On Apr. 26, GE BaFin issued circular on reporting risks in transactions.
GE BaFin published a circular for payment service providers specifying how they must communicate operational and security-related risks in accordance with current law.
It refers to Section 53 Paragraph 2 of the Payment Services Supervision Act (ZAG).
According to Second Payment Services Directive (PSD 2) and ZAG, all payment service providers must report operational and security-related risks of their payment services.
They must assess if risk mitigation measures and control mechanisms are appropriate, and this requirement is an annual obligation for those involved, on Dec. 31 each year.
The reports must be forwarded to GE BaFin, by email, within two months of deadline.
The circular refers to an attached form that will be used in the future for reports to GE BaFin in accordance with Section 53 Paragraph 2 ZAG, to meet all these requirements.
Relevant information and explanation was issued along with letter dated Apr. 23, 2024, by GE BaFin, to all of the relevant payment providers covered by these requirements.
Effectiveness
The first reporting deadline for these reporting requirements is set as Dec. 31, 2024.
