Security and Operational Risk Reporting

In accordance with the Payment System Act, all persons authorised to provide payment services are required to report annually on security and operational risks.

The scope, form, deadlines, and manner of providing information are regulated by Decree no. 150/2019 Coll., on the reporting of security and operational risks in the area of payments. The person authorised to provide payment services informs the Czech National Bank about security and operational risks via the Internet interface for the Collection of Information Obligations of Regulated Entities – SIPReS (Sběr informačních povinností regulovaných subjektů – SIPReS).

Do you know that you have to fulfil this obligation retrospectively for the year 2018? Does it concern you? Did you forget to report? Have you even received a call from the Czech National Bank to fulfil its reporting duty?

You should not underestimate the importance of this.

The Czech National Bank may penalise you for non-compliance with the reporting duty by charging a fine of up to CZK 1,000,000. Similarly, ignoring this call may lead to repeated breaches of obligations, which may result in your licence being revoked.

Do you have questions about reporting security and operational risks?

Our law firm STUCHLÍKOVÁ & PARTNERS has extensive experience in related areas and would be happy to provide you with legal advice. Contact us at and arrange an initial free consultation!

First consultation free or find out more