REP018 is the operational and security risk assessment and reporting return that all payment service providers (PSPs), authorised in the UK, must submit to the regulator, the Financial Conduct Authority (FCA) at least once a year. This is a mandatory annual report for all UK based PSPs.
This regulation aligns with the European Banking Authority’s (EBA) regulations and guidelines under the Payment Services Directive 2 (PSD2), which the UK continues to follow post-Brexit. The report, which should adhere to the EBA’s ICT and security risk management guidelines, is to include a thorough evaluation of operational and security risks tied to the PSPs’ payment services, as well as the effectiveness of their mitigation strategies and control mechanisms. The report must be submitted via the data collections platform RegData
PSPs experiencing significant changes in their technical systems may be required to submit reports more frequently, although never more than quarterly, as per FCA guidelines.
The FCA refers PSPs to the EBA Guidelines issued on 12 December 2017 concerning operational and security risks of payment services. These guidelines outline the criteria for these assessments, including:
The standard REP018 report format must address questions related to:
REP018 report requires the following assessments and documents to be attached:
Further, the FCA expects the full assessment attached to the report and information on the latest security and IT Audit conducted. In-scope firms are still obligated to conduct ‘periodic’ IT audits under an established plan that outlines yearly schedules and other control monitoring and testing measures like penetration tests and vulnerability scans. It’s crucial that these audits are executed by an expert in IT, cybersecurity, and payment services, either an operationally independent internal individual or an external auditor.
Please fill our free consultation form and a member of our team will get in contact with you.
The Regulatory Gateway for Financial Promotions is Here
Navigating KYC Challenges in 2024: Insights from the Q&A Session
Webinar Recording – KYC: Challenges Around KYC and Best Practices for 2024
Navigating the Financial Promotions Gateway Ahead of the FCA Deadline, 7th February 2024
34 Lime Street
London
EC3M 7AT
United Kingdom
+44 (0)20 7399 4980
info@complyport.co.uk
Emirates Financial Towers
South Tower
Level 3, Office 308
DIFC, Dubai
United Arab Emirates
info@ae.complyport.com
2 Diagorou
ERA House
Ground Floor, 1097
Nicosia
Cyprus
info@cy.complyport.com
© Complyport 2024 | All Rights Reserved.