Resilience Policy

In a global environment marked by the increasing sophistication and frequency of cyberattacks, cyber resilience has become an essential element to ensure the continuity and security of digital services. The rapid digitalisation of the economy and society creates new opportunities but also heightens the risks associated with cybercrime, with potential economic, social, and reputational impacts.This challenge is particularly intense in the field of payment systems, which operate in increasingly interconnected, complex, and demanding environments, with requirements for real-time processing and uninterrupted availability (24x7).

In this context, Iberpay plays a critical role in ensuring Spain’s financial stability and economic development. As a Financial Market Infrastructure (FMI) recognised by the Eurosystem and designated nationally as an operator of essential services and a critical infrastructure, Iberpay assigns the highest strategic priority to protecting its operations, ensuring business continuity, and maintaining the cyber resilience of all the services and platforms it manages. The information managed by Iberpay is a key asset: it must be accurate, timely, and relevant, as proper information management is essential for the efficient and secure performance of our functions.

Iberpay’s management is strongly committed to the continuous improvement of its cyber resilience capabilities, through the implementation of technical and organisational measures aligned with the highest international standards and in compliance with the regulations in force, as approved by the Bank of Spain as supervisory authority. Likewise, Iberpay guarantees a regime of neutrality and equal treatment for all participants and entities connected to its services.

Fully aware of the current risk landscape, we continue to strengthen our security posture to anticipate, prevent, and respond effectively to any threat, thereby ensuring the trust of our clients, users, and society as a whole.

Cyber resilience in Iberpay

In June 2016, the Committee on Payments and Market Infrastructures (CPMI) — the global standard-setting body for payment, clearing, and settlement systems that support financial markets worldwide — and the International Organization of Securities Commissions (IOSCO) of the Bank for International Settlements (BIS) in Basel, published the Guidance on Cyber Resilience for Financial Market Infrastructures (FMIs) (link).

Since 2018 Iberpay bases its Cyber Resilience Strategy on this guide, serving as a basis for the development of a structured framework aligned with the most demanding international standards. Additionally, the European Central Bank adopted this same guidance for Eurosystem oversight for all types of FMIs (link), so its implementation in Iberpay not only reinforces its own operational resilience, but also ensures compliance with European regulatory expectations in cybersecurity, thus facilitating consistent and coordinated oversight at a pan-European level. The implementation at Iberpay therefore not only reinforces its own operational resilience, but also ensures compliance with European regulatory expectations on cybersecurity, thus facilitating consistent and coordinated pan-European oversight.

Last update: September 11, 2025