given to a subscriber, including the reference number and verification code used for certification in the process of digital certificate activation.

12. “Digital certificate activation” refers to the process of initializing digital certificate key pairs, including private keys, public keys, and storing them in e-tokens of subscribers.

13. “Competent persons” include heads of the State Bank, heads of units of the State Bank or the legal representatives of the agencies and organizations prescribed in Article 2 of this Circular.

14. “Public service system” means the online public service portal of the State Bank.

15. “Digital certificate operations” mean operations on information systems where subscribers can use digital certificates for signing approval or verification. A digital certificate may be used for signing approval or verification at one or many operations on one or more information systems. Information systems using the digital certificates of the State Bank include:

a) Public service system;

b) Inter-bank electronic payment system;

c) Reporting system of the State Bank;

d) Bidding and open market operation system, including:

- Bidding and open market operations;

- Issuing, paying, extending and cancelling the special bonds;

- Issuing the bills of the State Bank;

- Refinancing.

dd) Reporting system of the Deposit Insurance of Vietnam;

e) Other systems decided by the Governor of the State Bank.”

4. To amend and supplement Article 4 of Circular No. 28/2015/TT-NHNN as follows:

“Article 4. Contents of a digital certificate

1. Name of the digital signature service provider.

2. Name of the subscriber.

3. Serial number of the digital certificate.

4. Validity period of the digital certificate.

5. Public key of the subscriber

6. Digital signature of the digital signature service provider.

7. Restrictions on the use purpose and scope of the digital certificate.

8. Restrictions on legal liability of the digital signature service
provider.

9. Encryption algorithm.

10. Other necessary contents as prescribed by the Ministry of
Information and Communications.”

5. To amend and supplement Article 4a of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 4 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“Article 4a. Forms of submitting and receiving dossiers, documents and reports relating to the digital signature certification services and results

1. Subscriber-managing organizations shall send dossiers, documents and reports related to digital certificates and digital signature certification services to the State Bank (the Information Technology Department) by one of the following methods:

a) Using electronic methods via the Public service systems;

b) Submitting paper documents directly at Single-window department or by post.

c) Sending electronic documents via the State Bank's document management and administration system (applicable to units of the State Bank).

The State Bank (the Information Technology Department) only receives and processes the written documents and electronic documents sent via the State Bank's document management and administration system in the following cases:

- The public service system has problems and cannot operate;

- The subscriber-managing organizations have not yet been granted digital certificates with a public service operation, or their digital certificates are expired, or digital certificates or subscribers’ e-tokens are broken.

2. To send dossiers, documents and reports relating to the digital certificates and digital signature certification services to the State Bank

a) In case of sending paper dossiers, documents or reports:

Subscriber-managing organizations have the right to choose to send originals or copies granted from the original books or certified copies or copies with originals for comparison.

b) In case of sending electronic dossiers, documents or reports:

Dossiers, documents or reports (except for documents and reports in the Appendices of this Circular that are converted into electronic forms on the Public Service System) shall be sent via the Public Service System, subscriber-managing organizations send electronic copies digitized from the originals (PDF file) and signed by the competent person of subscriber-managing organizations using the digital certificates of CA-NHNN.

3. The Information Technology Department shall send online results and rejection reasons via the Public service system to the subscriber-managing organizations. In the case of having accidents in the public service system, the results shall be sent to subscriber-managing organizations by post or emails of subscribers and individuals, or the departments in charge of digital certificate management of subscriber-managing organizations.”

6. To amend and supplement Article 4b of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 5 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“Article 4b. A subscriber’s e-token

1. The Information Technology Department shall be responsible for the guidance of models, technical specifications of the subscriber’s e-token in accordance with the State Bank’s digital signature certification system and the current situation of technology development.

2. The Information Technology Department shall provide e-tokens for the administrative units of the State Bank. Public non-business units of the State Bank and other subscriber-managing organizations shall equip themselves with e-tokens in accordance with the guidelines of the Information Technology Department.

3. Submission and receipt of e-tokens shall be processed directly or by post between the Information Technology Department and administrative units of the State Bank.”

7. To amend and supplement Article 5 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 6 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“Article 5. Grant, supplementation of digital certificate operations

1. The subscriber-managing organization shall apply one dossier set upon the demand of granting the digital certificate or supplementing operations, including:

a) Grant or supplementation of digital certificate operations to the competent person:

- Application for granting, supplementing the digital certificate operations for individuals in accordance with Appendix 01 attached to this Circular;

- Appointment decision of the competent person when applying for grant of digital certificate (for state agencies).

b) Grant, supplementation of digital certificate operations to individual authorized by the competent person;

- Application for granting and supplementing the digital certificate operations for individuals in accordance with Appendix 01 attached to this Circular;

- Appointment decision of the competent person when applying for grant of digital certificate (for state agencies).

- Power of attorney of the competent person for individual to be granted a digital certificate or supplemented a digital certificate operation, stating that the authorized person is allowed to sign dossiers, documents, files, reports and transactions on the information systems corresponding to the digital certificate operations requested for grant. The authorized person is not allowed to re-authorize another person.

c) Grant, supplementation of digital certificate operations to organizations:

Application for granting and supplementing digital certificate operations for organizations in accordance with Appendix 02 attached to this Circular.

2. In case the granted digital certificates still remain valid and the subscriber-managing organizations request to supplement the digital certificate operations, the Information Technology Department shall supplement operations for current subscribers’ digital certificates.

3. In case of granting a digital certificate after the former digital certificate has expired or the digital certificate has been revoked and the subscriber wishes to continue using it, the procedure for granting a new digital certificate must be carried out as prescribed in Clause 1 of this Article.

4. Processing deadline and results

The Information Technology Department shall grant digital certificates or supplement digital certificate operations for subscribers, send the notifications on digital certificate’s grant and the activation codes to emails or messages to the subscribers’ phone numbers within 03 working days from the date of receiving the dossiers. For organizations’ digital certificates, the Information Technology Department shall send the notifications on digital certificate’s grant and activation codes to emails and messages to the phone number of persons in charge of digital certificates of subscriber-managing organizations.

In case of invalid dossiers, the Information Technology Department shall reject and specify the reason within 02 working days from the date of receipt the dossiers. Feedback and results shall comply with the provisions of Clause 3 Article 4a of this Circular.

5. The activation code of a digital certificate is valid up to 30 days from the granting date of the digital certificate. For the new digital certificate, the subscriber must activate the digital certificate before the expiration date of the activation code. The instructions for activation and extension of the State Bank’s digital certificates shall be posted on the website of the State Bank. For the digital certificates supplemented with operations, the subscribers are not required to activate the digital certificates.

6. The validity period of subscribers’ digital certificates shall be proposed by subscriber-managing organizations but not more than 05 years from the date of activation.”

8. To amend and supplement Article 6 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 7 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“Article 6. Extension and revision of contents of digital certificate information

1. The digital certificates requested for extension and revision must be valid.

2. Validity period of the digital certificates:

a) Extended digital certificates shall have a validity period from the time of successful extension but no longer than 05 years;

b) The revision of contents of the digital certificate information shall not change the validity period of the digital certificates.

3. In the case of digital certificate extension and revision:

a) Subscriber-managing organizations shall request to extent the subscribers’ digital certificates at least 10 days before the expiration date of the digital certificates;

b) Subscriber-managing organizations shall request for revision of contents of subscribers’ digital certificate information within 05 working days from the time of the following changes:

- Subscribers change the titles, positions or working sections (offices) without changing the units/branches. In case the subscribers change to another units/branches, subscriber-managing organizations shall carry out procedures to revoke the digital certificates at the former units/branches and grant digital certificates at the new units/branches for subscribers (if there is a need to continue using it);

- Subscribers change ID cards/Citizen ID cards/Passports;

- Subscribers change addresses, emails or phone numbers.

4. The subscriber-managing organization shall send one dossier set for extension and revision of the digital certificate including the written request for extension and revision of the digital certificate in accordance with Appendix 03 to this Circular.

5. Processing deadline and results

The Information Technology Department shall extend and revise the subscriber’s valid digital certificate within 03 working days from the time of receiving the dossier. In case of invalid dossier, the Information Technology Department shall reject and specify the reason within 02 working days from the date of receipt of the dossier. Feedback and results shall comply with the provisions of Clause 3 Article 4a of this Circular.

Upon receiving the notices of approval for digital certificate extension, the subscribers shall extend digital certificates according to the instruction for activation, extension of digital certificates posted on the website of the State Bank.”

9. To amend and supplement Article 7 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 8 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“Article 7. Suspension of digital certificates

1. Subscribers’ digital certificates shall be suspended in one of the following cases:

a) At the requests of the subscriber-managing organizations to suspend the digital certificates;

b) According to the written requests of procedure-conducting agencies, police agencies or the Ministry of Information and Communications;

c) The Information Technology Department detects any errors or accidents effecting on subscriber’s rights or security, safety of the digital certificate’s service system.

2. The suspension period of digital certificates prescribed at Point a Clause 1 of this Article shall be decided at the request of subscriber-managing organizations. The suspension period of digital certificates specified at Point b Clause 1 of this Article shall be decided at the request of procedure-conducting agencies, police agencies or the Ministry of Information and Communications. The suspension period of digital certificates specified at Point c Clause 1 of this Article shall last until the above errors and incidents are remedied.

3. The subscriber-managing organization shall apply one dossier set for digital certificate suspension, including the written request for digital certificate suspension in accordance with Appendix 04 attached to this Circular.

4. Processing deadline and results

a) The Information Technology Department shall suspend the digital certificates and inform the results for subscriber-managing organizations within 01 working day from the date of receiving the application dossiers for digital certificate suspension as prescribed at Point a Clause 1 of this Article. In case of invalid dossiers, the Information Technology Department shall reject and specify the reason within 01 working day from the date of receipt of the dossiers. Feedback and results shall comply with the provisions of Clause 3 Article 4a of this Circular.

b) The Information Technology Department shall suspend the digital certificates and send a written notice on time and reasons for digital certificate suspension for subscriber-managing organizations within 01 working day from the date of receiving information specified at Point b, Point c Clause 1 of this Article.”

10. To amend and supplement Point d Clause 2, Clause 3, Clause 4 Article 8 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 9 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“d) Digital certificates are suspended under Point c Clause 1 Article 7 of this Circular and errors and incidents are rectified.”

“3. The subscriber-managing organization shall apply one dossier set for digital certificate recovery according to Point b Clause 2 of this Article, including the written request for digital certificate recovery in accordance with Appendix 05 attached to this Circular.

4. Processing deadline and results

a) The Information Technology Department shall recover digital certificates for the subscribers within 01 working day from the time of receiving the written requests for digital certificate recovery in accordance with Point a Clause 2 of this Article or dossiers for digital certificate recovery according to Point b Clause 2 of this Article. In case of invalid dossiers, the Information Technology Department shall reject and specify the reason within 01 working day from the date of receipt of the dossiers. Feedback and results shall comply with the provisions of Clause 3 Article 4a of this Circular;

b) The Information Technology Department shall automatically recover digital certificates for subscribers within 01 working day from the time of receiving information prescribed at Point c, Point d Clause 2 of this Article.”

11. To amend and supplement Article 9 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 10 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“Article 9. Revocation, cancellation of digital certificate operations

1. Subscriber-managing organizations may request to revoke or cancel one or a number of subscribers’ digital certificate operations. In the case of revocation of digital certificates, all operations of subscribers shall be cancelled.

2. Subscribers’ digital certificates shall be revoked in the following cases:

a) At the written request of procedure-conducting agencies, police authorities or the Ministry of Information and Communications;

b) At the revocation request of digital certificates of subscriber-managing organizations;

c) Subscriber-managing organizations issue decisions for revoking operation licenses, or are divided, separated, merged, dissolved or bankrupt as prescribed by law;

d) There is sufficient evidence to determine that the violate regulations on management, use of private keys and e-tokens;

dd) The digital certificates are invalid.

3. The subscriber-managing organization shall send one dossier set for the revocation or cancellation of digital certificates including the written request for revoking and cancelling the digital certificate operations in accordance with Appendix 06 attached to this Circular.

4. Processing deadline and results

a) The Information Technology Department shall revoke or cancel the digital certificate operations within 01 working day from the time of receiving written request as prescribed at Point a Clause 2 of this Article or application dossiers for revocation or cancellation of digital certificate operations. In case of invalid dossiers, the Information Technology Department shall reject and specify the reason within 01 working day from the date of receiving the dossiers. Feedback and results shall conform to Clause 3 Article 4a of this Circular.

b) The Information Technology Department shall automatically revoke the subscriber’s digital certificate within 01 working day from the time of receiving information in accordance with Point c, Point dd of this Article.

c) The Information Technology Department shall revoke a subscriber’s digital certificate and send a notification to the subscriber in accordance with Clause 3 Article 4a of this Circular within 01 working day from the date of receiving the information according to Point d Clause 2 of this Article.”

12. To amend and supplement Clause 2 Article 10 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 11 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“2. Subscribers must create key pairs before the expiration date of activation codes stated in the notification of granting digital certificates. In case activation codes are exposed or suspected to be exposed, or failed to be activated before the expiration date of activation codes in the notification of granting digital certificates, subscribers failing to create key pairs and wishing to continue using digital certificates shall carry out procedures for changing activation codes according to Article 10a of this Circular.”

13. To add Article 10a as follows:

Article 10a. Changing activation codes of digital certificates

1. The subscriber-managing organization shall apply one dossier set for changing the activation code, including the written request for changing the activation code of the digital certificate according to Appendix 08 attached to this Circular.

2. Processing deadline and results

The Information Technology Department shall change activation codes for subscribers, send notifications of granting the activation codes of digital certificates to emails and messages to the subscribers’ phone numbers within 03 working days from the date of receiving the dossiers. For organizations’ digital certificates, the Information Technology Department shall send notifications to grant the activation codes of digital certificates to emails and messages to the phone number of persons in charge of digital certificates of subscriber-managing organizations.

In case of invalid dossiers, the Information Technology Department shall reject and specify the reason within 02 working days from the date of receipt of the dossiers. Feedback and results shall comply with the provisions of Clause 3, Article 4a of this Circular.

3. The activation code of digital certificates shall be valid up to 30 days from the date of change. The subscriber must activate the digital certificate before the expiration date of the activation code. The instructions for activation and extension of the State Bank’s digital certificates are posted on the website of the State Bank.”

14. To amend and supplement Article 11 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 12 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

Article 11. Change of digital certificate’s key pair

1. In case it is necessary to change the subscriber's digital certificate key pair:

The digital certificate of the subscriber is still valid, but the digital certificate’s key pair stored in the subscriber's e-token cannot continue to be used because the e-token is damaged or because key pair has been deleted from the device or another cause of the key pair failure.

2. The subscriber-managing organization shall send 01 (one) dossier set of request for changing the digital certificate’s key pair, including the written request for changing the digital certificate’s key pair in accordance with Appendix 07 attached to this Circular at least 10 working days before the expiration date of the digital certificate.

3. The Information Technology Department shall change the digital certificate’s key pair, and send notification on changing key pair and activation code of digital certificate to email and message to the subscriber’s phone number within 03 working days from the date of receiving the dossier for changing the digital certificate’s key pair. For organization’s digital certificate, the Information Technology Department shall send notification on key pair and activation code of digital certificate to email and message to the person in charge of subscriber-managing organization.

In case of invalid dossiers, the Information Technology Department shall reject and specify the reason within 02 working days from the date of receipt of the dossiers. Feedback and results shall be implemented in accordance with regulations prescribed in Clause 3 Article 4a of this Circular.

The subscribers shall activate the digital certificates to create the new key pairs before the invalid time of activation codes in accordance with the instruction on activation and extension of digital certificates which are all posted on the State Bank’s website upon receiving the activation codes.”

15. To amend and supplement Clause 3, Clause 4, Clause 7, Clause 10 Article 13 of Circular No. 28/2015/TT-NHNN as follows:

“3 To have an effective contingency plan to ensure the safe and continuous provision of digital signature certification services by the State Bank.

4. To ensure safety and security for subscribers during the process of distributing and transferring information on activating digital certificates. To fully and accurately update and store the subscribers’ information for the management of digital certificates. To comply with the law on personal data protection in the collection, processing and storage of information of subscribers and subscriber-managing organizations.”

7. To ensure the electronic communication channel to receive requests to provide digital signature certification services operating 24 hours a day and 7 days a week.”

“10. To provide and update information on software, documentation on management, use of digital signatures, digital certificates and digital signature certification services.”

16. To amend and supplement Article 14 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 13 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

Article 14. Responsibilities of the subscriber-managing organizations

1. To appoint individuals or departments in charge of registering and managing the list of subscribers of the organization, managing dossiers, documents and reports related to digital certificates and digital signature certification services. To inform the Information Technology Department in writing about person/department for the first time and when there are changes.

2. To register and take full responsibility for the accuracy of information at the documents, dossiers and reports related to the digital certificates of the subscriber-managing organizations to the Information Technology Department.

3. To manage, make statistics and update the list of subscribers in the organization. To review and compare the list of digital certificates granted by the State Bank in comparison with the usage demand and actual information at the subscriber-managing organizations at least once a year. If digital certificates do not match the information, the subscriber-managing organizations must immediately carry out the procedures for changing information, suspending, revoking or canceling digital certificate operations.

4. To periodically report in accordance with this Circular.

5. To guide, examine and create conditions for subscriber-managing organizations to use digital certificates and private keys in accordance with this Circular.

6. To promptly inform the Information Technology Department to suspend or revoke the subscribers’ digital certificates in the following cases:

a) The subscribers’ private keys are suspected of being exposed, exposed, stolen or illegally used;

b) Subscribers’ e-tokens are lost;

c) Subscribers change the working positions without using the digital certificates for works;

d) The subscribers temporarily leave job, resign, retire or die;

dd) The subscribers in branches/units of the subscriber-managing organizations whose bank codes have been canceled;

e) Other cases from the demands of the subscriber-managing organizations.

7. The digital certificate granted to the organization must be assigned to the individual for management and use. The handover must be made in writing, clearly defining the rights and responsibilities of the individuals assigned to manage. Individuals assigned to manage must perform the rights and responsibilities of subscribers specified in this Circular.

8. Subscriber-managing organizations that are the administrative units of the State Bank shall promptly revoke e-tokens that are no longer used for reuse by other subscribers.”

17. To amend and supplement Article 15 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 14 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

Article 15. Responsibility of the subscribers

1. To use the digital certificate for the right purpose.

2. To manage and use of private keys and e-tokens:

a) To use the correct type of e-tokens under the instruction of the Information Technology Department;

b) To preserve and use the keys for accessing devices, the private keys and the data in e-tokens in a safe and secret manner during the validity and the suspension periods of their digital certificates;

c) Not to share or lend the key to access the device, the e-token. In case of resignation, transfer of work or change of position, or the work no longer requiring the use of a digital certificate, it is required to destroy the data in the e-token and hand over the e-token to the subscriber-managing organizations;

d) Not to use tools, programs, software or any other forms to interfere, edit, change the private key’s information, the data in e-tokens or intentionally damage e-tokens;

dd) To promptly inform the subscriber-managing organizations in case of detecting or suspecting that the digital certificates or private keys are no longer safe; e-tokens are lost, faulty or damaged and cannot be used.

3. To comply with other regulations on the grant, management and use of digital certificates.”

18. To amend and supplement Clause 3 Article 16 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 15 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

“3 Signers shall be fully responsible for the authenticity of the information signed by their own digital signatures and only give digital signatures on information systems when the systems notify the status of their digital certificates in effect.”

19. To amend and supplement Article 17 of Circular No. 28/2015/TT-NHNN (amended and supplemented under Clause 16 Article 1 of Circular No. 10/2020/TT-NHNN) as follows:

Article 17. Reporting regime

Subscriber-managing organizations shall be responsible for sending periodic reports to the State Bank as follows:

1. Name of report: Report on reconciliation of the list of digital certificates of the State Bank.

2. Content of report:

a) List of digital certificates and usage status;

b) Comparing the list of digital certificates granted by the Information Technology Department to the actual demand for use and information at the subscriber-managing organizations and reporting the list of digital certificates with unmatched information.

3. Subjects of implementation: Units of the State Bank, credit institutions, branches of foreign banks, Vietnam State Treasury, Vietnam Deposit Insurance and other agencies and organizations using digital signature certification services of the State Bank.

4. Agencies and units receiving reports: Information Technology Department - State Bank.

5. Method of sending and receiving reports: The sending and receipt of reports shall comply with Clause 1 Article 4a of this Circular.

6. Frequency and deadline for sending reports: Annually, no later than December 20 of the reporting year.

7. Time for closing data: The time for closing data is from December 15 of the year preceding the reporting period to December 14 of the reporting period.

8. Report outline form: The subscriber-managing organization shall send a report on reconciliation of the list of certificates of the State Bank according to the report outline in Appendix 09 issued together with this Circular.”

‎‎Article 2. Replacing phrases and forms of Circular No. 28/2015/TT-NHNN

1. To replace the phrase “Informatics Technology Department” with the phrase “Information Technology Department”.

2. To replace the Forms 01, 02, 03, 04, 05, 06, 07, 08, 09 attached to Circular No. 28/2015/TT-NHNN (replaced with Circular No. 10/2020/TT-NHNN) with the Appendices 01, 02, 03, 04, 05, 06, 07, 08, 09 attached to this Circular.

‎‎Article 3. Implementation organization

Heads of units of the State Bank, credit institutions, branches of foreign banks, Vietnam State Treasury, Deposit Insurance of Vietnam, National Payment Corporation of Vietnam and Vietnam Asset Management Company shall implement this Circular.

‎‎Article 4. Effect

1. This Circular takes effect from July 01, 2024.

2. This Circular repeals the Governor of the State Bank’s Circular No. 10/2020/TT-NHNN dated November 02, 2020, on amending, supplementing a number of articles of Circular No. 28/2015/TT-NHNN./.

 

 

FOR THE GOVERNOR

DEPUTY GOVERNOR

 

 

Pham Tien Dung

 

* All Appendices are not translated herein.

Please log in to a subscriber account to see the full text. Don’t have an account? Register here
Please log in to a subscriber account to see the full text. Don’t have an account? Register here
Processing, please wait...
LuatVietnam.vn is the SOLE distributor of English translations of Official Gazette published by the Vietnam News Agency

VIETNAMESE DOCUMENTS

Circular 16/2023/TT-NHNN DOC (Word)

This utility is available to subscribers only. Please log in to a subscriber account to download. Don’t have an account? Register here

Circular 16/2023/TT-NHNN PDF (Original)

This utility is available to subscribers only. Please log in to a subscriber account to download. Don’t have an account? Register here

ENGLISH DOCUMENTS

LuatVietnam's translation
Circular 16/2023/TT-NHNN DOC (Word)

This utility is available to subscribers only. Please log in to a subscriber account to download. Don’t have an account? Register here

Circular 16/2023/TT-NHNN PDF

This utility is available to subscribers only. Please log in to a subscriber account to download. Don’t have an account? Register here

* Note: To view documents downloaded from LuatVietnam.vn, please install DOC, DOCX and PDF file readers
For further support, please call 19006192

SAME CATEGORY

Decree No. 146/2024/ND-CP dated November 06, 2024 of the Government amending, supplementing and annulling a number of articles of the Government’s Decree No. 102/2022/ND-CP of December 12, 2022, defining the functions, tasks, powers and organizational structure of the State Bank of Vietnam, and Decree No. 26/2014/ND-CP of April 7, 2014, on the organization and operation of banking inspection and supervision bodies, which was amended and supplemented under Decree No. 43/2019/ND-CP of May 17, 2019

Decree No. 146/2024/ND-CP dated November 06, 2024 of the Government amending, supplementing and annulling a number of articles of the Government’s Decree No. 102/2022/ND-CP of December 12, 2022, defining the functions, tasks, powers and organizational structure of the State Bank of Vietnam, and Decree No. 26/2014/ND-CP of April 7, 2014, on the organization and operation of banking inspection and supervision bodies, which was amended and supplemented under Decree No. 43/2019/ND-CP of May 17, 2019

Finance - Banking , Organizational structure

loading