Aggregated News From Investment Management Regulators

EBA publishes final revised Guidelines on major incident reporting under PSD2


Please complete the required fields.

The European Banking Authority (EBA) published today its final revised Guidelines on major incident reporting under the Payment Service Directive (PSD2). The revised Guidelines optimise and simplify the reporting process and templates, focus on incidents with significant impact on payment service providers (PSPs), and improve the meaningfulness of the information to be reported. The revised Guidelines are also estimated to reduce the reporting burden for PSPs.

In accordance with PSD2, PSPs are required to report to the competent authority in their home Member State major operational or security incidents, which have or are likely to have an adverse impact on the provision of payment services.

These revised Guidelines introduce changes to some of the original classification criteria and introduce a new criterion on the breach of security of network or information systems, which, following the feedback from the public consultation, was narrowed down in scope from ‘breach of security measures’, as originally proposed. This new criterion focuses on malicious actions that have compromised network or information systems related to the provision of payment services and it would allow the reporting of additional security incidents that would be of interest to supervisors.

To reduce the reporting burden on PSPs, the EBA removed unnecessary steps from the reporting process and allowed more time for the submission of the final report. The EBA also simplified and optimised the standardised reporting template. These changes are estimated to result in a reduction of the reportable incidents by more than 10% and to facilitate PSPs in their reporting of major incidents.

The Guidelines will apply as of 1 January 2022.

Legal basis and background

Article 96(3) of Directive (EU) 2015/2366 on Payment Services in the Internal Market (PSD2) confers on the European Banking Authority (EBA) the mandate to develop, in close cooperation with the European Central Bank (ECB), Guidelines addressed to payment service providers on the classification and notification of major operational or security incidents, and to competent authorities on the criteria to assess their relevance and the details to be shared with other domestic authorities. Article 96(4) of PSD2, in turn, requires the EBA, in close cooperation with the ECB, to review the Guidelines on a regular basis and in any event at least every 2 years.

The original Guidelines on major incident reporting were developed in 2017 in close cooperation with the European Central Bank (ECB) and have applied since January 2018. The EBA launched the review of the Guidelines in 2020 by assessing the reports it had received by then.

The EBA acknowledges the ongoing negotiations of the EU Commission’s proposal for an EU regulatory framework on digital operational resilience (DORA), which contains, inter alia, a proposal to harmonise and streamline the reporting of ICT-related incidents, not only for payment services but across the entire EU finance sector. The EBA will continue monitoring these negotiations. Depending on their outcome, the EBA Guidelines may eventually be repealed and replaced with the DORA Regulation, which is currently estimated to apply from 2024.

This news item was originally published by the European Banking Authority (EBA). For more information, please see the Source Link.

Regulator Information

Regulator Name: European Banking Authority
Abbreviation: EBA
Jurisdiction: Supranational

Recent Articles

Directive for the beneficial ownership register of express trusts and similar legal arrangements

See the Press Release published by the Cyprus Securities and Exchange Commission (CySEC CY) here: Source link


Attention! The FMA warns investors against concluding transactions with: RichmondSuper (Link to external page. Opens in new window.) [email protected] [email protected] [email protected] [email protected] [email protected] (Link to external page. Opens in new window.) This provider...

Hardson Becker Global

Attention! The FMA warns investors against concluding transactions with: Hardson Becker Global with its registered address apparently in Hangzhou, China This provider is not authorised to carry...

“Let’s talk about money” – money laundering: how illegal assets are given a legal appearance

In the latest edition of its consumer information series, “Let’s talk about money” the Austrian Financial Market Authority (FMA) explains about the term money...

Chair Powell will host town hall with educators August 2, 2021 at 4 p.m. EDT

Please enable JavaScript if it is disabled in your browser or access the information through the links provided below.

Get the latest from Regulatory.News in your inbox!