Tag Archives: PSD2
Following the first meeting of the EBA Working Group on APIs under PSD2, the EBA has published the first set of issues identified and consequent clarifications. The issues relate to the testing environment mandated by the SCA RTS, technical specification transparency and the identification of qualified trust service providers issuing PSD2 eIDAS certificates.
The EBA has published a revision to the Committee of European Banking Supervisors’ 2006 Guidelines on outsourcing arrangements. The revised guidelines take into account and are consistent with CRD IV, MiFID II, EMD, PSD II and BRRD. The guidelines will include provisions relating to outsourcing to cloud service providers that the EBA previously published as […]
EBA has set up a working group on APIs under PSD2. It has published details of its meetings and the group on a new website page.
FCA is consulting on how it proposes to make technical standards which are substantially the same as the PSD2 SCA RTS to ensure strong customer authentication and common and secure open standards of communication post-Brexit. FCA comments that some of the SCA-RTS take effect from 14 March 2019 and others not until 14 September. In […]
In September 2018, the FCA consulted on new or amended rules, directions and guidance to implement the Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication; new fraud reporting requirements; and draft EBA exemption guidelines. The FCA has now published its policy statement, setting out the revised Payment Services and […]
The EBA has published its Opinion on how eIDAS certificates and be used under the SCA and CSC RTS under PSD2. The Opinion: clarifies that it is the ASPSPs that should choose whether a Qualified certificate for electronic seals (QSealC) or a qualified certificate for web authentication (QWAC) should be used for identification purposes; suggests […]
The EBA has published final Guidelines on the exemption from the fall back mechanism requirement under the RTS on Secure Customer Authentication and Common and Secure Communications (Commission Delegated Regulation (EU) 2018/389) (SCA & CSC RTS). This exemption applies to account servicing payment service providers (ASPSP) who meet the four conditions sets out in the […]
As part of its implementation of PSD2, the FCA has published a consultation on matters relating to the Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication (SCA-RTS) (CP18/25). Most of the SCA-RTS provisions come into effect from 14 September 2019, and certain provisions relate to measures that regulators […]
We recently wrote an article for Compliance Monitor on strong customer authentication under PSD2 and EBA Guidelines.
In the ongoing case of Bundeskammer für Arbeiter und Angestellte v ING-DiBa Direktbank Austria Niederlassung der ING-DiBa AG (Case C-191/17), the European Court of Justice has been asked for the first time to interpret the term ‘payment account’ for the purposes of the Payment Services Directive (PSD). The Advocate General’s Opinion has now been handed down, […]
The EBA has published a consultation on draft Guidelines supplementing the Regulatory Technical Standards on strong customer authentication published in the OJ in March 2018, and applicable from September 2019. Article 33(6) of the RTS set out the conditions that must be met when an Account Servicing Payment Service Provider (ASPSP) wishes to provide access […]
UK Finance, the Financial Data and Technology Association, the Electronic Money Association and techUK have jointly published voluntary guidelines. The guidelines are directed at account servicing payment service providers, account information and payment initiation services and technical service providers. The guidelines seek to increase customer protection in relation to ‘screen scraping’, including by promoting the […]
The EBA has written to the European Commission following the Commission’s adoption of the RTS on strong customer authentication under PSD2. The EBA welcomes the adoption, appreciates the note the Commission took of some of EBA’s concerns and says it appreciates the Commission’s decision not to take note of some others. However, it questions why […]
We have written an article for Compliance Monitor summarising the key changes PSD2 brings to UK law.
EBA has published its final guidelines on security measures for operational and security risks of payment services required by PSD2. The guidelines require PSPs to have in place: an effective operational and security risk management framework processes to detect, prevent and monitor potential security breaches and threats risk assessment procedures regular testing processes to raise […]
BEIS has published guidance on the Consumer Rights (Payment Surcharges) Regulations 2012. New rules come into force on 13 January 2018 as a result of PSD2 that ban surcharges on a wide range of transactions, while limiting them in others. PSD2 bans merchants from charging a fee on the basis of a consumer’s choice of payment […]
The European Commission has finally adopted the RTS under PSD2 on strong customer authentication (SCA) and common and secure open standards of communication. The key purpose of the RTS is to create stringent security procedures to reduce payment fraud levels and protect confidential data. The key requirement is for at least two independent elements in […]
At the Westminster Business Forum on retail banking and payments, Karina McTeague, Director of Retail Banking Supervision, delivered a speech on the regulatory priorities in the retail banking sector. She explained FCA’s priorities as articulated in its business plan, and said all have application to retail banking. FCA is looking closely at how retail banks […]
The European Payments Council (EPC) has launched a three month consultation on the Mobile Contactless Single Euro Payments Area Card Payments Implementation Interoperability Guidelines (MCP IIGs). EPC has updated the MCP IIGs with the help of stakeholders from the mobile contactless payment industry, with the aim of standardising a smooth and secure means of mobile contactless […]
FCA has published several new and updated pages on its website with new application forms for firms making applications under PSD2. The updates cover payment institutions, e-money institutions and account information service providers.
The European Banking Authority (EBA) has published final guidelines on the procedure for payment service users and other interested parties to submit complaints against PSPs in respect of alleged infringements of PSD2. The guidelines specify the information competent authorities (CAs) must request from complainants and the information CAs should use in their response to complaints. CAs are now […]
FCA has updated its website to provide a set of new pages on PSD2. The pages aim to help firms that are: currently regulated as payment service providers currently excluded from regulation under the Payment Services Regulations 2009 or providing services that will fall under regulation for the first time as a result of PSD2.
The FCA has today published its long awaited policy statement and approach document on the implementation of PSD2. The Policy Statement confirms changes to the Handbook and Approach Document guidance, and new non-Handbook directions for excluded firms, to reflect PSD2 and the PSRs 2017. This follows the two consultations the FCA issued in April (CP17/11) and July (CP17/22). FCA has made some […]
FCA’s latest Handbook Notice confirms it has made rules amending: TC to update the qualification table COBS and MCOB in respect of the smarter communications initiative, in particular to address the risks of over-disclosure COBS to enable governance bodies of relevant pension schemes to get information to allow them to assess transaction costs the Listing […]
This month’s edition of Regulation round-up discusses: the consultation to extend SM&CR to all financial services firms; the Threshold Conditions Team taking enforcement action and cancelling the authorisations of 207 firms; FCA’s agenda and priorities for consumer credit; contingency planning for firms that do not have their MIFID II permissions in place by 3 January […]
The EBA’s Consultation Paper on the Guidelines on Fraud Reporting under PSD2 (EBA/CP/2017/13) has been developed in close cooperation with the European Central Bank (ECB) to ensure that the high-level fraud reporting requirements under Article 96(6) of the PSD2 are implemented consistently among Member States and that the aggregated data provided by competent authorities to the […]
The Guidelines set out: the criteria, thresholds and methodology to be used by payment service providers in order to determine whether an operational or security incident should be considered major and, therefore, be notified to the competent authority in the home Member State the template that payment service providers are required to use for this […]
The FCA published its July edition of Regulation Round-Up this week. Highlights of some of the “hot topics” covered include: interim report of the FCA’s Retirement Outcomes Review; the publication of the final report on its asset management market study; the publication of the MiFID II policy statement and consultation paper VI; first undertaking received under […]
The Government’s approach is set out in their response to its consultation on the implementation of PSD2. Taking into account the range of views received through the consultation, the Government has decided to extend the surcharging ban to all retail payment instruments. This will create a level playing field between payment instruments and create a […]
On 9 February 2017, the government published a consultation document, ‘Implementation of the revised EU Payment Services Directive II’, as well as draft legislation. The consultation invited responses on the government’s proposed approach to transposing PSD2 into UK law. The government received over 85 formal responses to the consultation. This response document summarises the content of these […]
The FCA has issued a second consultation paper on the implementation of PSD2. This follows one previous consultation paper issued in April 2017, which proposed a general approach to the changes incurred by PSD2. The scope of the current consultation includes new authorisation and registration forms to be used by payment and e-money institutions, as well […]
EACB, ESBG and EBF (the ‘Group’) make joint request to European parliament on the issue of third party interaction under psd2 and the need to reject ‘screen-scraping’
In a press release released today, the Group raised the issue: “how to organise efficient and future proof bank – third party (TPP) interaction under PSD2“. The Group made it clear that “imposing an upgraded screen scraping is contradicting all of these objectives and should be rejected to the benefit of consumer protection, innovation and […]
EBA has published the final guidelines under PSD2 on how to stipulate the minimum amount of PII cover or a comparable guarantee that undertakings intending to carry out payment initiation services or account information services should hold. EBA has made some changes from the consultative version of the guidelines. The guidelines cover: the risk profile […]
In a speech published on 30 June 2017, Alasdair Smith discussed: some of the implications of the Open Banking programme which the CMA launched and which is now well under way the implications of Open Banking for regulation the relationship between the CMA and the FCA
On 29 June 2017, the EBA published its opinion responding to the European Commission’s intention to amend the EBA’s draft Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication. In its Opinion, while agreeing with the aims sought in the EC’s amendments, the EBA voices its disagreement with three of the […]
EBA is consulting on draft RTS addressing how to determine whether there should be a central contact point under PSD2 and what the functions of that contact point should be. Host member states have the option to require ELMIs and PIs that passport in an establishment to appoint a local central contact point, so the […]
The Commission has written to the EBA explaining why it plans to amend the draft RTS under PSD2 on customer authentication and standards of communication. The key areas of change are: to ensure statutory audit of the risk analysis methodology; a new exemption to the application of strong customer authentication for certain corporate payments which […]
The EP has adopted a resolution on the influence of technology on the financial sector. The provisional version of the resolution focuses on the rapid development of applications of fintech technologies and notes that some may become of systemic importance. It looks at the benefits and risks of the developments and notes that some applications […]
We have written an article for Compliance Monitor on PSD2 and Open Banking, looking specifically at the role and future regulation of third party payment service providers.
On 23 February, EBA published its final draft RTS on strong customer authentication and common and secure communication under PSD2. EBA heralded the publication as having had to address “difficult trade-offs between the various, at times competing, objectives of the PSD2”. It received a huge number of responses to its consultation, which identified around 300 […]
At the same payments conference at which BoE spoke, Andrea Enria, Chair of EBA, spoke of EBA’s work on PSD2, specifically the technical standards it needs to produce. He noted there are 11 technical standards and guidelines to be produced, and that EBA has already consulted on over half of these. The most controversial is […]
Treasury is consulting on draft legislation to implement PSD 2 into UK law. The Government wants to finalise the legislation as early in 2017 as possible to give industry as much time as possible to make changes. The Government will, as usual, continue to work to implementation of all relevant EU measures and in principle, […]
The CMA has published responses to the publication of its draft order following the retail market investigation. The responding institutions include: Dansk Bank HSBC Information Commissioner’s Office Santander Tesco Which Some of the concerns raised in the responses address the proposal to introduce a monthly maximum charge in respect of unauthorised overdraft charges, the definition of […]
In August 2016 the CMA published the report on its market investigation into the supply of retail banking services. Following the proposals of that Report, the CMA has published a draft Retail Banking Market Investigation Order 2017 which includes measures that seek to drive the market towards ‘Open Banking’: using technology to provide customers with more control over their […]