Operational and Security Risk Management (Art 95)

Under PSD2 (EU) 2015/2366, Article 95 mandates that payment-service providers establish a comprehensive operational and security risk-management framework. This requires identifying, assessing, mitigating and continuously monitoring threats to the integrity, confidentiality and availability of payment systems, and reporting significant risks to competent authorities.