fscom News and Events

In this blog, Simon Whittaker and Greg James discusses the recent outages faced by Smile, an online banking service offered by the Co-operative Bank.

The Co-operative Bank has been no stranger to operational issues affecting its app and web services over the past few years and, yet again, it has suffered issues. The recent outages, with the accompanying customer impact, illustrates common issues and why the regulators are emphasising the importance of building operational resilience in financial services. 

With my NICyber hat on last week I helped run a webinar about the new challenges facing us all in this new normal that we now find ourselves. In this post, I will share some additional thoughts about some best practices for video and screensharing tools.

Around this time last year we published a blog on REP018, discussing the reporting obligation and who had to submit. Just to recap, REP018 is the name the FCA has given to the reporting return for the operational and security risk assessment that all payment service providers (PSPs) must submit to their regulator at least once a year, or more often as the regulator directs. Most other regulators, including the Central Bank of Ireland, simply refer to the return as the ‘operational and security risk assessment.’

Discussing reporting obligations with our payments clients recently has revealed a lack of awareness of REP018, a report driven by the requirements of the second payment services directive (PSD2). PSD2 included Article 95(2), which requires payment services providers (PSPs) to report to the competent authority with an operational and security risk assessment. So, what is REP018 and why has it caught so many by surprise?

At what point does empowering individuals to be ‘masters of their own personal data destiny’ encroach on a payment service provider's legal responsibility to prevent fraud, safeguard its venture and limit criminal activity?