EPIF is delighted to share with you a letter that was sent to Financial Services Attaches expressing our views on the European Commission’s proposal for ICT operational resilience in the financial services sector.

While our members believe that DORA is seen as a good initiative to streamline the ICT operational resilience requirements across the entire sector, the PSD2 already includes such tailored requirements for the non-bank payment sector. These requirements are intrinsically linked to other provisions in the PSD2 related to secure communications and access to customers’ accounts for the purpose of payment initiation and account information services. EPIF therefore expresses some concern that compliance with DORA will duplicate the existing provisions and inadvertently create new barriers for payment institutions to access client information. This would run counter to the EU’s wider objective of advancing its goals of data sharing and open finance.  Please find attached the letter with more detailed comments.