Report on Applicable Standards and Regulations
Last updated on:
This deliverable reports on regulations, directives and standards that underline the security of the infrastructure employed in the financial sector. This deliverable identifies additional requirements arising from the need for financial organizations to comply with certain regulations and standards.
To this end, it reviews existing laws, regulations, standards and directives that apply for financial infrastructures and analyses their impact on the security of financial services. More specifically, it provides an extensive description of the regulations relevant to financial institutions as defined by supervising authorities and regulatory bodies such as the Markets in Financial Instrument Directive MFID II, the European Central Bank Cyber Incident Reporting Regime, the Payments Services Directive (PSD2), the Payment Card Industry Data Security Standard (PCI DSS) and many others. Additionally, it also provides an overview of the standards associated to the financial sector such as the ISO 27000 family of standards.
Beyond regulations that are directly relevant to the financial sector, it also provides an insightful analysis of general regulations that have an impact on FINSEC the most prominent example being the GDPR, as well as e-Privacy and eIDAS (electronic IDentification, Authentication and trust Services). The deliverable then reflects on the regulations, standards and directives with respect to the pilots included in the FINSEC project and provides a list of recommendations that could be employed by the FINSEC project.