Cyber Security

Payment service providers, whether  a payment institution, e-money institution (authorised or registered), registered account information service providers (AISP) or bank, have to submit an operational and security risk report at least annually to the competent authority such as the FCA.

What is an operational and security risk assessment?

An operational and security risk assessment is the process of identifying, analysing and evaluating risk. It is the best way to manage your assessment of whether the cyber security controls you choose are appropriate to the risks your organisation faces.

Under the second payment services directive (PSD2), payment services providers (PSPs) must report to the competent authority with an operational and security risk assessment and analysis of the findings. It may also include the results from the most recent audit and the number of security related customer complaints.

It must be completed at least annually however it can be submitted as frequently as every quarter. In the UK, the report is called REP018 and  must be submitted on GABRIEL, unless you are an electronic money institution in which case you should email the excel sheet to the FCA.

Gain invaluable insight into best practice risk assessments from our cyber security experts.

Clients find bringing our cyber security experts in to undertake the operational and security risk assessment is invaluable as it provides you with:

• independence in calibrating the risks across the business;
• a breadth of experience in benchmarking against others in the industry;
• a depth of knowledge that makes us efficient in undertaking the task.

We bring together our deep domain expertise in financial services compliance with specific cyber security capabilities to support clients.