Menu Close

FCA Policy Statement – amendments to open banking identification requirements

FCA Policy Statement – amendments to open banking identification requirements

Background

  • On 3 November 2020, the Financial Conduct Authority (FCA) published its Policy Statement PS20/13 “Amendments to the open banking identification requirements (eIDAS certificate)”
  • On 4 September 2020, in CP20/18, the FCA had consulted on the proposal to amend Article 34(1) of the UK regulatory technical standards for strong customer authentication and secure communication (UK-RTS)
  • The FCA has now outlined its feedback to CP20/18 and confirmed near final rules to amend Article 34(1) of the UK-RTS, with minor changes to the proposal in CP20/18
  • This PS will affect:
    • firms that provide and maintain a payment account with online access for a payer (ASPSPs)
    • firms that provide online services that consolidate customers’ payment account data (AISPs)
    • firms that provide online services that allow users to initiate payments (PISPs)
    • firms that provide services that initiate card-based payments from payment accounts held by an ASPSP (CBPIIs)

Impacts

Under Regulation 106A of the Payment Services Regulations 2017 (the PSRs), from IP Completion Day, the FCA can make changes to the UK-RTS.

The FCA is amending Article 34 of the UK-RTS to require ASPSPs to accept at least one other electronic form of identification issued by an independent third party.  This is in addition to continuing to accept eIDAS certificates.

The Regulatory Technical Standards on strong customer authentication and common and secure communication (SCA-RTS) set out the standards of communication required and regulate access by third-party providers (TPPs) to customer accounts held with ASPSPs.

Timeline with relevant dates to be logged on regulatory calendar

  • All actions must be ended before IP Completion Day (11pm on 31 December 2020)

Next steps

Firms must assess whether they need to make any changes and implement them.

If your firm is an ASPSP, you need to assess the need for any changes in your systems and processes and implement any necessary changes as soon as possible ahead of IP Completion Day.

If your firm is a TPP and your eIDAS certificate is likely to be revoked, you must have an alternative certificate(s) as soon as possible ahead of IP Completion Day.

If anyone has specific questions or needs any advice, contact our specialists.t