It is a big day for payments regulation as a policy statement from the FCA makes some important changes including:
Strong customer authentication
- A new Article 10A exemption meaning that ASPSPs will not need to apply SCA every 90 days when customers access their account information via an AISP. The rule comes into force on 26 March 2022 and AISPs will need to reconfirm customer consent under Article 36(6) SCA-RTS within four months from then.
- Some ASPSPs must provide dedicated interfaces within 18 months (i.e. 26 May 2023) to enable third party provider access to customer account information for retail and SME payment accounts.
- On inherence, the FCA confirms that it considers the relevant EBA guidance to be unnecessarily restrictive because it is limited to physical aspects of the body. In the FCA’s view, behavioural characteristics may constitute a valid inherence element.
- In response to ipagoo, the FCA has made some changes to its guidance on safeguarded funds to remove references to trusts including from its template acknowledgement letter. The FCA notes it is appealing the High Court’s decision and that it may issue further guidance on this issue in the future.
- Changes to PERG have also been made to clarify the scope of the limited network exclusion and electronic communications exclusion under the PSRs and EMRs.
The proposed SCA-RTS amendments will help remove barriers to continued growth, innovation and competition in the payments and e-money sector, in particular for open banking.