The RTS is applicable from 14th September 2019. The EBA has issued further clarification on meeting compliance with Strong Customer Authentication.
The new 2018 Regulatory Technical Standards for Strong Customer Authentication are effective from 14th September 2019. Exemptions from the requirements to apply Strong Customer Authentication are available to Payment Service Providers in certain circumstances.
The Central Bank has imposed a €280,000 fine on an investment firm for 5 breaches of the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. The breaches include failure to conduct appropriate money laundering/terrorist financing risk assessment and failure to adopt adequate policies and procedures for preventing and detecting ML/TF.
CUDA has updated the Outsourcing Policy in light of recent publications including: Central Bank’s Findings and Issues for Discussion Paper on Outsourcing (November 2018), and EBA revised Guidelines on Outsourcing ArrangementsOutsourcing will be high on Central Bank’s supervisory agenda during your PRISM engagements. The recent circulation from RCU re outsourcing service risks dated 8th May 2019 is a further indication of this.
A PIA (Data Protection Impact Assessment) assesses the impact on privacy with the introduction of a new project, service or product which involves the processing of personal data. GDPR provides that a PIA is mandatory when an organisation uses new technologies and processes personal data in a way that is likely to result in a high risk to the rights and freedoms of an individual (Art 34).