Cybersecurity

Advice on the secure design and operation of regulated payment systems including:

  • Supporting the Generation of critical operational documents to support the authorisation process (Information Security Policy, Business Continuity/Disaster Recovery Plans, Business Impact Analysis).
  • Providing advice on the effective supervision of the delivery of Critical IT Services outsourced to external/intragroup outsourcers (Production Network Hosting, Security Engineering, Network Monitoring/Operations).
  • Supporting the generation of compliance assessment/monitoring frameworks to assess the compliance of Agents/Distributors of regulated PSPs with applicable cybersecurity requirements.
  • Providing advice on the design of customer authentication and transaction authorisation processes to align with applicable regulatory standards (e.g. CDR 2018/389)
  • Advising Account Servicing Payment Service Providers (ASPSPs) on the development and implementation of payment account access interfaces that meet the Common and Secure Communication (CSC) criteria in CDR 2018/389.
  • Assisting ASPSPs to apply/receive an Exemption from the Contingency Mechanism requirement detailed in Art. 33(6) of CDR 2018/389.