Retail banks must maintain up to date Payment Card Industry Data Security Standards (PCI-DSS) certification. The initial certification must be obtained by 30th April 2017. Failure to comply with this requirement will trigger a supervisory response, which may include formal enforcement measures, as set out in Module EN (Enforcement).