All Participants should ensure that counter fraud controls are given sufficient profile in their organisation to prevent financial loss to service users and participating organisations.
Other Journeys in ‘TPP Guidelines’.
Ensuring the security of payments is at the core of PSD2. Participants are obliged to ensure that they have an established framework to manage their operational and security risks”. Participants must also be mindful of the interplay with other statutory obligations, such as ensuring the security and protection of personal data, including financial data, in accordance with data privacy laws.
The minimisation of fraud risk within the Open Banking Ecosystem is considered of fundamental importance by the Open Banking Implementation Entity to ensure the protection of customers and the security of transactions.
Recommendations are based on the regulatory guidance together with EBA/FCA guidance on monitoring and reporting requirements.
EBA has recently published Guidelines on ICT and security risk management which will repeal and replace the current EBA Guidelines on the security measures for operational and security risks of payment services under PSD2 which come into force on 30 June 2020.
Regulatory Consequences: High fraud levels could lead to regulatory investigations, enforcement action, fines and / or revocation of your regulatory permissions.
Identify Your Greatest Threats: Fraud is closely linked to poor cyber security and poor people and process information security.
1. Number of incidents of fraud.
2. Total value of fraud.
3. Description of fraud.
4. See FCA Handbook Sup16 Annex 27f, Table 2.
Regulatory Consequences: Regular fraud reporting is required by both the FCA and EBA.
Identify Your Greatest Threats: Review and assess the EBA fraud reporting requirements and align your monitoring system to prevent accidental misreporting.
Operational Excellence Next