Certifying the integrity of the IT system in the financial sector

Intergrity complience

Certification of the fulfillment of the safety requirements of IT systems of credit institutions and financial enterprises according to paragraph 67/A of Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises.

Certification of the fulfillment of the safety requirements of IT systems of investment firms and commodity dealers according to paragraph 12 of Act CXXXVIII of 2007 on Investment Firms and Commodity Dealers, and on the Regulations Governing their Activities.

Certification of the fulfillment of the safety requirements of IT systems of payment service providers according to paragraph 12/A of Act CXXXV of 2013 on payment service providers.

Certification of the fulfillment of the requirements of paragraph 94 of Act LXXXVIII on the business of insurance.

During the last months, several Hungarian and international financial institutions encountered IT security breaches. Financial institutions have become the primary targets of IT attacks both from external and internal sources, and the necessity of countering these attacks are considered to be high priority in the latest amendments of the legislation in force.

According to paragraph 67/A of Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises, the following rules apply to the protection of IT systems of credit institutions and financial enterprises:

 „(1) Financial services – other than financial auxiliary services – may be provided only if the service provider has in place an IT system with facilities to ensure the integrity of system components, to prevent unauthorized access to, and undetected modification of, the IT system. The IT system must be in compliance with overall information security and system integrity requirements. To that end, credit institutions shall implement administrative measures and measures to ensure physical and logical protection in compliance with overall information security and system integrity requirements.

(2) Compliance with the requirements set out in Subsection (1) shall be verified by a certificate issued by an external expert (hereinafter referred to as “certification body”) for the IT system in question. The requirements relating to the certification body and to certification shall be laid down in specific other legislation.

(3) The certification body referred to in Subsection (2) shall inform the Authority without delay in writing of any fact concerning the IT system of a credit institution that adversely affects the continuous functioning of the credit institution, of any fact of which they have become aware, which constitute a material breach of the laws, or the credit institution’s management policy, or forewarn any imminent infringement of such regulations.”

  • Paragraph 12 of Act CXXXVIII of 2007 on Investment Firms and Commodity Dealers, and on the Regulations Governing their Activities;
  • Paragraph 12/A of Act CCXXXV. on payment service providers regarding the IT security of financial institutions;
  • Paragraph 94 of Act LXXXVIII on the business of insurance

contains similar rules.

In the previous years, HUNGUARD Kft. has provided the certification of several closed IT systems as an accredited certification body of closed IT systems.

Hereby we would like to offer you our certification services: the fulfillment of the certification procedure as required by the legislation.

Gov. Decree 42/2015. (III. 12.) on the protection of the IT systems of credit institutions, financial enterprises, insurance and reinsurance firms, investment firms and commodity dealers contains the rules applicable to the protection of IT systems and also the requirements to be fulfilled by certification bodies.

We would like to inform you that our Company fulfills all the requirements applicable to certification bodies and has initiated the procedure to be included in the register of the Hungarian National Bank.

We would like to raise your attention to the fact that the act referred above provides a rather short time period for the institutions to complete the certification process.

You can send your application to our e-mail address: tanusitas_mnbjegyzek@hunguard.hu.

Looking forward to working with You soon,

HUNGUARD Kft.