FFFS 2018:4

Summary

These regulations govern in part the system of appropriate measures and controls that a payment service provider shall have to manage its operational risks and security risks. The regulations also contain rules for reporting to FI. The regulations apply to all types of payment service providers, including banks, payment institutions, registered payment service providers, credit market companies, institutions for electronic money and registered issuers of electronic money.

The regulations combined with Swedish law constitute the implementation of the EU's second payment service directive. The directive aims to develop the market for electronic payments and create better conditions for secure and efficient payments. FI's regulations (FFFS 2017:1) regarding certain payment accounts have been repealed and the provisions have instead been transferred to the regulations regarding activities of payment service providers.

Amendments

The amendments entail that a payment service provider must only report relevant incidents to FI, i.e., incidents that are classified as serious. The amendments also entail that FI must receive relevant information about the fundamental causes of the incidents and the measures the firms intend to take to prevent the incidents from occurring again. The amendments were preceded by the European Banking Authority's (EBA) updates to its guidelines for reporting serious incidents pursuant to the second Payment Services Directive (PSD2).

The amendments enter into force on 1 April 2022. Amendment 2022:6

FI is making minor amendments to regulations regarding payment service business. The amendments adapt the rules on reporting fraud to EBA's guidelines in the area. They also clarify which information a payment service provider shall submit on its procedures for payment account switching. Amendment 2019:14