European Commission Adopts EBA/RTS

The long-awaited Regulation on strong customer authentication (SCA) has finally been agreed at Commission level and published (see Commission press release).

The Delegated Regulation (full text) sets rules on how account servicing payment service providers (ASPSPs – who are mainly banks) must ensure the security of customer data which is released to third-party providers (TPPs) under the PSD2. It also aims to improve competition in the market.

The text has adopted a compromise position on the difficult issue of screen-scraping. This will be preserved as a ‘fall-back’ but national authorities will be able to exempt banks from maintaining the fall-back interface as long as performance criteria for a dedicated TPP interface are met.

The European Parliament and Council still have 3 months to examine the text before final approval and publication in the Official Journal. It will then become final.

Main provisions:

  • The RTS will apply from Sept 2019.
  • Banks will have to either adapt their existing customer interfaces to comply with the RTS rules or build a new interface (in the UK, this will be using APIs through Open Banking).
  • All interfaces will be subject to a 3-month 'prototype' test and a 3-month 'live' test in market conditions. The test will allow market players to assess the quality of the interfaces.
  • The dedicated interface should offer the same level of availability and performance as the interface used by customers directly.
  • The dedicated interface will also have to comply with key performance indicators and service level targets These standards should be at least as stringent as those set for the online platforms used by customers.
  • The Commission will set up an expert group to review the quality of dedicated communication interfaces.
  • National authorities (FCA in the UK) will be able to exempt individual banks from setting up a fall-back mechanism BUT:
    • They must consult with EBA
    • If the dedicated interface falls below standard for more than two consecutive weeks, the NCA can revoke the exemption. Then the NCA must require the bank to establishes an automated fall-back mechanism in the shortest time possible, and within 2 months at the latest.

Transition period: The PSD2 comes into effect on 13 Jan 2018 and the RTS in Sept 2019. In this period, banks must adapt their systems. The Commission is clear that TPPs will be able to continue to use screen-scraping during this time.

Share this

FROM SOCIAL MEDIA

Join us next Friday t gain insight & understanding of industry’s experience with digitally upskilling large workfor… https://t.co/vkfkHsm61m
Valued at over £1.5 billion, unicorn @Deliveroo has completely disrupted the world of food delivery. At #STYT hear… https://t.co/Z1lqnbDUga
We are delighted to have Oliver Dowden & John Manzoni as our keynote speakers at #techUKSmarterState Join us on 18… https://t.co/dCGhgdcW8h
Join the diversity and inclusion conversation Twitter chat with @EY_UKI's Assistant Director @Ngurush and @FDMGrouphttps://t.co/Hf3VYNVQSj
Read this great guest blog from @InlinePolicy on the policy issues arising from immersive technology #VR #ARhttps://t.co/xGgg0YFNdy
For #MentalHealthAwarenessWeek, Eleri Burnhill describes the ways in which the @Corsham_Inst seeks to promote posit… https://t.co/NXM0VncYl1
Check out these guys - @ExeVelocities - Exeter based accelarator for startups focusing on clean energy & circular e… https://t.co/T1aDZcUR3n
Looking forward to speaking about how tech products 'do' the circular economy at the #techforgood #youequaltech mee… https://t.co/xS5pVjO2o3
@techUK's Talal Rajab talks all things cyber security with @DimensionData. Listen to the full podcast here - https://t.co/vAYb8IncDC
Just a few weeks to go until the first ever 'Winning with DOS' course at techUK! This session on 31 May with an ext… https://t.co/ZTX9kpuvOP
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...