The EBA launched a consultation (to run until 13 March 2019) on its draft guidelines (GL) on information and communication technology (ICT) and security risk management, establishing requirements on the mitigation and management of their ICT risks - both internal and external - for credit institutions and investment firms, as defined in the Capital Requirements Directive (CRD), and payment service providers (PSPs) subject to the PSD2. The GL outline expectations in relation to governance, risk assessment process, information security requirements, ICT operational management, security in the change and development processes and business continuity managements. For PSPs, the management of their relationship with payment service users (PSUs) to ensure that the measures implemented are well communicated to them is also covered. When the GL enter into force, the GL on security measures for operational and security risks (EBA GL/2017/17) will be repealed.

Request a demo Toggle

Request a demo

We use reCaptcha to secure our forms. This requires JavaScript enabled.

Complete all fields marked with an asterisk