NSPK has decided to reassess the level of fraud in banks. Instead of one limit, three are introduced at once — and for exceeding any of them, banks will receive fines and fall under additional control.
We are talking about fraud — these are operations when money is debited or transferred without the client's consent, most often due to deception: calls "from the bank", phishing links, or account hacking.
Currently, there is one guideline: if the volume of such transactions exceeds 1 million rubles per month and 0.05% of turnover, sanctions begin. In the new system, two more levels are added — from 10 million rubles (0.02%) and from 50 million (0.01%).
The meaning is simple: there will no longer be a single rule for everyone. Large banks with high turnover and small players will be in different categories, and the requirements for them will become stricter.
If a bank goes beyond the limits and does not correct the situation within two months, it is placed under the control of NSPK and begins to be fined. The same approach is planned to be implemented in the fast payment system.
For banks, this means additional costs. To meet the new requirements, it will be necessary to strengthen protection: implement real-time transaction analysis systems, track suspicious customer behavior, and respond more quickly to risky transfers.
But there is a limitation: a significant part of fraud is associated not with technical vulnerabilities, but with social engineering — when a person himself transfers money under pressure from fraudsters. And this is more difficult to combat.
As a result, the rules become stricter and more precise, but much will depend on how much banks can actually reduce the level of such operations.