On 29 November 2021, the Financial Conduct Authority (FCA) published Policy Statement 21/19 ‘Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual’ (PS21/19).
PS21/19 includes changes to the technical standards on strong customer authentication and secure communication (SCA-RTS) which include:
A new SCA exemption permitting customers not to reauthenticate with their account servicing payment service provider (ASPSP) every 90 days when accessing their account information through a third-party provider (TPP). TPPs will only need to reconfirm customers’ consent, not SCA, every 90 days.
Requiring certain ASPSPs to provide dedicated interfaces to enable TPP access to customer account information for retail and SME payment accounts.
Amending requirements on providing interface technical specifications, testing interfaces and fallback interfaces by ASPSPs intended to let ASPSPs innovate and launch products and services more quickly.
Allowing ASPSPs with a deemed authorisation under the Temporary Permissions Regime (TPR) to rely in the UK on an exemption from setting up a fallback interface granted by an EU competent authority.
PS21/19 focuses also on FCA’s approach to payment services and e-money (AD) and its Perimeter Guidance Manual (PERG) to respectively:
Clarify its expectations of firms and provide further guidance regarding prudential risk management, safeguarding of customer funds and regulatory reporting
Update PERG to provide additional guidance on certain exclusions from the Payment Services Regulations (PSRs) and Electronic Money Regulations (EMRs)
This policy statement is applicable to entities such as payment institutions, e-money institutions and registered account information service providers, credit institutions providing payment services and/or issuing e-money retailers, those involved in open banking initiatives.