Circular No. 165/2018/ND-CP dated December 24, 2018 of the Government on e-transactions in financial operations
THE SOCIALIST REPUBLIC OF VIETNAM
Independence - Freedom - Happiness
Hanoi, December 24, 2018
E-TRANSACTIONS IN FINANCIAL OPERATIONS
Pursuant to the Law on Government Organization dated June 19, 2015;
Pursuant to the Law on E-Transactions dated November 29, 2005;
At the request of the Minister of Finance;
The Government hereby promulgates a Decree on e-transactions in financial operations.
Article 1. Scope
This Decree provides for e-transactions in financial operations.
Article 2. Regulated entities
1. Organizations and individuals that are administrators of information systems serving e-transactions in financial operations.
2. Participants in e-transactions in financial operations.
3. Organizations and individuals that wish to retrieve and verify information about e-transactions in financial operations by other organizations and individuals within the scope permitted by the law.
Article 3. Definitions
For the purposes of this Decree, the terms below shall be construed as follows:
1. “e-transaction in financial operations” (hereinafter referred to as “electronic financial transaction”) means a transaction between organizations or individuals in professional operations related to state budget, state fund, tax, fees, charges and other revenues of the state budget, state reserves, public property, state financial fund, financial investment, corporate finance, cooperative finance, customs, accounting, state management of prices, securities, financial services, accounting services, audit services, insurance business and other financial services under the management of the Ministry of Finance. Those professional operations shall be carried out as prescribed by specialized law.
2. “specialized law” means the law on state budget, tax, fees and charges, management and use of state capital invested in the enterprises’ manufacturing and business operations, public debt management, customs, state reserves, public property, accounting, prices, securities, independent audit, insurance business and other laws on finance.
3. “electronic document in financial operations” (hereinafter referred to as “electronic document”) means the information, which is created, sent, received and stored by electronic means upon carrying out electronic financial transactions, including documents, reports, contracts, agreements, transaction information, information serving administrative procedures and other types of information and data prescribed by law.
4. “electronic document originator” means an organization or individual that generates or sends an electronic document prior to storage, but does not include an intermediary that sends the electronic document. The electronic document originator shall be identified as prescribed in Clause 2 Article 16 of the Law on E-Transactions.
5. “administrator of an information system serving electronic financial transactions” (hereinafter referred to as “information system administrator”) means an organization or individual that has the power to directly manage information system serving electronic financial transactions.
6. “finance authority” is one of the following authorities:
a) The Ministry of Finance and its affiliates that are licensed to perform state management of fields and sectors under the management of the Ministry of Finance;
b) Specialized authorities in charge of providing counseling on state management of finance, which are affiliated to People’s Committees at all levels (local finance authorities).
7. “intermediary service in electronic financial transactions” means a service that represents (partially or totally) another organization or individual to send, receive, store or aid in generating and processing an electronic document, and verify e-transactions between parties entering into e-transactions (hereinafter referred to as “parties”).
8. “invalidation of an electronic document” means a method of making an electronic document no longer usable on the information system.
9. “deletion of an electronic document” means a method of making an electronic document vanish from the information system and information contained in such document inaccessible and unusable for reference.
10. “sealing of electronic document” means a method of ensuring integrity of information contained in an electronic document. It is impossible to correct, copy, illegally move, invalidate or delete the document during the sealing process.
11. “information system serving electronic financial transactions” (hereinafter referred to as “information system”) means an information system specified in Clause 8 Article 4 of the Law on E-Transactions that is provided and used to carry out electronic financial transactions.
12. “authentication” means a verification process that initiated on the information system to ensure the person who is conducting an e-transaction is the one who is allowed to conduct such e-transaction or to check digital signature on an electronic document as prescribed by the law on digital signature certification.
13. “authentication code” means a string of characters (numbers, letters, accents, special characters) created or recorded by the information system to be associated with a person every time he/she conducts an e-transaction to serve the authentication.
14. “biometric authentication” means a process of verifying a person's identity using his/her unique biological characteristics which are rarely same as those of another (as recognized by scientists at the time of application of this method).
15. “identification code for an electronic document” means a barcode or series of numbers and letters attached to an electronic document to uniquely identify the electronic document on the information system, thereby serving querying of information about the electronic document.
1. Participants in electronic financial transactions must adhere to the rules specified in Article 5 of the Law on E-Transactions and regulations of specialized law and relevant regulations of law.
2. Administrative procedures initiated through electronic transactions must comply with regulations of the law on administrative procedures and online public services.
3. The use of digital certificates and digital signatures in electronic financial transactions must comply with regulations of the law on digital signatures and digital signature certification.
1. Electronic documents must satisfy all requirements for state management and conform to regulations of specialized law. Format, generation, sending and receipt of electronic documents and validity thereof shall comply with the Law on E-Transactions.
2. An electronic document shall be considered an original if one of the following methods is adopted:
a) The electronic document is digitally signed by an electronic document originator and relevant responsible organization or individual as prescribed by specialized law.
b) The information system provides a method of ensuring integrity of the electronic document in the sending, receiving and storage process; records that an organization or individual has generated an electronic document and relevant responsible organization or individual has engaged in processing the electronic document, and adopts one of the following methods to authenticate whether the organization or individual generates the electronic document and relevant responsible organization or individual engages in processing the electronic document: digital certificate-based authentication, biometric authentication, authentication using two factors or more, including one-time authentication code or random authentication code.
c) Other methods agreed upon by parties, ensuring the integrity of data, authenticity and non-repudiation in accordance with regulations of the Law on E-Transactions.
1. Methods of converting a physical document into an electronic document:
a) Photocopy the physical document or convert it into a file on the information system, or
b) Convert contents of the physical document into data so that it can be stored in the information system.
2. The electronic document converted from a physical document must satisfy the following conditions:
a) It must specify all contents of the physical document;
b) Individual or organization that organizes (or takes responsibility for) the conversion of a physical document into an electronic document shall append his/her/its digital signature to the electronic document after it is converted from the physical document or authenticated using one of the methods specified in Point b Clause 2 Article 5 of this Decree.
3. The electronic document converted from a physical document has the same value as the physical document unless otherwise prescribed by specialized law.
1. Organizations and individuals may print electronic documents generated by such organizations and individuals and information system administrators may print electronic documents of organizations or individuals under their management from the information system to store or compare information or present them to authorities that have the power to check documents or provide them to organizations and individuals that wish to retrieve or verify information within the scope permitted by the law.
2. Organizations and individuals may request information system administrators to confirm e-transactions in writing so that written confirmation can be presented to authorities that have the power to check documents or provided to other organizations and individuals that wish to retrieve or verify information within the scope permitted by the law. When initiated at a regulatory authority, such request and confirmation shall comply with regulations and procedures for providing information in accordance with regulations of the law on access to information.
3. The physical document converted from an electronic document must satisfy the following conditions:
a) It sufficiently and accurately specifies contents of the electronic document;
b) There is information showing that the document has been processed on the information system and showing name of the information system or name of the information system administrator;
c) An identification code for the electronic document is available to serve the retrieval or verification of information or full name and signature of the person carrying out the conversion are available;
d) There must be seal of the organization carrying out the conversion in the cases where the conversion is required to be carried out under regulations of law or agreement between parties.
dd) Information is retrieved at any time during the normal operation of the information system.
4. The physical document converted from an electronic document has the same value as the electronic document unless otherwise prescribed by specialized law.
1. The amendment to an unapproved or unsent electronic document shall comply with the management procedure of the document originator or information system administrator.
2. The amendment to an approved or sent electronic document shall be carried out again from the beginning of the stage of generation and comply with regulations of specialized law.
3. The information system must record the person in charge, time of amendment and other information relating to the amendment to the electronic document.
1. Electronic documents shall be stored in accordance with regulations of specialized law, environmental requirements, electronic records management requirements and relevant regulations of the law on archives.
2. Authorities and units in charge of storing electronic documents shall satisfy all conditions prescribed in Clause 1 Article 15 of the Law on E-Transactions.
1. An electronic document shall be invalidated under any one of the following conditions:
a) It is invalidated in compliance with procedures and regulations of the unit in charge of generating and processing the document according to regulations of specialized law.
b) It is invalidated by consensus between parties. The consensus is achieved using one of the following methods: a document bearing signatures of parties or authorized representatives of parties (if it is an electronic document, regulations on validity specified in Article 5 of this Decree shall be complied with); a party’s request for document invalidation and the other party (parties)'s consent to document invalidation, which are made in the form of an email or data message generated on the same information system serving generation or storage of electronic documents and authenticated using one of the methods specified in Article 5 of this Decree.
2. The invalidated electronic document shall be marked and the time and person in charge of invalidation shall be recorded in the information system and notified to relevant parties.
3. The invalidated electronic document shall be stored to serve retrieval by competent authorities within the time limit prescribed by specialized law.
4. The physical document (if any) converted from the invalidated electronic document is invalid and no longer usable.
1. Electronic documents and physical documents converted from electronic documents may be deleted after expiration of the retention period unless otherwise decided by a competent authority.
2. The deletion of electronic documents must not affect the integrity of the documents that have not been deleted and ensure normal operation of the information system.
3. The information system must record the deletion of electronic documents in the form of a list enclosed with information about person in charge and time of deletion. Such list shall be stored on the system to be available for retrieval when necessary.
1. The power to seal electronic documents is specified by the law on sealing of documents and evidences in service of inspection, audit and investigation.
2. The sealing of electronic documents shall ensure that:
a) Normal operation of organizations and individuals’ information system and business operations is not affected;
b) Sealed electronic documents are completely recovered through organizations and individuals’ information system after the sealing period;
c) Any access or change to contents of sealed electronic documents is identified;
d) The information system shall mark sealed electronic documents and record the person in charge and time of sealing.
3. After the competent authority decides to take sealing measures, organizations and individuals are not allowed to access, exploit, copy, amend or use sealed electronic documents to carry out transactions or for other purposes.
1. The information system shall ensure time accuracy and be synchronized with Vietnam time (ISO 8601). Time stamping service provided by a licensed time stamping service provider as prescribed by the law on digital signatures and digital signature certification services should be used for documents whose creation time or processing time is limited by relevant legislative documents or is likely to cause disputes among the parties.
2. The information system serving generation and processing of electronic documents must be capable of converting electronic documents into physical documents to serve the purposes specified in Clauses 1 and 2 Article 7 of this Decree.
3. The information system must have the ability to store electronic documents or provide access to electronic documents stored in the storage system separated from the information system. In case the information system is upgraded or has its technology changed, its administrator shall provide access to electronic documents generated or stored in the information system prior to the upgrade or technology change.
4. The information system of finance authorities and relevant regulatory authorities must have the ability to connect and exchange electronic documents in accordance with the Government’s regulations on e-Government. The information system of other authorities must have the ability to connect and exchange electronic documents with that of finance authorities in accordance with regulations of specialized law.
5. Legal representatives of organizations that use the information system to append digital signatures to electronic documents shall be responsible to the law for digitally signed electronic documents.
1. Every information system administrator that collects personal information of participants in transactions must comply with the Law on Cyberinformation Security, Cybersecurity Law and relevant regulations of law on protection of personal information.
2. Every information system administrator must ensure safety and confidentiality of information system and transactions by participants in accordance with regulations of the law on cyberinformation security and adopt at least the following methods:
a) Classify the security and implement plans for assuring security of information system in accordance with regulations of the Law on Cyberinformation Security and Government’s Decree No. 85/2016/ND-CP dated July 01, 2016. If the information system administrator is an organization not affiliated to the State, only classify security of the system and adopt measures to protect the system in a manner that at least satisfies requirements for the corresponding class in accordance with regulations of the Ministry of Information and Communications. It is not required to follow procedures for appraising and approving proposal for classification.
b) Encrypt the connection between the organization/individual and the information system. Websites or web portals serving electronic financial transactions must be provided with digital certificates to secure information on the transmission line and avoid forgery.
1. Providers of information technology services on mobile network and Internet and providers of digital signature certification services are entitled to provide intermediary service in electronic financial transactions.
2. Organizations and individuals are entitled to select an appropriate intermediary service provider to serve their electronic financial transactions.
3. Intermediary service users and intermediary service providers must sign an agreement or contract that specifies responsibilities and rights of each party (within the legal framework).
1. In the cases where an inspecting and investigating authority prescribed by specialized lawsoft or an authority in charge of initiating relevant administrative procedures wishes to verify information about an e-transaction by an organization or individual, one of the following methods shall be adopted to carry out the verification:
a) Use the electronic confirmation of e-transaction result provided by the information system administrator to the organization or individual in the form of a file or an email.
b) Carry out on-site observation of information retrieval by the organization and individual on the information system.
c) Use the feature that allows for retrieval of information by an electronic means provided by the information system administrator.
d) Connect, transmit data and exchange information with a finance authority to obtain information about e-transactions by entities following administrative procedures. This Point applies to authorities in charge of initiating relevant administrative procedures.
2. Inspecting and investing authorities and authorities in charge of initiating relevant administrative procedures may only request organizations and individuals present physical documents converted from electronic documents in case of failure to verify information using one of the methods specified in Clause 1 of this Article.
1. Comply with regulations of this Decree.
2. Assist in carrying out transactions on the information system by adopting one or a combination of the following methods: in person, over telephone, via email, through websites or web portals and other technologies.
3. Provide information about electronic financial transactions within the scope of their information system to authorities in charge of inspecting and investigating financial operations and organizations and individuals that wish to retrieve and verify information within the scope permitted by law according to Article 16 of this Decree and other relevant regulations of law.
4. Directly verify or authorize their affiliates or branches to verify physical documents converted from electronic documents at the request of participants in transactions on the information system under their management in accordance with regulations of law.
5. Preserve confidentiality of personal information and information of enterprises and organizations on the information system under their management in accordance with regulations of law.
6. Ensure security of information system and participate in responding to incidents and taking remedial actions against in accordance with regulations of the law on cyberinformation security, cybersecurity and regulations of this Decree.
7. Any organization and individual that hire other enterprises' IT infrastructure to provide electronic financial transactions must cooperate with enterprises leasing IT infrastructure in assuming all responsibilities specified in Clauses 1 - 6 of this Article.
1. Organizations and individuals entering into electronic financial transactions shall manage and preserve confidentiality of equipment and information serving digital signature or certification; immediately notify information system administrators if such equipment and information are lost or leaked.
2. Organizations and individuals entering into e-transactions with finance authorities shall notify them the address by electronic means and maintain stability to exchange information during transactions. Change in address should be notified to finance authorities.
3. Organizations and individuals using electronic financial transaction result shall receive and use electronic documents according to its validity.
4. Other relevant regulations of this Decree shall be complied with.
1. Develop and implement the road map for application of e-transactions between organizations and individuals with finance authorities affiliated to the Ministry of Finance; establish connection and exchange of information about electronic financial transactions between finance authorities affiliated to the Ministry of Finance and other Ministries and organizations according to the Government’s objectives and programs for e-Government, in conformity with current situation and regulations of law.
2. Direct and organize the dissemination of regulations of the law on electronic financial transactions.
3. Provide guidelines and inspect the implementation of regulations of the law on electronic financial transactions.
4. Settle organizations and individuals' complaints, denunciations and recommendations about electronic financial transactions.
1. Develop and implement the road map for application of e-transactions between organizations and individuals with local finance authorities (online local public financial services).
2. Disseminate and cooperate with the Ministry of Finance in disseminating regulations of law on electronic financial transactions in the areas under the management of local finance authorities.
1. Any provider providing intermediary service in electronic financial transactions before the effective date of this Decree may keep providing intermediary service in electronic financial transactions as prescribed in this Decree.
2. While the digital certificate is yet to be provide by the provider of Government specialized digital signatures authentication services, the state budget user is entitled to use the public digital certificate to carry out e-transactions with a finance authority with respect to transactions applying digital signatures. After being issued with the digital certificate, the state budget user shall use it instead of the public digital certificate and notify the finance authority.
1. This Decree comes into force from February 10, 2019.
2. The Decree No. 27/2007/ND-CP dated February 23, 2007 and Decree No. 156/2016/ND-CPdated November 21, 2016 are null and void from the effective date of this Decree.
3. Ministers, heads of ministerial agencies, heads of Governmental agencies and Presidents of People’s Committees of provinces and central-affiliated cities are responsible for the implementation of this Decree.
ON BEHALF OF THE GOVERNMENT
THE PRIME MINISTER
(Signed and sealed)
Nguyen Xuan Phuc
(This translation is for reference only)