Welcome to PS2.co.uk
The home of PSD2 compliance.
The home of PSD2 compliance.
PSD2.co.uk is the go to compliance team for all PSD2 compliance and authorisation matters in the UK and Ireland. Designed by certified regulatory compliance and information security experts it delivers certainty for its payment service providers (PSP’s) in complying with PSD2 regulations. Our members have been instrumental in gaining FCA authorisation within PSD2 and also adept in providing operational and security risk assessments which are the key requirements of remaining compliant annually in regard to REP018.
REP018 is the operational and security risk report that all PSPs must complete on an annual basis. This means all credit institutions, payment institutions, e-money institutions (either authorised or registered) and registered account information service providers are required to complete a REP018 return to the Financial Conduct Authority (“FCA”) annually.
In the UK all payment service providers (PSP’s) must submit to the Financial Conduct Authority (“FCA”) an operational and security risk assessment and report via REP018. A quick look at the form on the FCA website here seems to imply that the process is simple but delving into the detail reveals that it is far from simple. Regulation 98 of the Payment Services Regulations 2017 (PSRs) requires that each PSP provides an updated and comprehensive assessment of their operational and security risks and the adequacy of the mitigation measures and control mechanisms implemented in response to those risks. This results in REP018 being an extensive piece of work; not only to initially implement, but also to maintain on an annual basis and possibly tri-monthly depending on changes within your internal network.
The key element of the REP018 is that PSP’s continue to perform and maintain risk assessments regarding ICT and cyber security. The recommendations in SUP 16 Annex 27H of the FCA Handbook have changed resulting in more technical analysis of information security and operational resilience in three key areas that a firm's risk assessment need to cover:
The obligatory audit remains the key work involved in REP018, and in addition to this PSP’s are still expected to perform ‘periodic’ IT audits.
Firms are expected to maintain a formalised proactive audit plan that details the schedules for audits throughout the year as well as other controls monitoring and testing mechanisms including penetration testing and vulnerability scans.
It is very important that the audit is performed by a professional team with expertise in both cyber security and payment services. This could be an internal individual who is operationally independent or an external auditor. In our experience, an external team of professionals undertaking the assessment enables flaws to be identified and addressed as most PSP’s are unaware of new and potential threats to their information security. In applying safeguards, senior management are able to demonstrate a greater understanding of their firm’s risk exposure in order to properly mitigate this exposure. PSD2.co.uk have extensive knowledge and experience in advising PSP’s with their operational and security risk assessments as we have developed a tried and tested methodology which exceeds the FCA expectations and means that senior management of PSP’s can remain assured that they are PSD2 compliant.
PSD.co.uk prides itself on being the most professional and cost effective provider of PSD2 compliance bringing both expert knowledge and unparalleled value for money within regulatory compliance. We understand that smaller payment institutions are under greater financial and time implications but alleviate this stress through our pragmatic operational resistance program to deliver PSD2 compliant frameworks leaving firms to concentrate solely on developing their business. If you would like to benefit from our PSD2 assurance then please contact us today for a no obligation opportunity to discuss your needs and requirements so that we can make your PSD2 compliance more fluid and greater value for money.
Copyright © 2023 PSD2 - All Rights Reserved.