Draft EBA Guidelines on the security measures for operational and security risks of payment services under PSD2
|
|
- MargaretMargaret Horn
- 6 years ago
- Views:
Transcription
1 Draft EBA Guidelines on the security measures for operational and security risks of payment services under PSD2 ESBG (European Savings and Retail Banking Group) Rue Marie-Thérèse, 11 - B-1000 Brussels ESBG Transparency Register ID August 2017
2 ESBG Position Paper on Draft EBA Guidelines on the security measures for operational and security risks of payment services under PSD2 Question 1: Do you agree with the level of detail set out in the Guidelines as proposed in this Consultation Paper or would you have expected more or less detailed requirements on a particular aspect of the Guidelines? If not, please provide your reasoning. ESBG welcomes the opportunity to review and comment on these draft Guidelines. ESBG overall welcomes these draft Guidelines as they aim to establish an appropriate set of highlevel requirements regarding the security measures to be taken for the operational and security risks arising from the implementation of PSD2. However, while ESBG recognises that this approach may make the Guidelines more stable over time, we would have expected additional detail on the security measures, in order to help new payment service providers (PSPs) comply with the requirements under PSD2. Security measures are specific by nature, and contrary to legal rights and obligations, which can be set through high-level principles, need detailed requirements in place. Also, ESBG considers it needs to be taken into account that especially cybersecurity cannot be treated nor regulated with proportionality criteria. All companies should prevent Cyber-attacks, it must not be limited to the largest companies. As the European Parliament stated in its recently-approved FinTech Report, a connected system is only as safe as its weakest element, and due to the interconnectedness of the financial sector, it will be critical that every PSP ensures the same level of cybersecurity. Therefore, even though it initially makes sense to apply proportionality criteria to facilitate smaller PSPs compliance with the Guidelines, and ESBG encourages authorities to do so, ESBG believes this cannot be done in a way where the level of security is lessened for those smaller PSPs or where these can benefit from waivers in the field of security. Proportionality may be applied to Business Continuity Plans, for example, but not to Cybersecurity or Physical security measures. Therefore, ESBG believes that the proposed Guidelines should apply to all PSPs, regardless of their size or type of PSP. And considering that national competent authorities (NCAs) will be able to apply proportionality to PSPs, ESBG deems it necessary that the EBA proposes some criteria that NCAs should take into account to apply proportionality. Additionally, ESBG would kindly remind the EBA that currently there is no pan-european framework for improving critical infrastructure cybersecurity, equivalent to the US NIST Framework, and that a similar one should be in place in the European regulatory environment. Therefore, ESBG would support a recommendation from the EBA to the European Commission entrusting a European authority or specialized agency with the definition of such a framework; this could be delivered, for instance, by the ENISA, as its remit is being currently reviewed by the Commission. Furthermore, ESBG would like to recall the issue of the current overlapping of reporting obligations regarding (cyber) security-related incidents to different authorities (national and European) on different timelines. ESBG believes a one-stop-shop mechanism should be established for every report related to PSD2, NIS, GDPR and eidas. Finally, even though PSD2 requires NCAs to undertake a periodic assessment of the operational and security risks related to payment services, ESBG is of the opinion that EBA should: (i) clarify and provide guidance on the criteria that NCAs should take into account to require a PSP to submit the assessment with a frequency shorter than one year (ESBG believes that the frequency should be 2
3 shorter in particular for new PSPs, at least during an initial phase-in period); and (ii) withdraw PSPs that are also banks from these assessments, as they are already subject to the SREP ICT Risk Assessment. Question 2: Do you agree with the proposed Guideline 1 on Governance? If not, please provide your reasoning. Guideline 1.6 (Risk management and control models) apart from the security measures being audited by internal or external independent and qualified auditors, ESBG considers this Guideline should include a statement regarding the certification required for the auditing of security measures especially under PSD2. ESBG believes the audit should be performed either by a certified auditor or the PSP qualifies to obtain the relevant external qualification. For instance, in the case of card Payments, the PCI Security Standards Council has defined a set of requirements for being recognised a Qualified Security Assessor (QSA). This approach could be extended to other types of Payments. In addition to that, in relation to the frequency of such audits, ESBG is of the view that where a PSP has not been operational for a minimum period of time (e.g. 3 years), its NCA should request the PSP to perform an independent external audit of the security measures. Guidelines (Outsourcing) similar to the previous paragraphs, ESBG believes that EBA could indicate that NCAs should define and agree on a common European certification process to assess the security level of PSPs to which payment services are outsourced. Question 3: Do you agree with the proposed Guideline 2 on Risk assessment? If not, please provide your reasoning. Question 4: Do you agree with the proposed Guideline 3 on Protection? If not, please provide your reasoning. Guideline 3.5 (Data and systems integrity and confidentiality) due to the recent ongoing developments relating the RTS on strong customer authentication and open and secure communications, there is a severe risk that Payment Initiation Service Providers (PISPs) or Account Informations Service Providers (AISPs) are to be allowed to access, store and use the personalized security credentials (PSCs) of payment service users (PSUs). So, in order to protect PSUs sensitive data regarding payments, in particular PSCs, ESBG is of the opinion that these Guidelines should include a requirement that enhanced security measures should be taken by PISPs and AISPs when they access, store and use the PSCs of PSUs. Guideline 3.7 (Data and systems integrity and confidentiality) in order for PSPs, especially account service payment service providers (ASPSPs), to correctly apply the data minimisation principle, these Guidelines could indicate that PSUs should give clear direct consent for every transactional payment data PSPs (in particular account information service providers, AISPs) can access. Question 5: Do you agree with the proposed Guideline 4 on Detection? If not, please provide your reasoning. Question 6: Do you agree with the proposed Guideline 5 on Business continuity? If not, please provide your reasoning. 3
4 Guideline 5.5 (Scenario based business continuity planning) ESBG believes that Guideline 5.5 could state that in cases of termination of operations, PSPs should ensure that data and PSCs stored on their systems are thoroughly and permanently erased once the applying legal retention period has expired. Question 7: Do you agree with the proposed Guideline 6 on Testing of security measures? If not, please provide your reasoning. Guideline 6.3 (Testing of security measures) Considering that the manufacturing of most of the payment terminals and devices used for the provision of payment services might be outsourced to external companies, and that these will be entitled to obtain independent security certificates, ESBG considers outsourcing PSPs should not be required to repeat the testing of the same terminals and devices that already have been certified. Guideline 6.5 (Testing of security measures) Regarding the periodicity of the testing of security measures, ESBG considers that these Guidelines should provide a timeline for the periodic review of non-critical systems too, especially considering that the liability of the consideration of a system as critical or non-critical is carried out by PSPs themselves, and therefore the unintended incentives might be set by these Guidelines. Guideline 6.6 (Testing of security measures) this Guideline should include a specific deadline for the fixing of deficiencies discovered through tests conducted, based on the criticality of the assets affected and the severity of the security deficiencies. Question 8: Do you agree with the proposed Guideline 7 on Situational awareness and continuous learning? If not, please provide your reasoning. Guideline 7.1 (Threat landscape and situational awareness) It could be beneficial that the EBA promoted the setup of working groups with European authorities dealing with fraud and cybersecurity in payments in order to define the type and level of information to be shared, in order to achieve broader awareness of payment fraud and cybersecurity issues. Question 9: Do you agree with the proposed Guideline 8 on PSU relationship management? If not, please provide your reasoning. Guideline 8.7 (PSU secure communication and reporting procedures) In addition to PSUs being informed of suspected security breaches, ESBG believes that this Guideline should indicate that also any PSP indirectly affected by the suspected breach should be informed by the PSP directly affected. Moreover, in order to give PSUs certain decision power, this Guidelines could add that PSUs should have the right to revoke the consent given to a PSP for storing and using their PSCs. Question 10: Do you consider the extent of the requirements proposed in the Guidelines to be sufficient and clear? If not, please provide your reasoning. 4
5 About ESBG (European Savings and Retail Banking Group) The European Savings and Retail Banking Group is a Brussels-based association that helps its member savings and retail banks thrive, focus on providing service to local communities and boost SMEs. ESBG brings together nearly 1000 savings and retail banks in 21 European countries that believe in a common identity for policy in Europe. Its members represent one of the largest European retail banking networks, comprising one-third of the retail banking market in the European Union, with 190 million customers, more than 60,000 outlets, total assets of 7.1 trillion, non-bank deposits of 3.5 trillion, and non-bank loans of 3.7 trillion. ESBG members come together to agree on and promote common positions on relevant regulatory or supervisory matters. Learn more about ESBG at European Savings and Retail Banking Group aisbl Rue Marie-Thérèse, 11 B-1000 Brussels Tel: Fax : Info@wsbi-esbg.org Published by ESBG. August
Draft EBA Guidelines on fraud reporting requirements
Draft EBA Guidelines on fraud reporting requirements ESBG (European Savings and Retail Banking Group) Rue Marie-Thérèse, 11 - B-1000 Brussels EU Transparency Register ID 8765978796-80 November 2017 ESBG
More informationESBG response to the EFRAG consultation on Prepayment features with negative compensation (Proposed amendments to IFRS 9)
ESBG response to the EFRAG consultation on Prepayment features with negative compensation (Proposed amendments to IFRS 9) ESBG (European Savings and Retail Banking Group) Rue Marie-Thérèse, 11 - B-1000
More informationThe EBA and its mandate on strong customer authentication & secure communication under Article 98 PSD2
The EBA and its mandate on strong customer authentication & secure communication under Article 98 PSD2 Dr. Dirk Haubrich Head of Consumer Protection, Financial Innovation and Payments QED, Brussels, 6
More informationESBG s reflections on EFRAG s Discussion paper on equity instruments impairment and recycling
ESBG s reflections on EFRAG s Discussion paper on equity instruments impairment and recycling ESBG (European Savings and Retail Banking Group) Rue Marie-Thérèse, 11 - B-1000 Brussels ESBG Transparency
More informationConsultation Paper. on Draft Guidelines on fraud reporting requirements under Article 96(6) of Directive (EU) 2015/2366 (PSD2) EBA/CP/2017/13
EBA/CP/2017/13 02 August 2017 Consultation Paper on Draft Guidelines on fraud reporting requirements under Article 96(6) of Directive (EU) 2015/2366 (PSD2) 1 Contents 1. Responding to this consultation
More informationOpinion of the European Banking Authority on the transition from PSD1 to PSD2
EBA/Op/2017/16 19 December 2017 Opinion of the European Banking Authority on the transition from PSD1 to PSD2 Introduction and legal basis 1. The competence of the European Banking Authority (EBA) to deliver
More informationWSBI-ESBG common response to the Basel Committee consultation on the revision of simpler approaches of the Operational
WSBI-ESBG common response to the Basel Committee consultation on the revision of simpler approaches of the Operational risk framework WSBI (World Savings and Retail Banking Group) ESBG (European Savings
More informationESBG response to the EBA consultation on draft Guidelines on payment commitments under Directive 2014/49/EU on deposit guarantee schemes
ESBG response to the EBA consultation on draft Guidelines on payment commitments under Directive 2014/49/EU on deposit guarantee schemes ESBG (European Savings and Retail Banking Group) Rue Marie-Thérèse,
More informationESBG (European Savings and Retail Banking Group) Rue Marie-Thérèse, 11 - B-1000 Brussels. ESBG Transparency Register ID
ESBG position paper on the proposal for a Directive of the European Parliament and of the Council amending Directive 2007/36/EC as regards the promotion of long-term involvement of shareholders and Directive
More informationWSBI-ESBG Common Response to the Basel Committee Consultation on Guidance on Accounting for Expected Credit
WSBI-ESBG Common Response to the Basel Committee Consultation on Guidance on Accounting for Expected Credit Losses WSBI (World Savings and Retail Banking Group) ESBG (European Savings and Retail Banking
More informationPSD2 IMPLEMENTATION: WHAT YOU NEED TO KNOW
PSD2 IMPLEMENTATION: WHAT YOU NEED With just a few months to go, PSD2 brings with it a number of implementation challenges, not least in relation to the new regime for third party payment service providers,
More informationEPCA PAYMENT SUMMIT Arno Voerman (Van Doorne N.V.) Edwin Jacobs (Time.Lex)
EPCA PAYMENT SUMMIT 2015 Arno Voerman (Van Doorne N.V.) Edwin Jacobs (Time.Lex) Topics Legal perspective on: Strong customer authentication (regulatory and civil law) Verification of (digital) identity
More informationESBG response to the EBA s Discussion paper on the impact on the volatility of own funds of the revised IAS 19
ESBG response to the EBA s Discussion paper on the impact on the volatility of own funds of the revised IAS 19 ESBG (European Savings and Retail Banking Group) Rue Marie-Thérèse, 11 - B-1000 Brussels ESBG
More informationPSD2 (Payment Services Directive) & RTS (Regulatory Technical Standards)
PSD2 (Payment Services Directive) & RTS (Regulatory Technical Standards) Begoña Blanco Sánchez Head of Payments -Product management Daily Banking ING Belgium Creobis 16/5/2017 Agenda PSD2 Objectives RTS
More informationPosition Paper. of the German Insurance Association ID number
Position Paper of the German Insurance Association ID number 6437280268-55 on Article 5(2) and (3) of the revised EU Directive on Payment Services (PSD2) (professional indemnity insurance for payment initiation
More informationReplies to Questions
BANKING STAKEHOLDER GROUP Replies to Questions CONSULTATION PAPER on Guidelines on fraud reporting under PSD2 EBA/CP/2017/13 1 List of Questions for Consultation Q1: Do you consider the objectives for
More informationContents. For Corporates Payment Services Directive II (PSD2)
For Corporates Payment Services Directive II (PSD2) Contents 2. Introduction 2. Key Changes 3. Key Roles: Who is Who? 4. What is a PISP? 5. What is an AISP? 6. Impacts and Considerations 6. The Benefits
More informationPSD2 Stakeholder Liaison Group. 10 February 2017
PSD2 Stakeholder Liaison Group 10 February 2017 1 Agenda 1. Welcome 2. Agree agenda 3. Update on PSD2 timing 4. HM Treasury update 5. Discussion of reporting and notification requirements 6. AOB/ next
More informationWSBI-ESBG common response to the Basel Committee consultation on Monitoring indicators for intraday liquidity management.
WSBI-ESBG common response to the Basel Committee consultation on Monitoring indicators for intraday liquidity management. WSBI-ESBG (World Institute of Savings Banks - European Savings Banks Group) Rue
More informationPost Consultation Report on the implementation of the revised CBM Directive No 1 on the Provision and Use of Payment Services*
Post Consultation Report on the implementation of the revised CBM Directive No 1 on the Provision and Use of Payment Services* Published on: 9 January 2018 * Repealing CBM Directive No 1 Ref: CBM 01/2009
More informationEuropean Savings Banks Group (ESBG)
EUROPEAN SAVINGS BANKS GROUP GROUPEMENT EUROPEEN DES CAISSES D EPARGNE EUROPÄISCHE SPARKASSENVEREINIGUNG DOC 0092/05 Brussels, 27 January 2005 JEA European Savings Banks Group (ESBG) Response to CESR s
More informationPSD2 and other European legal developments
PSD2 and other European legal developments 9th Conference on Payments and Securities Settlement Systems, Ohrid, 5-8 June 2016 Michiel van Doeveren and Rui Pimentel Overview EU legal framework covering
More informationInnovation in Payment Services: The Role of EU Policies
Innovation in Payment Services: The Role of EU Policies The Hague, 18 January 2018 Ralf Jacob European Commission FISMA D.3 Retail Financial Services and Payments Objectives of this presentation Present
More informationEBA/GL/2017/08 07/07/2017. Final Report
EBA/GL/2017/08 07/07/2017 Final Report Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee under Article 5(4)
More informationTEMPLATE: COMMENTS ON THE DRAFT "RECOMMENDATIONS FOR PAYMENT ACCOUNT ACCESS SERVICES"
EUROPEAN FORUM ON THE SECURITY OF RETAIL PAYMENTS ECB-PUBLIC 12 April 2013 TEMPLATE: COMMENTS ON THE DRAFT "RECOMMENDATIONS FOR PAYMENT ACCOUNT ACCESS SERVICES" Contact details (will not be published)
More informationBird & Bird on the most important consequences of PSD2
Bird & Bird on the most important consequences of PSD2 Scott McInnes - Partner, Bird & Bird (Brussels) scott.mcinnes@twobirds.com Tel: +32.2.282.60.59 30862317 Timeline 25 November 2015 PSD2 adopted 13
More informationEBA mandate on the RTS on strong customer authentication & secure communication Status update
EBA mandate on the RTS on strong customer authentication & secure communication Status update Geoffroy Goffinet Consumer Protection, Financial Innovation and Payments, EBA European Payments Gateway Conference,
More informationWSBI-ESBG Position Regarding the Implementation of Automatic Exchange of Information within the EU and Globally
WSBI-ESBG Position Regarding the Implementation of Automatic Exchange of Information within the EU and Globally WSBI (World Savings and Retail Banking Institute) ESBG (European Savings and Retail Banking
More informationElectronic identification and trust service notifications
Guideline Electronic identification and trust service notifications FICORA Guideline Guideline 1 (23) Contents 1. Introduction... 3 1.1. Objectives of the Guideline... 3 1.2. Regulations on which the Guideline
More informationInsurance Europe concerns over the ESAs PRIIPs final draft RTS. COB-PRI Date: 18 May 2016
Technical Paper Insurance Europe concerns over the ESAs PRIIPs final draft RTS Our reference: Referring to: Related documents: Contact persons: COB-PRI-16-039 Date: 18 May 2016 Joint Committee Final Draft
More informationEBF Response to the EBA Consultations on currencies with constrained availability of Liquid Assets
EBF_005646 Brussels, 13 December 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.
More informationConsultation Paper on draft Guidelines on fraud reporting requirements under Article 96(6) of Directive (EU) 2015/2366 (PSD2)
POSITION PAPER Our reference: 2017/09/001 Your reference: EBA/CP/2017/13 1 (6) 2017-11-03 European Banking Authority Consultation Paper on draft Guidelines on fraud reporting requirements under Article
More informationThe main regulatory changes introduced PSD2 in a nutshell
www.pwc.ch The main regulatory changes introduced PSD2 in a nutshell Which are the main regulatory changes introduced by the new Directive? Directive 2007/64/CE (hereinafter "PSD"), as it is known, regulated
More informationEBA GL on fraud reporting requirements under Article 96(6) PSD2 Helene Oger-Zaher Consumer Protection, Financial Innovation and Payments, EBA
EBA GL on fraud reporting requirements under Article 96(6) PSD2 Helene Oger-Zaher Consumer Protection, Financial Innovation and Payments, EBA Public Hearing, EBA, London, 05 October 2017 Agenda 1. Introduction
More informationGuide to assessments of fintech credit institution licence applications
Guide to assessments of fintech credit institution licence applications March 2018 Contents Foreword 2 1 Introduction 3 1.1 Background to the Guide 3 1.2 What is a fintech bank? 3 1.3 Assessment of fintech
More informationLaw. on Payment Services and Payment Systems * Chapter One GENERAL PROVISIONS. Section I Subject and Negative Scope. Subject
Law on Payment Services and Payment Systems 1 Law on Payment Services and Payment Systems * (Adopted by the 40th National Assembly on 12 March 2009; published in the Darjaven Vestnik, issue 23 of 27 March
More informationPSD2 and draft EBA RTS: a lot of issues remain unclear. Scott McInnes, Bird & Bird LLP. 3 May 2017
PSD2 and draft EBA RTS: a lot of issues remain unclear Scott McInnes, Bird & Bird LLP 3 May 2017 Brussels Partner Scott McInnes specialises in competition law, as well as the regulation of financial services
More informationNote: Please read this document carefully and keep it in a safe place for future reference.
Note: Please read this document carefully and keep it in a safe place for future reference. Notice of Variation for Retail Banking PSD2 replaces the first Payment Services Directive and aims to support
More informationHot Topics IN PLAN AUDITS
Hot Topics IN PLAN AUDITS . A. Ted Hotz, CPA Audit Vice President Pugh CPAs Who Audits the Auditor? Department of Labor AICPA Peer Review program Review by another firm every 3 years Review requirement
More informationEU LEGISLATION (PAYMENT SERVICES SEPA) (AMENDMENT) (JERSEY) REGULATIONS 2017
EU Legislation (Payment Services SEPA) (Amendment) Arrangement EU LEGISLATION (PAYMENT SERVICES SEPA) (AMENDMENT) (JERSEY) REGULATIONS 2017 Arrangement Regulation 1 Interpretation... 3 2 Regulation 1 amended...
More informationGUIDELINES ON AUTHORISATION AND REGISTRATION UNDER PSD2 EBA/GL/2017/09 08/11/2017. Guidelines
EBA/GL/2017/09 08/11/2017 Guidelines on the information to be provided for the authorisation of payment institutions and e-money institutions and for the registration of account information service providers
More informationGuidance for implementation of the revised Payment Services Directive. PSD2 guidance
Guidance for implementation of the revised Payment Services Directive PSD2 guidance About the EBF The European Banking Federation is the voice of the European banking sector, uniting 32 national banking
More informationLAW. on Payment Services and Payment Systems. Chapter One GENERAL PROVISIONS. Section I Subject and Negative Scope Subject.
Law on Payment Services and Payment Systems 1 LAW on Payment Services and Payment Systems (Adopted by the 44th National Assembly on 22 February 2018, published in the Darjaven Vestnik, issue 20 of 6 March
More informationEU Policy Priorities for Retail Payments
EU Policy Priorities for Retail Payments Conference on 'A new era in payments?' Lisbon, 14 May 2018 Ralf Jacob European Commission FISMA D.3 Retail Financial Services and Payments EU regulations on payments
More informationRevision of the Payment Services Directive (PSD2) Krzysztof Zurek and Silvia Kersemakers DG FISMA, European Commission PSMEG meeting 3 December 2015
Revision of the Payment Services Directive (PSD2) Krzysztof Zurek and Silvia Kersemakers DG FISMA, European Commission PSMEG meeting 3 December 2015 PSD2 adopted on 16 November: What will change? Better
More informationPRIIPs RTS provisions that require clarification at Level 3. COB-PRI Date: 6 April 2017
Position Paper PRIIPs provisions that require clarification at Level 3 Our reference: Referring to: COB-PRI-17-027 Date: 6 April 2017 Level 3 measures (Q&As by the European Supervisory Authorities (ESAs)
More informationInsurance Europe Position Paper on the Solvency II Reporting Package. ECO-SLV Date: 15 May 2012
Position Paper Insurance Europe Position Paper on the Solvency II Reporting Package Our Reference: ECO-SLV-12-285 Date: 15 May 2012 Referring to: Related documents: Contact person: Ecofin department E-mail:
More informationOPINION OF THE EUROPEAN CENTRAL BANK
EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 5 February 2014 on a proposal for a directive of the European Parliament and of the Council on payment services in the internal market and amending
More informationHIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier. March 22, 2018
1 HIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier March 22, 2018 2 Today s Panel: Kimberly Holmes - Moderator - Vice President, Health Care, Cyber Liability & Emerging Risks, TDC Specialty Underwriters,
More informationThe main regulatory changes introduced PSD2 in a nutshell
www.pwc.com/psd2 The main regulatory changes introduced PSD2 in a nutshell Which are the main regulatory changes introduced by the new Directive? Directive 2007/64/CE (hereinafter "PSD") 1, as it is known,
More informationDATA PROCESSING AGREEMENT ( AGREEMENT )
DATA PROCESSING AGREEMENT ( AGREEMENT ) entered into on by and between: with its registered office in Gdańsk (80-387), ul. Arkońska 6, bud. A4, entered in the Register of Enterprises of the National Court
More informationRe: Consultation on Information security management: A new cross-industry prudential standard
File Name: 2018/17 15 June 2018 General Manager, Policy Development Policy and Advice Division Australian Prudential Regulation Authority GPO Box 9836 SYDNEY NSW 2001 via e-mail to: PolicyDevelopment@apra.gov.au
More information27/03/2018 EBA/CP/2018/02. Consultation Paper
27/03/2018 EBA/CP/2018/02 Consultation Paper on the application of the existing Joint Committee Guidelines on complaints-handling to authorities competent for supervising the new institutions under MCD
More informationCP ON DRAFT RTS ON ASSSESSMENT METHODOLOGY FOR IRB APPROACH EBA/CP/2014/ November Consultation Paper
EBA/CP/2014/36 12 November 2014 Consultation Paper Draft Regulatory Technical Standards On the specification of the assessment methodology for competent authorities regarding compliance of an institution
More informationTEMPLATE: COMMENTS ON THE DRAFT "RECOMMENDATIONS FOR PAYMENT ACCOUNT ACCESS SERVICES"
Nordea Bank consolidated comments to the SecuRe Pay s Recommendations for Payment Account Access Services EUROPEAN FORUM ON THE SECURITY OF RETAIL PAYMENTS NORDEA 17 March 2014 TEMPLATE: COMMENTS ON THE
More informationResponse to European Commission consultation on the evaluation of the financial conglomerate directive (FICOD) ECO-SLV-16 Date: 20 September 2016
Position Paper Response to European Commission consultation on the evaluation of the financial conglomerate directive (FICOD) Our reference: Referring to: ECO-SLV-16 Date: 20 September 2016 European Commission
More informationPayment Services Directive: frequently asked questions
European Commission - Fact Sheet Payment Services Directive: frequently asked questions Brussels, 12 January 2018 GENERAL QUESTIONS 1. What is the Payment Services Directive? The first Payment Services
More informationThe Second European Payment Services Directive (PSD2) and the Risks of Fraud and Money Laundering
The Second European Payment Services Directive (PSD2) and the Risks of Fraud and Money Laundering Version 1.1 October, 2017 Authors: I. Lammerts MSc CFE (ABN AMRO) D. Ma MSc (ABN AMRO) N. Ploeger MSc (ANTI
More informationAudit Requirement Guide SURF Framework of Legal Standards for (Cloud) Services Annex D
Audit Requirement Guide SURF Framework of Legal Standards for (Cloud) Services Annex D Utrecht, October 2016 Version number: 1.0 Credits Audit Requirement Guide SURF Framework of Legal Standards for (Cloud)
More informationJC /07/2018. Final report
JC 2018 35 31/07/2018 Final report on the application of the existing Joint Committee Guidelines on complaints-handling to authorities competent for supervising the new institutions under PSD2 and/or the
More informationCENTRAL BANK OF MALTA DIRECTIVE NO 1. in terms of the. CENTRAL BANK OF MALTA ACT (Cap. 204 of the Laws of Malta)
CENTRAL BANK OF MALTA DIRECTIVE NO 1 in terms of the CENTRAL BANK OF MALTA ACT (Cap. 204 of the Laws of Malta) THE PROVISION AND USE OF PAYMENT SERVICES Ref: CBM 01/2018 Repealing CBM Directive No.1 modelled
More informationPayments Services: Regulatory Timeline. February 2017
Payments Services: Regulatory Timeline February 2017 The next couple of years will see a range of legislative and regulatory developments affecting those in the payment services industry. As well as initiatives
More informationCYBER REPORT CYBER REPORT 2018
2018 CYBER REPORT CYBER REPORT 2018 Table of Contents 1. Introduction 2 2. Technology Risk Resiliency 3 3. Cyber Underwriting 5 4. Key Statistics 6 5. Cyber Stress Scenarios 7 1. Introduction Technology
More informationESBG response to the EBA consultation on SMEs and the SME Supporting Factor
ESBG response to the EBA consultation on SMEs and the SME Supporting Factor ESBG (European Savings and Retail Banking Group) Rue Marie-Thérèse, 11 - B-1000 Brussels ESBG Transparency Register ID 8765978796-80
More informationANTI-MONEY LAUNDERING POLICIES, CONTROLS AND PROCEDURES
ANTI-MONEY LAUNDERING POLICIES, STATEMENT It is the policy of this firm that all members of staff at all levels shall actively participate in preventing the services of the firm from being exploited by
More informationLaw. on the Recovery and Resolution of Credit Institutions and Investment Firms * Chapter One GENERAL PROVISIONS.
Law on the Recovery and Resolution of Credit Institutions and Investment Firms 1 Law on the Recovery and Resolution of Credit Institutions and Investment Firms * (Adopted by the 43rd National Assembly
More informationESBG (European Savings Banks Group) Rue Marie-Thérèse, 11 - B-1000 Brussels ESBG Register ID
ESBG Response to the EBA s consultation paper on Draft Implementing Technical Standards on supervisory reporting requirements for liquidity coverage and stable funding. ESBG (European Savings Banks Group)
More informationCOMMISSION DELEGATED REGULATION (EU) /... of
EUROPEAN COMMISSION Brussels, 23.9.2016 C(2016) 5905 final COMMISSION DELEGATED REGULATION (EU) /... of 23.9.2016 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council
More informationGuidelines. on major incident reporting under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/10 19/12/2017
EBA/GL/2017/10 19/12/2017 Guidelines on major incident reporting under Directive (EU) 2015/2366 (PSD2) 1. Compliance and reporting obligations Status of these Guidelines 1. This document contains Guidelines
More informationConsultation response
Consultation response EBA Draft RTS on Assigning Risk Weights to Specialised Lending Exposures 11 August 2015 The Association for Financial Markets in Europe (AFME) welcomes the opportunity to provide
More informationPRIVACY: BRIDGING THE GAP BETWEEN THIRD PARTY/VENDOR RISK MANAGEMENT AND CYBER RESILIENCY. Annmarie Giblin, Esq. Thursday, April 21, 2016
PRIVACY: BRIDGING THE GAP BETWEEN THIRD PARTY/VENDOR RISK MANAGEMENT AND CYBER RESILIENCY Annmarie Giblin, Esq. Thursday, April 21, 2016 AGENDA: I. INTRODUCTION II. DATA PRIVACY V. DATA SECURITY III. DEFINING
More informationI. Introduction. 1 Agreement between the European Union and the United States of America on the processing and transfer of
EDPS comments on the Communication from the Commission to the European Parliament and the Council on a European Terrorist Finance Tracking System (TFTS) and on the Commission Staff Working Document - Impact
More informationInsurance Europe key messages on Data Protection. pdf
BRE-JBZ From: Sent: To: Subject: Attachments: Follow Up Flag: Flag Status: Kaai, Geran vrijdag 3 april 2015 16:00 Verweij, Ellen FW: Request for a meeting on proposed Data Protection Regulation Europe
More informationInsurance Europe response to the ESA s joint consultation paper concerning amendments to the PRIIPs KID.
Position Paper Insurance Europe response to the ESA s joint consultation paper concerning amendments to the PRIIPs KID Our reference: Referring to: Contact person: Pages: 6 COB-PRI-18-075 European Supervisory
More informationCOMMISSION DELEGATED REGULATION (EU) /... of
EUROPEAN COMMISSION Brussels, 2.6.2016 C(2016) 3201 final COMMISSION DELEGATED REGULATION (EU) /... of 2.6.2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard
More informationPayment Services Directive II: Unravelling the Mystery 7 March 2017
Payment Services Directive II: Unravelling the Mystery 7 March 2017 John Casanova, Partner Sidley Austin LLP PSD II What is it? New directive which will repeal and replace current EU payment services legislation.
More informationRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR Richard Campo, CISM GRC Consultant IT Governance Ltd 1 Sept 2016 www.itgovernance.co.uk TM Introduction Richard Campo GRC consultant Data protection
More informationESBG RESPONSE TO THE EUROPEAN COMMISSION S CONSULTATION ON THE RECOMMENDATIONS SUPPLEMENTING THE SHAREHOLDERS RIGHTS DIRECTIVE
ESBG RESPONSE TO THE EUROPEAN COMMISSION S CONSULTATION ON THE RECOMMENDATIONS SUPPLEMENTING THE SHAREHOLDERS RIGHTS DIRECTIVE 31 July 2007 DOC 0698/07 The European Savings Banks Group (ESBG) welcomes
More informationPublic hearing EBA Draft RTS on the methods of prudential consolidation under Article 18 of the CRR. London, 22 January 2018
Public hearing EBA Draft RTS on the methods of prudential consolidation under Article 18 of the CRR London, 22 January 2018 Content Background Legal basis EBA draft RTS Structure Main elements: Scope of
More informationVisa response EBA public consultation on the draft RTS on Strong Customer Authentication
Visa response EBA public consultation on the draft RTS on Strong Customer Authentication Background The revised Payment Services Directive (PSD2) mandates to perform Strong Customer Authentication (SCA)
More informationCOMMISSION DELEGATED REGULATION (EU) /... of
EUROPEAN COMMISSION Brussels, 19.7.2016 C(2016) 4478 final COMMISSION DELEGATED REGULATION (EU) /... of 19.7.2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard
More informationDOC 0998/05 Brussels, 24 October European Savings Banks Group (ESBG)
EUROPEAN SAVINGS BANKS GROUP GROUPEMENT EUROPEEN DES CAISSES D EPARGNE EUROPÄISCHE SPARKASSENVEREINIGUNG DOC 0998/05 Brussels, 24 October 2005 V 1.1 CAL European Savings Banks Group (ESBG) Comments on
More informationBall State University
PCI Data Security Awareness Training Agenda What is PCI-DSS PCI-DDS Standards Training Definitions Compliance 6 Goals 12 Security Requirements Card Identification Basic Rules to Follow Myths 1 What is
More informationPrudential Standard GOI 3 Risk Management and Internal Controls for Insurers
Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers Objectives and Key Requirements of this Prudential Standard Effective risk management is fundamental to the prudent management
More informationConsultation Paper. Draft Guidelines EBA/CP/2018/03 17/04/2018
CONSULTATION PAPER ON SPECIFICATION OF TYPES OF EXPOSURES TO BE ASSOCIATED WITH HIGH EBA/CP/2018/03 17/04/2018 Consultation Paper Draft Guidelines on specification of types of exposures to be associated
More informationDraft guide to assessments of licence applications Part 2. Assessment of capital and programme of operations
Draft guide to assessments of licence applications Part 2 Assessment of capital and programme of operations September 2018 Contents 1 Foreword 2 2 Legal Framework 3 3 Assessment of licence applications
More informationPosition Paper. of the. European Savings Banks Group. on the. ESCB CESR Draft Standards 1 for Clearing and Settlement Systems in the European Union
EUROPEAN SAVINGS BANKS GROUP GROUPEMENT EUROPEEN DES CAISSES D EPARGNE EUROPÄISCHE SPARKASSENVEREINIGUNG DOC 502/04 21 June 2004 JOY Position Paper of the European Savings Banks Group on the ESCB CESR
More informationEuropean Union General Data Protection Regulation
European Union General Data Protection Regulation Policy 25 May 2018 Bendigo and Adelaide Bank Limited ABN 11 068 049 178 General Data Protection Regulation (GDPR) Application This GDPR section of our
More informationD1387D-2012 Brussels, 24 August 2012
D1387D-2012 Brussels, 24 August 2012 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.
More informationESBG response to the CESR call for evidence: Implementing measures on the Alternative Investment Fund Managers Directive
ESBG response to the CESR call for evidence: Implementing measures on the Alternative Investment Fund Managers Directive European Savings Banks Group Register ID 8765978796-80 January 2011 DOC 1449/10
More informationRequirements of explicit consent
THIS DOCUMENT IS AN ENGLISH TRANSLATION OF THE INFORMATION PUBLISHED BY THE DUTCH PROTECTION AUTHORITY ON 18 OCTOBER 2018 IN RELATION TO THE INTERPLAY OF PSD2/GDPR. THIS IS A COURTESY TRANSLATION PROVIDED
More informationTEMPLATE: COMMENTS ON THE DRAFT "RECOMMENDATIONS FOR PAYMENT ACCOUNT ACCESS SERVICES"
BDB Response to the SecuRe Pay s Recommendations for Payment Account Access Services - FINAL EUROPEAN FORUM ON THE SECURITY OF RETAIL PAYMENTS ECB-PUBLIC 12 April 2013 TEMPLATE: COMMENTS ON THE DRAFT "RECOMMENDATIONS
More informationDefined Contribution and Defined Benefit Plans: Have you considered everything?
Defined Contribution and Defined Benefit Plans: Have you considered everything? Amy Henselin Partner, Audit Appleton Debbie Smith Partner, National Professional Standards Group Chicago Objectives Identify
More informationSTATUTORY INSTRUMENTS. S.I. No. 60 of 2017 CENTRAL BANK (SUPERVISION AND ENFORCEMENT) ACT 2013 (SECTION 48(1)) (INVESTMENT FIRMS) REGULATIONS 2017
STATUTORY INSTRUMENTS. S.I. No. 60 of 2017 CENTRAL BANK (SUPERVISION AND ENFORCEMENT) ACT 2013 (SECTION 48(1)) (INVESTMENT FIRMS) REGULATIONS 2017 2 [60] S.I. No. 60 of 2017 CENTRAL BANK (SUPERVISION AND
More informationEBF Response to EBA Consultation on draft ITS amending ITS on supervisory reporting on Liquidity Coverage Ratio (EBA/CP/2014/45)
EBF_0125713v5 The European Banking Federation is the voice of the European banking sector, uniting 32 national banking associations in Europe that together represent some 4,500 banks - large and small,
More informationConsultation on EBA-CP Supervisory reporting requirements for liquidity coverage and stable funding.
Consultation on EBA-CP-2012-05 - Supervisory reporting requirements for liquidity coverage and stable funding. Replies and comments by the EBA Banking Stakeholder Group Question 1: Are the proposed dates
More informationEBA FINAL draft implementing technical standards
EBA/ITS/2013/05 13 December 2013 EBA FINAL draft implementing technical standards on passport notifications under Articles 35, 36 and 39 of Directive 2013/36/EU EBA FINAL draft implementing technical standards
More informationGuide to assessments of licence applications
Guide to assessments of licence applications Licence applications in general Second revised edition January 2019 Contents 1 Foreword 2 2 Legal framework 3 2.1 SSM Regulation and SSM Framework Regulation
More informationThe Changing EU Regulatory Framework for Retail Payments
The Changing EU Regulatory Framework for Retail Payments 10 th Jubilee Conference on Payments and Market Infrastructures Ohrid, 5-7 July 2017 Ralf Jacob European Commission FISMA D.3 Retail Financial Services
More informationWhat You Should Know CPEL Payment Services Directive 2
What You Should Know CPEL Payment Services Directive 2 GENERAL BACKGROUND - PAYMENT SERVICES DIRECTIVE (PSD) AND PAYMENT SERVICES DIRECTVE 2 (PSD2) 1. What is the PSD and what changes did it introduce
More information