EBA publishes Final Guidelines on major incident reporting under PSD2

The European Banking Authority (EBA) published today the Final Guidelines on major incident reporting under the revised Payment Services Directive (PSD2). The Guidelines were developed in close cooperation with the European Central Bank (ECB), are addressed to all payment services providers and competent authorities in the 28 EU Member States, and contribute to the objective of the PSD2 of minimizing disruption to users, payment service providers and payment systems.

The Guidelines set out the criteria, thresholds and methodology to be used by payment service providers in order to determine whether an operational or security incident should be considered major and, therefore, be notified to the competent authority in the home Member State. In developing the Guidelines, the EBA and ECB have built on the experience across national jurisdictions and authorities and assessed existing similar practices for incident reporting.

More specifically, these Guidelines provide the template that payment service providers are required to use for this notification and the reports they have to send during the lifecycle of the incident, including the time frame to do so. The Guidelines also establish a set of criteria that competent authorities have to use as primary indicators when assessing the relevance of a major operational or security incident to other domestic authorities in the context of the PSD2. Moreover, they detail the minimum information that competent authorities should share with these domestic authorities when an incident is considered of relevance for the latter.

Following the analysis of the 43 responses received during the public consultation, the EBA has made some amendments to the Guidelines. In particular, it has further defined the criteria, reviewed one of the thresholds, extended the deadline for the first report, streamlined the amount of information to be provided at that stage, and generally clarified the information to be provided in each of the reports.

The Guidelines will apply from 13 January 2018. The EBA statement and related information are available here.

Lavanya Rathnam

Lavanya Rathnam is an experienced technology, finance, and compliance writer. She combines her keen understanding of regulatory frameworks and industry best practices with exemplary writing skills to communicate complex concepts of Governance, Risk, and Compliance (GRC) in clear and accessible language. Lavanya specializes in creating informative and engaging content that educates and empowers readers to make informed decisions. She also works with different companies in the Web 3.0, blockchain, fintech, and EV industries to assess their products’ compliance with evolving regulations and standards.

Posted in UncategorizedTagged

Leave a Reply

Your email address will not be published. Required fields are marked *