Our latest insights

fscom: Operational and security risk reporting (REP018) and IT audits

Share this post

Around this time last year we published a blog on REP018, discussing the reporting obligation and who had to submit. Just to recap, REP018 is the name the FCA has given to the reporting return for the operational and security risk assessment that all payment service providers (PSPs) must submit to their regulator at least once a year, or more often as the regulator directs. Most other regulators, including the Central Bank of Ireland, simply refer to the return as the ‘operational and security risk assessment.’

Given that many PSPs are choosing to only submit once a year, it’s now time to get ready to submit your second return, so let’s take a look at what should be done this time.

Read the rest of alison Donnelly;s blog on fscom’s website

More To Explore