§ 28N — Establishment of electronic information sharing system

28N.—(1) The Authority must establish and maintain an electronic information sharing system for the purpose of —(a)

enabling requests for risk information under section 28D to be made by prescribed financial institutions;

(b)

enabling disclosures of risk information under sections 28D and 28E to be disclosed and received by prescribed financial institutions;

(c)

enabling disclosures of risk information under section 28F to be published and accessed by prescribed financial institutions;

(d)

enabling corrections to any error or omission in the risk information mentioned in paragraph (b) or (c) to be made; and

(e)

keeping a record of the requests, disclosures and corrections mentioned in paragraphs (a) to (d).

(2) Subject to subsection (3), any request for risk information made under section 28D, any disclosure of risk information made under section 28D or 28E, any publication of risk information under section 28F, and any correction to any error or omission in such risk information, must be made —(a)

using the electronic information sharing system established under subsection (1); and

(b)

in accordance with the rules for use of the electronic information sharing system established under subsection (1) published by the Authority.

(3) If —(a)

any request for risk information under section 28D;

(b)

any disclosure of risk information under section 28D or 28E;

(c)

any publication of risk information under section 28F; or

(d)

any correction to any error or omission in the risk information mentioned in paragraph (b) or (c),

cannot be made using the electronic information sharing system established under subsection (1) (whether because of a failure or unavailability of or interruption to the electronic information sharing system or otherwise), the prescribed financial institution may make the request, disclosure, publication or correction in the manner specified in any direction published by the Authority.

(4) If any publication of risk information under section 28F (including any correction to any error or omission in such risk information) cannot be accessed by any prescribed financial institution, the Authority must provide reasonable alternative means by which the risk information may be accessed by the prescribed financial institution.

(5) Where a prescribed financial institution informs the Authority that the prescribed financial institution refuses to comply with any rules for use of the electronic information sharing system mentioned in subsection (2)(b), the Authority may refuse to grant the prescribed financial institution access to the electronic information sharing system.

(6) Where a prescribed financial institution fails to comply with any rules for use of the electronic information sharing system mentioned in subsection (2)(b), the Authority may terminate, suspend or restrict the prescribed financial institution’s access to the electronic information sharing system.

(7) To avoid doubt, the Authority may —(a)

use the electronic information sharing system established under subsection (1) to disseminate any risk information mentioned in section 28L(1) to another prescribed financial institution for the purpose of detecting or preventing any of the matters specified in section 28L(2)(a), (b) or (c);

(b)

allow a prescribed financial institution to use the electronic information sharing system established under subsection (1) to communicate with another prescribed financial institution in relation to —(i)

any request for risk information under section 28D;

(ii)

any disclosure of risk information under section 28D or 28E;

(iii)

any publication of risk information under section 28F; or

(iv)

any correction to any error or omission in the risk information mentioned in sub-paragraph (ii) or (iii); or

(c)

use the electronic information sharing system established under subsection (1) to analyse any risk information mentioned in section 28L(1) for the purpose of detecting or preventing any of the matters specified in section 28L(2)(a), (b) or (c).[Act 19 of 2023 wef 01/04/2024]

—(1) The Authority must establish and maintain an electronic information sharing system for the purpose of —(a)

enabling requests for risk information under section 28D to be made by prescribed financial institutions;

(b)

enabling disclosures of risk information under sections 28D and 28E to be disclosed and received by prescribed financial institutions;

(c)

enabling disclosures of risk information under section 28F to be published and accessed by prescribed financial institutions;

(d)

enabling corrections to any error or omission in the risk information mentioned in paragraph (b) or (c) to be made; and

(e)

keeping a record of the requests, disclosures and corrections mentioned in paragraphs (a) to (d).

(2) Subject to subsection (3), any request for risk information made under section 28D, any disclosure of risk information made under section 28D or 28E, any publication of risk information under section 28F, and any correction to any error or omission in such risk information, must be made —(a)

using the electronic information sharing system established under subsection (1); and

(b)

in accordance with the rules for use of the electronic information sharing system established under subsection (1) published by the Authority.

(3) If —(a)

any request for risk information under section 28D;

(b)

any disclosure of risk information under section 28D or 28E;

(c)

any publication of risk information under section 28F; or

(d)

any correction to any error or omission in the risk information mentioned in paragraph (b) or (c),

cannot be made using the electronic information sharing system established under subsection (1) (whether because of a failure or unavailability of or interruption to the electronic information sharing system or otherwise), the prescribed financial institution may make the request, disclosure, publication or correction in the manner specified in any direction published by the Authority.

(4) If any publication of risk information under section 28F (including any correction to any error or omission in such risk information) cannot be accessed by any prescribed financial institution, the Authority must provide reasonable alternative means by which the risk information may be accessed by the prescribed financial institution.

(5) Where a prescribed financial institution informs the Authority that the prescribed financial institution refuses to comply with any rules for use of the electronic information sharing system mentioned in subsection (2)(b), the Authority may refuse to grant the prescribed financial institution access to the electronic information sharing system.

(6) Where a prescribed financial institution fails to comply with any rules for use of the electronic information sharing system mentioned in subsection (2)(b), the Authority may terminate, suspend or restrict the prescribed financial institution’s access to the electronic information sharing system.

(7) To avoid doubt, the Authority may —(a)

use the electronic information sharing system established under subsection (1) to disseminate any risk information mentioned in section 28L(1) to another prescribed financial institution for the purpose of detecting or preventing any of the matters specified in section 28L(2)(a), (b) or (c);

(b)

allow a prescribed financial institution to use the electronic information sharing system established under subsection (1) to communicate with another prescribed financial institution in relation to —(i)

any request for risk information under section 28D;

(ii)

any disclosure of risk information under section 28D or 28E;

(iii)

any publication of risk information under section 28F; or

(iv)

any correction to any error or omission in the risk information mentioned in sub-paragraph (ii) or (iii); or

(c)

use the electronic information sharing system established under subsection (1) to analyse any risk information mentioned in section 28L(1) for the purpose of detecting or preventing any of the matters specified in section 28L(2)(a), (b) or (c).[Act 19 of 2023 wef 01/04/2024]