On 1 March 2022, the FCA updated its guidance on Strong Customer Authentication (SCA) to support the transition requirement of the UK- RTS Article 10A exemption including reconfirmation of consent by AISPs (pursuant to Article 36(6)). This regulatory change comes into force on 26 March 2022. However, the FCA has provided the following updates: ASPSPs to apply the exemption as soon as possible after 26 March 2022 with a view to the widespread adoption of the exemption by 30 September 2022.TPPs to be technically ready to reconfirm customer consent under Article 36(6) of the SCA-RTS as soon as possible after 26 March 2022. However, they may choose not to reconfirm consent until 30 September 2022 provided that SCA is applied at least every 90 days during that period. The OBIE is supportive of these changes which we believe will minimise disruption to consumers and SMEs as the industry prepares to implement these changes.
The FCA has today published here its PS 21/19 (“policy statement”) for “Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual” . This document proposed a number of modifications including to Article 10 of the UK- RTS, by replacing the requirement for the PSU to re-authenticate with their ASPSP every 90 days to allow AISP access with the requirement for the PSU to reconfirm their consent with their AISP directly. The OBIE will review the policy statement over the course of the next few days and decide on next steps including, for example, whether any changes are required to the Customer Experience Guidelines. We will, of course, keep open banking participants informed.
The uncertainty surrounding the UK’s withdrawal from Europe is having repercussions for some firms operating within the Open Banking ecosystem. In order to remain part of Open Banking these EEA participants will need to ensure that they have made a Temporary Permissions Regime (TPR) notification to the Financial Conduct Authority (FCA) by 11 April 2019. In the event of a no implementation period when the UK withdraws from the EU, the UK will be deemed a ‘third-country’ by the latter, meaning EEA firms will no longer be able to passport into the UK. The TPR was created in 2018 by the FCA to help firms that passport into the UK (including banks, payment and e-money institutions) to continue operating if the passporting regime falls away abruptly during this period. What you need to do As an EEA firm, you will need to notify the FCA of your intention to apply under the TPR by the date specified above. This will give you permission on a temporary basis, reflecting your passporting permission pre-Brexit. This permission will be in place for a maximum of three years within which time you will be required to obtain authorisation or recognition in the UK. Consumer Protection Firms will be expected to comply with FCA requirements from Day 1 in order to maintain an adequate level of consumer protection. For more information please refer to the dedicated FCA page on the TPR . How To Apply A TPR application can be made via the FCA Connect service. The User Guide link is below: https://www.openbanking.org.uk/wp-content/uploads/2021/04/temporary-permission-notification-connect-guide-funds.pdf NB: Treatment of Gibraltar-based firms is unchanged. – – – ENDS – – – For further information, please contact: ServiceDesk@openbanking.org.uk – for Technical enquiries press@openbanking.org.uk – for Media enquiries About Us Open Banking is a new, secure way for customers to take control of their financial data and share it with organisations other than their banks. Open Banking has the power to revolutionise the way we move, manage and make more of our money. For businesses, it is about making the management of cashflow and receiving payments cheaper and easier. Open Banking will make things simpler, faster and more convenient. Open Banking follows the Competition & Markets Authority (CMA) investigation into the supply of personal current accounts (PCAs) and of banking services to small and medium-sized enterprises (SMEs). Open Banking was created to enable innovation, transparency and competition in UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures and security architectures that will enable developers to harness technology, making it easy and safe for individuals and SMEs to share the financial information held by their banks with third parties. Open Banking will bring substantial benefits. It gives customers and SMEs greater market choice and greater control over their money and associated data, along with better and easier access to new financial services providers in a secure environment. Notes to Editors: 1. Open Banking Ltd was set up by the Competition & Markets Authority (CMA) in September 2016 to fulfil one of the remedies mandated by the CMA following an investigation into UK retail banking. 2. The CMA’s investigation into the retail banking market (whose findings were published in August 2016) concluded that older and larger banks do not compete hard enough for customers’ business and that Open Banking should deliver a new, secure option for customers to be able to compare the deal they are getting from their bank. 3. Open Banking was created to enable innovation, transparency and competition to UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures and security architectures that will make it easy and safe for customers to share their financial records by January 2018. 4. The data provided by Open Banking will enable developers to harness technology that allows individuals and businesses to share their financial records held by their banks with third parties. 5. Open Banking is a private body; its governance, composition and budget was determined by the CMA. It is funded by the UK’s nine largest current account providers and overseen by the CMA, the Financial Conduct Authority and Her Majesty’s Treasury. 6. The 9 mandated institutions (referred to as the CMA9) are: Barclays plc, Lloyds Banking Group plc, Santander, Danske, HSBC, RBS, Bank of Ireland, Nationwide and AIBG.
There are four significant changes taking place in March in relation to the UK’s Open Banking project and PSD2, the European legislation aimed at increasing pan-European competition and participation in the payments industry. Adoption of the Open Banking Standard Firstly, the managed roll out of the latest version of the Open Banking Standard begins this month from the mandated 9 banks (CMA9). To be specific, this means that the CMA9 are now in the process of uplifting their production APIs to version 3.1 of the Read/Write API Specifications for both personal and business current accounts. This managed roll out is expected to take place over the next month, and will include the implementation of Mobile App authentication. The introduction of Mobile App authentication is expected to deliver a significant improvement to customer experience as well as accelerate customer adoption of both account information and payment initiation services. Importantly, this is also a significant step towards achieving full PSD2 implementation across the mandated banks and building societies. Introduction of eIDAS Certificates The Open Banking Directory (https://www.openbanking.org.uk/providers/directory/) has been further developed and upgraded and is now able to auto-enrol regulated entities via an API through the use of eIDAS certificates. Other enhancements include the introduction of APIs for all Directory services, which will facilitate automation for discovery, on-boarding and certificate/key management. Testing Facility Open to Third Parties All Account Providers in the UK and Europe who are applying to their Competent Authority for a ‘fallback exemption’ are required to make their API testing facility available to third parties. The regulatory requirements for these facilities (or “Sandboxes”) are explained in detail in the Operational Guidelines we have produced (https://www.openbanking.org.uk/wp-content/uploads/2021/04/Operational-Guidelines.pdf). This further supports the journey towards PSD2 compliance, enabling third parties to develop and test their propositions prior to launch across other account providers and for all PSD2 in-scope accounts. Managed Conversion and Launch Assistance Programme We have begun the roll out of our Managed Conversion and Launch Assistance (MCLA) programme. This is a managed service for all account providers and third parties enrolled with OBIE, designed to help facilitate testing, using either production APIs (i.e. live proving) and/or testing facilities (i.e. pre-live testing). This is a critical service which should speed up the growth of the ecosystem and deliver better outcomes for all Open Banking participants, and ultimately end customers. Imran Gulamhuseinwala OBE, Trustee of the Open Banking Implementation Entity, said: “The initiatives outlined above will further accelerate the potential Open Banking has to revolutionise the way people move, manage and make more of their money. Whilst the changes outlined above are technical in nature, they are strategically significant in the importance they will play in ultimately providing people with great new products and services, supported by enhanced customer experience. There are some important features due to be launched in due course, including biometric authentication, which we believe will make Open Banking even easier for customers whilst equally as secure. However, not all the banks are able to move at the same pace in launching these features and consequently I am now in discussions with the CMA regarding the appropriate action to take against those banks who will miss agreed delivery dates as detailed on the Roadmap.” “However, as we enter the final six months of our delivery programme, we remain excited by the growth and maturity we see emerging across the global ecosystem and the commitment shown by the diverse players who are working powerfully together to fully optimise this transformative opportunity.” – – – ENDS – – – For further information, please contact: press@openbanking.org.uk About Us Open Banking is a new, secure way for customers to take control of their financial data and share it with organisations other than their banks. Open Banking has the power to revolutionise the way we move, manage and make more of our money. For businesses, it is about making the management of cashflow and receiving payments cheaper and easier. Open Banking will make things simpler, faster and more convenient. Open Banking follows the Competition and Markets Authority (CMA) investigation into the supply of personal current accounts (PCAs) and of banking services to small and medium-sized enterprises (SMEs). Open Banking was created to enable innovation, transparency and competition in UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures and security architectures that will enable developers to harness technology, making it easy and safe for individuals and SMEs to share the financial information held by their banks with third parties. Open Banking will bring substantial benefits. It gives customers and SMEs greater market choice and greater control over their money and associated data, along with better and easier access to new financial services providers in a secure environment. Notes to Editors: 1. Open Banking Ltd was set up by the Competition & Markets Authority (CMA) in September 2016 to fulfil one of the remedies mandated by the CMA following an investigation into UK retail banking. 2. The CMA’s investigation into the retail banking market (whose findings were published in August 2016) concluded that older and larger banks do not compete hard enough for customers’ business and that Open Banking should deliver a new, secure option for customers to be able to compare the deal they are getting from their bank. 3. Open Banking was created to enable innovation, transparency and competition to UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures and security architectures that will make it easy and safe for customers to share their financial records by January 2018. 4. The data provided by Open Banking will enable developers to harness technology that allows individuals and businesses to share their financial records held by their banks with third parties. 5. Open Banking is a private body; its governance, composition and budget was determined by the CMA. It is funded by the UK’s nine largest current account providers and overseen by the CMA, the Financial Conduct Authority and Her Majesty’s Treasury. 6. The 9 mandated institutions (referred to as the CMA9) are: Barclays plc, Lloyds Banking Group plc, Santander, Danske, HSBC, RBS, Bank of Ireland, Nationwide and AIBG.