Supervision release 11 November 2019 – 59/2019

Regulations and guidelines 8/2014 Management of operational risk in supervised entities of the financial sector updated

FIN-FSA Regulations and guidelines 8/2014 Management of operational risk in supervised entities of the financial sector have been updated and will enter into force on 1 January 2020.

Updates have been made, for example, in incident reporting concerning network and information security breaches and fraud reporting concerning payment services.  

The amendments to the regulations and guidelines are due to Directive 2016/1148 on security of network and information systems (NIS), Article 96(6) of the reformed Payment Systems Directive (PSD2) (EU) 2015/2366, Article 33(6) of Regulation (EU) 2018/389, Guidelines of the European Banking Authority on fraud reporting (EBA/GL/2018/05) and on the conditions to benefit from an exemption from the contingency mechanism under PSD2 (EBA/GL/2018/07).

By these amendments, the FIN-FSA provides more specific regulations and guidelines for incident reporting under the NIS Directive. Furthermore, the FIN-FSA provides more specific regulations and guidelines on fraud reporting concerning payment services and related deadlines. The regulations and guidelines also communicate to supervised entities certain EBA guidelines which should be taken into account by the supervised entities in their activities.

For further information, please contact

Anne Nisén, Senior Risk Expert, tel. +358 9 183 5211, anne.nisen(at)fiva.fi

 

Appendices