The EBA has written to the European Commission following the Commission’s adoption of the RTS on strong customer authentication under PSD2. The EBA welcomes the adoption, appreciates the note the Commission took of some of EBA’s concerns and says it appreciates the Commission’s decision not to take note of some others. However, it questions why the adopted version contains changes that EBA had not proposed, and nor had the Commission proposed to EBA that it would make. It considers it should have had the opportunity to comment on these changes as it says they were not made in line with due process.
On a practical level, it is concerned that the changes will require ASPSPs developing dedicated interfaces for identification and communication with AISPs, PISPs and other PSPs will now have to comply with several new requirements. Moreover, it says the changes leave “significant room for interpretation”.