Most definitions are sufficiently clear. Nevertheless, it is not clear whether “near miss incidents” are included in the definition of “Major operational or security incidents”. Furthermore, it is not clear whether the abovementioned definition also includes incidents that have a potential loss.
No. Since Reputational Impact it is difficult to quantify, we suggest that the relevant paragraph outlined in page 25, should end up with the following sentence: “In case PSPs are not able to assess the Reputational Impact based on the above parameters, they should justify their answers based on their own internal procedures (e.g. materiality matrix, if present)”. Furthermore, the criteria concerning ‘’transactions affected’’ and “clients affected’ should be further clarified in order to explain how to assess and calculate affected transactions and customers.
Τhe methodology will capture less than those incidents that are currently considered major due to the smaller size and the limited thresholds currently used by the Cypriot Banking sector.
We do not propose any changes for the said thresholds.
We think its sufficient.
We consider the instructions clear and helpful.
We consider the two-hour deadline for submitting the Initial Report too short bearing in mind that in the case of an incident, PSP’s main concern will be to remedy rather than report. We hence suggest the deadline to be extended to six hours, so as allow a satisfactory time span to remedy, communicate and report.
Furthermore, we suggest the two-week deadline for submitting the Final Report to be extended to four weeks because, although the service may recover, the information gathering for the completeness of the investigation might take longer due to the fact that many stakeholders might be involved.
Bearing in mind that the delegated reporting procedure is optional and that it will only be exercised upon PSPs own will, we consider that it will it add value in terms of cost efficiency and better time management.
It will add value in terms of cost efficiency and better time management.