• Home
•  
• News
•  

Central Bank of Malta updates Directive No. 1 on the Provision and Use of Payment Services

The Central Bank of Malta (the Bank) published today an updated text of the CBM Directive No. 1 on the Provision and Use of Payment Services which implements the provisions of Titles III and IV of the revised Payment Services Directive (PSD2): Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No. 1093/2010, and repealing Directive 2007/64/EC, originally published on 9 January 2018.

CBM's Directive No. 1 is being amended to reflect the changes that were brought about by the introduction of the Digital Operational Resilience Act (DORA): Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector. The main scope of this Regulation is to strengthen the financial sector's resilience in relation to ICT and cyber risks.

As outlined in Article 2(1) of DORA, this Regulation regulates most of the entities within the scope of CBM Directive No. 1, including credit institutions, payment institutions, electronic money institutions and account information service providers. In view that DORA includes also requirements on major incident reporting, where such provisions are also covered under the CBM Directive No. 1, Paragraph 71 of the Directive is being amended to ensure that there are no regulatory overlaps.

Thus, entities within the scope of DORA should no longer report any major incidents to the Bank but rather to the competent authority under DORA, which is the Malta Financial Services Authority (MFSA).