New requirements through PSD2
The Payment Service Directive 2 brings a multitude of new requirements to your institute. Some of the new requirements may already be covered by other regulatory requirements, others may be completely new. Some of the requirements are precisely formulated, some allow a significant scope for interpretation. Risk analysis, emergency concepts, evaluation of protection requirements and legal requirements for the data interface to be introduced for third-party providers. The PSD2 requires that your processes to maintain IT security in your organisation are documented. This is the only way to meet the requirements of the auditors and pass special audits conducted by the supervisory authorities.
Presumably, you have already created many of the required documents as part of existing supervisory obligations. Now it is important to synchronise this documentation with regard to the requirements of the PSD2 and, if applicable, to identify any existing documentation gaps and to close them. The consultants of SRC would be pleased to assist you with tried and tested procedure models, templates and the establishment of documents which are still to be supplemented.
In addition to being prepared for special audits conducted by the supervisory authorities, you become aware of how to deal with third party service providers and how to align your business models with regard to the risks and opportunities of the Payment Service Directive 2.
Compliance within banksSRC Security Research & Consulting GmbH
Find out about the topic areas we support with our services.