Policy Statement on final RTS secure customer authentication

In September 2018, the FCA consulted on new or amended rules, directions and guidance to implement the Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication; new fraud reporting requirements; and draft EBA exemption guidelines.

The FCA has now published its policy statement, setting out the revised Payment Services and E-money Approach Document and Handbook and the final version of the EBA exemption guidelines. In particular, it sets out:

  • how the FCA will assess whether banks and other online account providers are properly set up to enable open banking;
  • amended fraud reporting requirements;
  • new rules on reporting complaints about authorised push payment fraud; and
  • rules, which will require all PSPs to undertake strong customer authentication with a customer (unless one of the permitted exemptions applies).