The European Banking Authority (EBA) published its final guidelines (GL) establishing requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) and security risk management, which will enter into force on 30 June 2020. The expectations cover sound internal governance, information security requirements, ICT operations, project and change management and business continuity management, as well as the management of PSPs’ relationship with payment service users (PSUs) to ensure that users are made aware of the security risks linked to the payment services, and are provided with the tools to disable specific payment functionalities and monitor payment transactions. The GL on security measures for operational and security risks under PSD2 (EBA/GL/2017/17) have been fully integrated into these GL and will be repealed once these become applicable.

Request a demo Toggle

Request a demo

We use reCaptcha to secure our forms. This requires JavaScript enabled.

Complete all fields marked with an asterisk