European Banking Authority Finalizes Guidelines on Major Incident Reporting by Payment Service Providers07/27/2017The European Banking Authority has published a final report and final Guidelines on major incident reporting under the revised Payment Services Directive. PSD2 requires payment services providers to establish and maintain effective incident management procedures for, among other things, detecting and classifying major operational or security incidents. PSPs are required to notify their home state regulator if a major incident occurs.
The Guidelines apply to EU PSPs and to national EU regulators of EU PSPs and cover internal and external events that are malicious or accidental. The Guidelines also cover incidents that originate outside of the EU, but that affect the payment services provided by an EU PSP directly or indirectly. The Guidelines will apply across the EU from January 13, 2018.
The Guidelines set out the criteria that PSPs should use to classify an operational or security incident as "major" and the format for a PSP to notify its regulator of any major incident. The Guidelines also set out how national regulators should assess the relevance of the incident and the details that should be shared with other domestic authorities.
View the final report and Guidelines on major incident reporting under PSD2.
Return to main website.TOPIC: Payment Services
Financial Regulatory Developments Focus