On 28th of November 2019 the European Banking Authority (EBA) published its final Guidelines on ICT and security risk management. The Guidelines are intended for credit institutions and investment firms as defined in CRD for all of their activities and payment service providers (PSPs) subject to the revised Payment Services Directive (PSD2), for their payment services. The Guidelines stipulate the requirements on the mitigation and management of the information and communication technology (ICT) and security risks. The Guidelines will enter into force on 30th June 2020. The Guidelines react on the increasing digitalisation and interconnectedness in the financial sector.
We informed about the preparation phase of the Guidelines in an earlier article.
28-1-2020