News - News Releases 2020


Central Bank of Malta updates Directive No. 1 on the Provision and Use of Payment Services

The Central Bank of Malta published today an updated text of the CBM Directive No 1 on the Provision and Use of Payment Services which implements the provisions of Titles III and IV of the revised Payment Services Directive (PSD2): Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC, originally published on 9 January 2018.

In November 2019, the European Banking Authority (EBA) published Guidelines on ICT and Security Risk Management of Payment Service Providers (PSPs) under Directive (EU) 2015/2366. These Guidelines are repealing previously issued EBA Guidelines on Security Measures for Operational and Security Risks and came into force on 30 June 2020. To this effect, the Bank has amended Annex 3 of the CBM Directive No 1 which now reflects the new requirements.

This Annex specifies how PSPs should manage the ICT and security risks they are exposed to. More precisely, it aims to provide financial institutions with a better understanding of supervisory expectations for the management of ICT and security risks, in accordance with Paragraph 70 of the CBM Directive.

Finally, in January 2020, the EBA published guidelines amending Guidelines on Fraud Reporting under the PSD2, which introduced two additional reporting fields in the Data Breakdowns C, D and F in Annex 2 of the fraud reporting template. The Bank has amended Annex 4 of the CBM Directive No 1 to reflect such amendments which will apply to the reporting of payment transactions initiated and executed from 1 July 2020.

Back to Archive