Shearman & Sterling LLP | FinReg | UK Financial Conduct Authority Updates Guidance on its Approach to Payment Services and Electronic Money
Financial Regulatory Developments Focus
This links to the home page
Financial Regulatory Developments Focus
  • UK Financial Conduct Authority Updates Guidance on its Approach to Payment Services and Electronic Money

    The U.K. Financial Conduct Authority has updated its Approach Document on payment services and electronic money, to reflect final guidelines issued in December 2017 by the European Banking Authority on security measures for mitigating operational and security risks under the revised Payment Services Directive. The changes will affect all payment service providers. The FCA has also updated its webpage on reporting requirements for payment services providers and e-money issuers to reflect these changes. The webpage includes a link to the revised version of the FCA's REP018 (operational and security risk) reporting form.

    The FCA will expect payment services providers to comply with the EBA guidelines, which cover issues such as operational and security risk management framework governance, the use of models, outsourcing and how functions, processes and assets should be identified, classified and risk-assessed. The EBA guidelines also cover security of data integrity, systems and confidentiality as well as physical security and asset control and communication of the security measures to payment service users. PSPs will be expected to report at least annually to the FCA on their operational and security risk management frameworks

    The updated Approach Document shows tracked changes from the previous version. The key changes in the Approach Document are:
    • revisions to Chapter 13 (reporting and notifications); and
    • revisions to Chapter 18 (operational and security risks).

    Other minor changes have been made, to clarify the FCA's guidance or reflect legislative change, in Chapter 3 (Authorisation and registration), Chapter 4 (Changes in circumstances of authorisation or registration), Chapter 10 (Safeguarding) and Chapter 15 (Fees).

    View the updated Guidance.

    View the updated webpage on reporting requirements.

    View  details of the EBA Guidelines on PDS2 security measures for security and operational risks.

    Return to main website.