21 July 2017
visit www.avoka.com

EBA consults on operational risk and security guidelines for PSD2

08 May 2017  |  4752 views  |  0 Source: European Banking Authority

The European Banking Authority (EBA) launched today a consultation on its draft Guidelines on security measures for operational and security risks under the revised Payment Services Directive (PSD2).

The Guidelines have been developed in close cooperation with the European Central Bank (ECB), and are in support of the objectives of PSD2, such as strengthening the integrated payments market in the EU, mitigating the increased security risks arising from electronic payments, and promoting equal conditions for competition. The consultation runs until 7 August 2017.

PSD2 requires payment service providers (PSPs) to establish a framework with appropriate mitigation measures and control mechanisms to manage operational and security risks arising from the payment services they provide, and has mandated the EBA to specify the details of these requirements.

In particular, these draft Guidelines cover the governance of the operational and security risk management framework, the risk management and control models, outsourcing, the identification, classification and risk assessment of functions, processes and assets, as well as the protection of the integrity of data, systems and confidentiality, physical security and asset control.

In addition, the draft Guidelines propose requirements in relation to the monitoring, detection and reporting of security incidents and risks, business continuity management, scenario-based continuity plans, incident management and crisis communication, the testing of security measures, and situational awareness and continuous learning. Finally, in order to ensure that the security measures implemented by the PSPs are well communicated to payment service users (PSUs) the Guidelines also cover the management of the relationship with PSUs.
Consultation process

Responses to this consultation can be sent to the EBA by clicking on the "send your comments" button on the website. All contributions received will be published following the close of the consultation, unless requested otherwise. Please note that the deadline for the submission of comments is 7 August 2017 and that no attachments can be submitted. A public hearing will then take place at the EBA premises on 20 June 2017 from 13.00 to 16.00 UK time.

Legal basis and background
These Guidelines have been drafted in accordance with Article 95(3) of Directive (EU) 2015/2366 on payment services in the internal market (PSD2), which mandates the EBA, in close cooperation with the ECB, to issue Guidelines with regard to the establishment, implementation and monitoring of the security measures, including certification processes where relevant. The Guidelines are addressed to both competent authorities and PSPs.

The Guidelines are one of the 11 mandates conferred onto the EBA in PSD2, which entered into force on 12 January 2016 and which will apply from 13 January 2018.

Comments: (0)

Comment on this story (membership required)

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.abe-eba.euvisit vasco.com/news/PSD2-compliant-solutionsvisit www.finastra.com

Top topics

Most viewed Most shared
German fintech factory FinLeap raises EUR39 millionGerman fintech factory FinLeap raises EUR3...
12642 views comments | 19 tweets | 15 linkedin
EPC gears up for pan-European instant paymentsEPC gears up for pan-European instant paym...
9839 views comments | 10 tweets | 28 linkedin
Mastercard to buy AI outfit BrighterionMastercard to buy AI outfit Brighterion
8688 views comments | 14 tweets | 20 linkedin
Barclays rides payments-as-a-service wave with investment in Form3Barclays rides payments-as-a-service wave...
7879 views comments | 16 tweets | 12 linkedin
hands typing furiouslyThe Digital Trade Chain: the blockchain tr...
7673 views 0 | 5 tweets | 16 linkedin