According to the art. 22 of the European System of Central Banks (ESCB) Statute, the European Central Bank (ECB) has adopted rules regulating payment systems’ functions and facilitates their application so that their effectiveness is assured. The Eurosystem has issued rulebooks and guidelines concerning oversight standards, assessment criteria and payment systems’ obligations. These rules regulate DIAS’s function and its compliance with them is assessed by the BoG and the Eurosystem.
For further information you may find here the Protocol No 4 on the Statute of the European System of Central Banks and of the European Central Bank.
On a national level, DIAS as a payment system is overssen directly by the Bank of Greece (BoG) and indirectly by the European Central Bank (ECB). DIAS is conformed to the directions and rules pointed by the BoG concerning payment systems. The Bank of Greece monitors the credibility, effectiveness and transparency of DIAS’s payment system and oversees the efficiency of its technical, functional and organizational infrastructure. Thus, any security or other risk concerning its Payment System is timely prevented.
For further information, you may follow the present link.
DIAS follows these principles, specialized in payment systems. Their range of application varies according to the category each payment system belongs to (SIPSs, PIRPSs, ORPSs). These principles were adopted by the European Central Bank in June 2013 and focus on risk prevention (legal, operational, business, liquidity, credit, custody, and investment risks). Furthermore, they set precise rules and procedures for collateral acceptance, access and participation to the payment system. Finally, they impose on payment systems the obligation of fees and discount policies, to assure their efficiency.
As an ORPS, DIAS has endorsed the relevant principles and has adopted transparent policies and procedures.
For further information, you may follow the present link.
SEPA constitutes an initiative of the European Union in the payment sector aiming at the integration of the European internal market as well as the monetary integration. DIAS has already adhered to the EPC- SEPA payment schemes and conforms to rulebooks and guidelines issued in this context.
The European Directive 2015/2366 (PSD2) on payment services and the Greek Law No 4537/2018 under which the Directive was incorporated into domestic legislation set the regulatory framework for payment systems, including the requirements for payment systems authorization and further obligations imposed to them, concerning transaction security and fair pricing.
DIAS respects its obligations imposed to it by the applicable legal framework. In order to ensure its compliance and harmonization with the European practices concerning the PSD2, DIAS participates in the Convenient Access to PSD2/Payment-related Services (CAPS) initiative since 2016.
For further information, you may follow the present link.
DIAS remains highly aware of any incident that may cause a malfunction to its system. In this context, it applies various technical and organizational measures and has developed a meticulous recovery plan. All these measures are included in DIAS’s Business Continuity Plan structured according to its ISO 22301:2019 certification.
DIAS has issued transparent policies for information security concerning both its payment system and the Company’s governance and structure. These policies are periodically updated, so that they remain in accordance with the guidelines of BoG. DIAS is also certified under ISO/IEC 27001:2013 and PCI DSS (Payment Card Industry Data Security Standard). The compliance of DIAS with the PCI DSS is validated on an annual basis through assessment by an Independent Qualified External Auditor.
DIAS has taken a large variety of technical and organizational measures, in order to successfully recover from any malfunctions or security gaps to its system and to arm it against cybersecurity attacks.
For DIAS, personal data protection is of high concern throughout its operational circle. In this framework, it is fully complied with the domestic and international legislation concerning personal data protection, especially with the European General Data Protection Regulation 2016/679 (GDPR) as well as the Greek Law Νo 4624/2019. Furthermore, it continuously follows and harmonizes its practices with the directions and decisions issued by the competent Greek and European Authorities (DPAs, EDPB). It also proceeds to actions in order to educate its personnel and raise its awareness on issues concerning personal data.