PSD2: EBA consults on security measures for operational and security risks
mercredi 17 mai 2017 Clifford ChanceThe EBA has launched a consultation on draft guidelines on security measures for operational and security risks under the revised Payment Services Directive (PSD2). The proposed guidelines set out the requirements that payment service providers should implement in order to mitigate operational and security risks derived from the provision of payment services.
The guidelines cover:
- governance of the risk management framework, the risk management and control models and outsourcing;
- identification, classification and risk assessment of functions, processes and assets;
- protection of integrity and confidentiality of data and systems, physical security and access control;
- monitoring, detection and reporting of security incidents;
- business continuity management, including scenario-based continuity plans and their testing, incident management and crisis communication;
- testing of security measures;
- situational awareness and continuous learning; and
- management of the relationship with the payment service user.
Comments are due by 7 August 2017.