On November 28, 2019, the European Banking Authority (“EBA”) published final Guidelines on information and communication technology (“ICT”) and security risk management for credit institutions, Capital Requirements Regulation investment firms and payment service providers (“PSPs”). The Guidelines establish requirements for the mitigation and management of ICT and security risks and applied from June 30, 2020. The FCA has notified the EBA that it intends to comply with the Guidelines, therefore all credit institutions, investment firms and PSPs will be expected to make every effort to comply with the Guidelines. Given the impact of the global pandemic, COVID-19, the EBA has issued further guidance on the use of flexibility in relation to the implementation of the Guidelines. Consistent with this further guidance, the FCA will apply reasonable supervisory flexibility when assessing the implementation of the Guidelines given the ongoing COVID-19 crisis
For further information, please click here.