PSD2 Firms – Operational and Security Risk
The FCA is consulting on proposals under the Payment Services Regulations 2017, relating to operational and security risk and minor amendments to the Payment Services Approach Document. The consultation document can be viewed here.
The FCA is proposing to require Payment Service Providers (PSPs) to comply with EBA Guidelines on operational and security risks under PSD2 and to report to the regulator at least annually.
PSPs will be required to submit at least one operational and security risk report per calendar year. For PSPs that report through Gabriel, the reporting channel will allow PSPs that carry out assessments more frequently to report them when they complete their assessments, but no more than once per quarter. PSPs will otherwise be free to choose the frequency of reporting.
The FCA is also proposing new Approach Document Guidance. The proposals in the Guidance mirror legal changes to the use of agents by registered account information service providers and the way insurance safeguarding policy proceeds need to be treated.
All PSPs should review this consultation. The consultation will last six weeks and PSPs can respond to it by following the instructions in the consultation document.
How can Thistle help you?
Thistle will continue to keep this area under review and will issue further updates where necessary. Please contact us if you need assistance in relation to any of these issues.