Entities must implement the necessary measures “immediately”


The Council of Ministers has approved a Royal Decree-Law that includes the reinforcement of measures to increase security and confidence in payment systems and minimize technological incidents, as announced in a statement.

With this objective, compliance with the measures established in the Regulation on the digital operational resilience of the financial sector (DORA Regulation) is extended to all entities involved in payment services.

Specifically, all relevant agents in the payment system must carry out adequate risk management related to information and communication technologies (ICT).

Among other obligations, they will have to identify all sources of ICT-related risk, quickly detect anomalous activities, network performance problems and incidents, and have backup, restoration and recovery policies and procedures, as well as communication plans. of crisis.

The entities must implement the necessary measures “immediately” and the Bank of Spain will have all the powers provided for in the applicable regulations to carry out supervision of compliance with these obligations.