Do you need help with your operational and security risk assessment?
Every financial services firm should take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems. A significant part of that is making sure that there is a comprehensive operational and security risk framework in place.
Payment service providers, whether a payment institution, e-money institution (authorised or registered), registered account information service providers (AISP) or bank, have to submit an operational and security risk report at least annually to the competent authority such as the FCA.
What is an operational and security risk assessment?
An operational and security risk assessment is the process of identifying, analysing and evaluating risk. It is the best way to manage your assessment of whether the cyber security controls you choose are appropriate to the risks your organisation faces.
Under the second payment services directive (PSD2), payment services providers (PSPs) must report to the competent authority with an operational and security risk assessment and analysis of the findings. It may also include the results from the most recent audit and the number of security related customer complaints.
It must be completed at least annually however it can be submitted as frequently as every quarter. In the UK, the report is called REP018 and must be submitted on GABRIEL, unless you are an electronic money institution in which case you should email the excel sheet to the FCA.
Gain invaluable insight into best practice risk assessments from our cyber security experts.
Clients find bringing our cyber security experts in to undertake the operational and security risk assessment is invaluable as it provides you with:
We bring together our deep domain expertise in financial services compliance with specific cyber security capabilities to support clients.
Contact us for a free consultation
Read our most recent articles, where we aim to add value by providing our expert insights on the latest regulations.View More
For most financial services firms it is probably fair to say that...
In this blog, Simon Whittaker and Greg James discusses the recent outages...