Incident reportingU.K.
99.—(1) If a payment service provider becomes aware of a major operational or security incident, the payment service provider must, without undue delay, notify the FCA.
(2) A notification under paragraph (1) must be in such form and manner, and contain such information, as the FCA may direct.
(3) If the incident has or may have an impact on the financial interests of its payment service users, the payment service provider must, without undue delay, inform its payment service users of the incident and of all measures that they can take to mitigate the adverse effects of the incident.
(4) Upon receipt of the notification referred to in paragraph (1), the FCA must—
(a)without undue delay, provide the relevant details of the incident to the European Banking Authority and to the European Central Bank;
(b)notify any other relevant authorities in the United Kingdom; and
(c)co-operate with the European Banking Authority and the European Central Bank in assessing the relevance of the incident to authorities outside of the United Kingdom.
(5) If the FCA receives notification of an incident from the European Banking Authority or the European Central Bank it must take any appropriate measures to protect the immediate safety of the financial system.