In a boost for firms using open banking, the FCA has published a policy statement seeking to remove identified barriers to continued growth, innovation and competition in the payments and e-money sectors. The FCA also hopes that it will increase resiliency and improve customer protection standards.
On 29 November 2021, the FCA published a policy statement on its Regulatory Technical Standards on Strong Customer Authentication and Secure Communication (SCA-RTS), its approach to payment services and e-money (the Approach Document) and its Perimeter Guidance Manual (PERG).
A key development is the new ‘Article 10A’ exemption. Currently, customers are required to re-authenticate every 90 days with their account servicing payment service provider (ASPSP) when accessing their account information through a Third-Party Provider (TPP). The FCA’s view is that requiring strong customer authentication (SCA) every 90 days creates friction when using TPP services and increases the likelihood of customer attrition (some TPPs experiencing rates of around 20-40% at the 90 day mark when SCA is required). Instead, therefore, TPPs will only need to reconfirm customers’ consent (not SCA) every 90 days in an effort to reduce customer friction.
Other changes to the SCA-RTS include:
- requiring certain ASPSPs to provide dedicated interfaces to enable TPP access to customer account information for retail and SME payment accounts;
- amending requirements on providing interface technical specifications, testing interfaces and fallback interfaces by ASPSPs intended to let ASPSPs innovate and launch products and services more quickly; and
- allowing ASPSPs with a deemed authorisation under the Temporary Permissions Regime (TPR) to rely in the UK on an exemption from setting up a fallback interface granted by a home state competent authority located in the EU.
The FCA is also updating its Approach Document, namely to:
- clarify expectations of firms following questions from industry;
- enhance firms’ resilience through prudential risk management and safeguarding requirements;
- make general changes, such as to regulatory reporting requirements; and
- reflect onshoring changes to the regulations following EU withdrawal and the end of the transition period.
Finally, the FCA is also amending PERG to update guidance on certain exclusions from the Payment Services Regulations (PSRs) and Electronic Money Regulations (EMRs), including the application of the limited network and the electronic communications exclusions. These changes are intended to help industry identify when business activities fall within the scope of the PSRs and EMRs.
For further reference, the policy statement can be read in full here.
Written by Zhuan Faraj.