What has happened?

The UK Financial Conduct Authority (FCA) has published a consultation on its amended approach document to take into account the European Banking Authority's (EBA) fraud reporting guidelines and opinion and consultation on the strong customer authentication regulatory technical standards (SCA RTS).

What does this mean?

The FCA is proposing changes to reflect the final RTS on security and new fraud reporting requirements published by the EBA as well new complaints reporting rules about authorised push payment fraud.

In particular, there are amendments to Chapter 17 on payment initiation services and account information services and a new Chapter 20 sets out the FCA's view on the authentication requirements in the SCA RTS.

"We are now consulting on our proposed approach to the SCA RTS and our implementation of the [EBA] Guidelines that set out an exemption process for banks and other account providers building interfaces for [third-party providers] engaged in open banking," the FCA said in a press release.

For the most part, the FCA agreed with the EBA's opinion, which was issued in June, but some points are worth noting.

For example, there is a suggestion that a card CVV number could be used as a possession factor and the FCA also confirmed that biometric credentials hosted on a device can be used as an inherence factor.

The regulator has also given some useful guidance on the Article 17 corporate payment process and protocols exemption.

The consultation should be of interest to PSPs, including banks, building societies, e-money issuers, payment institutions, registered account information service providers and payment initiation service providers, as well as Credit Unions, consumer bodies and relevant trade bodies, retailers, consumers, micro-enterprises and those involved in open banking initiatives.

Responses are due by 12 October 2018 and the FCA said that it aims to publish its final position in early 2019.

Next steps

Hogan Lovells' SCA RTS Toolkit provides a comprehensive guide to the Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA) and Secure Communication. The tool includes:

  • all of the RTS articles
  • commentary from our industry-leading payment lawyers
  • a BONUS detailed video tutorial on SCA.

For a comprehensive and interactive look at all European and UK legal provisions relating to PSD2, together with latest news and insight from the Hogan Lovells Team, take a look at our PSD2 Toolkit.

For more news and analysis that is tailored to you, as well as access to Hogan Lovells' cutting-edge interactive Lawtech tools, register for free on Engage.

You can also keep track of all the Engage content by following our LinkedIn page.