While EPIF welcomes the EBA’s objective to enhance supervisory transparency and convergence for non‑ICT third‑party arrangements, we recommend four refinements to improve proportionality and efficiency for both supervisors and in-scope entities:

• Registry vs. notification obligations
Maintain the Section 10 documentation principle and rely on periodic registry submissions (plus targeted supervisory engagement) and suggesting the avoidance of systematic ad‑hoc notifications for relevant arrangements.

• Section 4 clarity
Make the criteria for “material impairment” more explicit and provide illustrative consequences, together with examples of critical functions to promote harmonized classification.

• Scope delineation
Include an illustrative list of out‑of‑scope services and lead a supervisor‑led consultation to publish a non‑binding taxonomy of typically non‑critical, non‑ICT categories.

• Additional guidance on subcontracting and ICT dependencies
We recommend the EBA clarify what in-scope entities can reasonably require from third-party providers regarding subcontractor oversight. Also, guidance is needed in relation to the management of cases where a non-ICT vendor relies on an ICT subcontractor. Considering the possible convergence between the non-ICT framework and DORA, there is a need to seek proportionate solutions.

The post EPIF Position on the Consultation on draft Guidelines on the sound management of third-party risk appeared first on Payment Institutions.

This letter highlights industry’s concerns on what information ICT should or should not include in the national registers of ICT providers for the financial services industry. These registers have become mandatory under DORA.

We are noticing that national competent authorities are adopting different approaches and supervisory expectations as to what ICT services should or should not be included in the registers.

The industry would welcome if the European Supervisory Authorities (ESAs), as part of their mandate to promote supervisory convergence across the EU, could work towards a common approach and understanding on what regulated entities should or should not include in the registers.

The post Joint Letter on DORA ICT national registers appeared first on Payment Institutions.

EPIF very much supports the efforts by the FSB to further promote the alignment and interoperability of data frameworks across jurisdictions and agrees with the overall assessment that the lack of interoperability of data frameworks creates frictions in cross-border payments.

The complete EPIF contributions to the consultation report can be found below.

The post EPIF response to the FSB Consultation on Data Frameworks appeared first on Payment Institutions.

EPIF considers that primarily Open Finance has brought more payment solutions and more options available. Notwithstanding, often provisions are not phrased in a technology-agnostic manner and can be overly prescriptive, which hampers innovation and does not allow for the entrance of new players or the development of new solutions.

EPIF calls therefore for the development of more future proof and proportionate provisions.

The post EPIF response to the European Commission’s consultation on Open Finance appeared first on Payment Institutions.

The post Joint industry response to the EDPB consultation on Recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data appeared first on Payment Institutions.

The post EPIF’s response to the Commission consultation on the European Data Strategy appeared first on Payment Institutions.

The post EPIF Response to the Article 29 Working Party Guidelines on Data Protection Impact Assessment (DPIA) appeared first on Payment Institutions.