Interactive Single Rulebook

The Interactive Single Rulebook is an on-line tool that provides a comprehensive compendium of  the level 1 text for the Capital Requirements Regulation (CRR) and the Capital Requirements Directive (CRD IV); Bank Recovery and Resolution Directive (BRRD); the Deposit Guarantee Schemes Directive (DGSD); and the Payments Services Directive (PSD2)  the corresponding technical standards developed by the European Banking Authority (EBA) and adopted by the European Commission (RTS and ITS), as well as the EBA Guidelines and related Q&As.
 
The purpose of the Single Rulebook is to ensure the consistent application of the regulatory banking framework across the EU.
 
This Interactive Single Rulebook is meant purely as a documentation tool and the EBA does not assume any liability for its contents. For the authentic version of EU legislation users should refer to the Official Journal of the European Union.
 
Please click on the relevant legislative text to see technical standards, guidelines and Q&As relating to each Article.
 
 
 

« Back

Interactive Single Rulebook

Path Payment Services Directive > TITLE IV > CHAPTER 5 > Article 95 (Copy link to article)
Title Article 95
Description Management of operational and security risks
Main content

1. Member States shall ensure that payment service providers establish a framework with appropriate mitigation measures and control mechanisms to manage the operational and security risks, relating to the payment services they provide. As part of that framework, payment service providers shall establish and maintain effective incident management procedures, including for the detection and classification of major operational and security incidents.

2. Member States shall ensure that payment service providers provide to the competent authority on an annual basis, or at shorter intervals as determined by the competent authority, an updated and comprehensive assessment of the operational and security risks relating to the payment services they provide and on the adequacy of the mitigation measures and control mechanisms implemented in response to those risks.

3. By 13 July 2017, EBA shall, in close cooperation with the ECB and after consulting all relevant stakeholders, including those in the payment services market, reflecting all interests involved, issue guidelines in accordance with Article 16 of Regulation (EU) No 1093/2010 with regard to the establishment, implementation and monitoring of the security measures, including certification processes where relevant.

EBA shall, in close cooperation with the ECB, review the guidelines referred to in the first subparagraph on a regular basis and in any event at least every 2 years.

4. Taking into account experience acquired in the application of the guidelines referred to in paragraph 3, EBA shall, where requested to do so by the Commission as appropriate, develop draft regulatory technical standards on the criteria and on the conditions for establishment, and monitoring, of security measures.

Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.


5. EBA shall promote cooperation, including the sharing of information, in the area of operational and security risks associated with payment services among the competent authorities, and between the competent authorities and the ECB and, where relevant, the European Union Agency for Network and Information Security.

 
 

 

 

 

 

 

 

 

 

Topics