On Friday 7th August, the MFSA issued Financial Institutions Rule FIR/04 of 2015 (the “Rule”) regarding the security of internet payments of credit institutions, payment institutions and electronic money institutions. The Rule has been issued following the Circular issued by the MFSA at the start of 2015 regarding the Guidelines on the Security of Internet Payments which were in turn published by the European Banking Authority (“EBA”) at the end of 2014.
The Rule is meant to adopt the EBA Guidelines to establish a set of minimum requirements in the field of the security of internet payments, enhancing the Payment Services Directive provisions regarding information requirements related to payment services and obligations of payment service providers in the provision of payment services.
The Rule applies to internet payment services provided by:
i) Credit Institutions licensed in terms of the Banking Act;
ii) Payment Institutions licensed in terms of the Financial Institutions Act; and
iii) Electronic Money Institutions licensed in terms of the Financial Institutions Act;
This notwithstanding the provisions of the above mentioned laws and any rules issued thereunder.
In view of the mandate which the Central Bank of Malta has to oversee payment systems and instruments, it should be borne in mind that both the MFSA and the Central Bank will be assuming a co-operative oversight role. The relevant institutions should shortly be receiving a self-assessment questionnaire in order for the Central Bank and the MFSA to be able to assess the level of compliance by such institutions with respect to the Rule and the EBA Guidelines