The European Banking Authority (EBA) have released new guidelines for the mitigation and management of information and communication technology (ICT) and security risks.
Credit institutions, investment firms and payment service providers (PSPs) will need to improve the management of these risks. They will also be required to better understand supervisory expectations of covering sound internal governance, information security requirements, ICT operations, project and change management, and business continuity management.
The new guidelines also cover the management of PSPs’ relationship with payment service users (PSUs) to ensure users are made aware of the security risks linked with payment services. It also requires them to offer tools to disable specific payment functionalities and monitor payment transactions.
These changes come after the regulator has published its final guidelines on ICT and security risk management. The changes were made with the goal of establishing a consistent and robust approach across the single market.
The guidelines will enter into force on June 30 2020.
Copyright © 2018 RegTech Analyst