The key innovation is the establishment of a strict prohibition on:
- the transfer of remote service systems, as well as usernames and passwords for them, to third parties;
- the sale of banking cards and access data to them;
- the distribution of electronic wallets and access data to them.
In addition, the documents clearly state that the user or holder is responsible under the legislation of the Kyrgyz Republic for the transfer or sale of access to third parties, including situations where operations are performed "at the direction and in the interest of third parties" to commit unlawful acts.
The changes affect:
The Regulation "On Minimum Requirements for Providing Remote Services";
The Regulation "On Banking Payment Cards";
The Regulation "On Electronic Money".
According to the information from the resolution, the new rules will come into effect 15 days after their official publication. After that, the document will be submitted to the Ministry of Justice of the Kyrgyz Republic for registration in the state register of regulatory legal acts.
Furthermore, the Cybersecurity and Information Protection Department is required to communicate information about the new rules to commercial banks, payment organizations, and payment system operators, as well as to the Union of Banks of Kyrgyzstan and the Association of Payment System Operators.
