The Central Bank has obligated microfinance organizations (MFOs) to participate in a financial fraud information exchange system, Vedomosti reports. The new requirements are set out in a draft regulatory directive: starting March 1, 2026, MFOs will be required to notify the Central Bank of any attempts to issue loans without client consent or with consent obtained fraudulently.

According to the document, microfinance companies are required to inform the Central Bank’s division, the Center for Monitoring and Response to Computer Attacks in the Credit and Financial Sector (FinCERT), of such incidents within the next business day after their detection or receipt of a client complaint. The newspaper notes that organizations will also be required to report cyberattacks on their own IT infrastructure if they could potentially lead to fraudulent transactions.

The new rules impose strict timeframes for interaction with the regulator. MFIs are given just one business day to respond to the Central Bank’s requests regarding specific loan agreements, and three days to remove unsubstantiated entries from their databases and correct errors in previously submitted information. Companies must accept data on suspicious transactions from the Central Bank’s database within one to four hours after publication or immediately after they begin serving clients.

The Central Bank noted that MFIs will be required to verify the first, middle, and last names of the borrower and the cardholder on which the funds will be deposited. «To do this, they will request information about the account or cardholder from the bank. Additionally, the individual can provide a certified certificate from the Federal Tax Service regarding the accounts and cards they have opened,» the regulator explained in a statement. Verification will not be required for clients who have already taken out two or more loans from the MFI within a year prior to the new application and used the same bank account or card. In February 2025, amendments to federal laws were adopted to strengthen the fight against fraud. The portal clarifies that, as of September 1, 2025, microfinance organizations (MFIs) have gained access to the database of FinCERT’s automated incident processing system to verify recipients of funds. Previously, microfinance organizations’ cooperation with FinCERT was voluntary; now it is mandatory.

«This is the creation of a unified FinCERT database, to which MFIs will have access,» explained Roman Makarov, CEO of Zaimer. From there, organizations will receive information about fraudulent activities and their perpetrators, as well as data on individuals involved in such cases.

Aleksey Akhmeyev, Head of Information Security and Digitalization at Moneyman, noted that connecting to FinCERT itself is a simple process. Companies will only need to purchase CryptoPro (an electronic signature tool – FM) to generate a request for access keys. However, the most challenging part will be properly configuring business processes and integrating verification of information flows.

According to the self-regulatory organization, the share of fraudulent loans currently does not exceed one to three percent of all applications. More than 90% of such applications are filtered out thanks to identification procedures and anti-fraud solutions.

Source: www.frankmedia.ru