Este post proviene de esta fuente de noticias

The European Banking Authority (EBA) published today its final revised Guidelines on major incident reporting under the Payment Service Directive (PSD2). The revised Guidelines optimise and simplify the reporting process and templates, focus on incidents with significant impact on payment service providers (PSPs), and improve the meaningfulness of the information to be reported. The revised Guidelines are also estimated to reduce the reporting burden for PSPs.

In accordance with PSD2, PSPs are required to report to the competent authority in their home Member State major operational or security incidents, which have or are likely to have an adverse impact on the provision of payment services.

These revised Guidelines introduce changes to some of the original classification criteria and introduce a new criterion on the breach of security of network or information systems, which, following the feedback from the public consultation, was narrowed down in scope from ‘breach of security measures’, as originally proposed. This new criterion focuses on malicious actions that have compromised network or information systems related to the provision of payment services and it would allow the reporting of additional security incidents that would be of interest to supervisors.

To reduce the reporting burden on PSPs, the EBA removed unnecessary steps from the reporting process and allowed more time for the submission of the final report. The EBA also simplified and optimised the standardised reporting template. These changes are estimated to result in a reduction of the reportable incidents by more than 10% and to facilitate PSPs in their reporting of major incidents.

The Guidelines will apply as of 1 January 2022.