FCA publishes changes to 90-day reauthentication rules


The FCA has today published here its PS 21/19 (“policy statement”) for “Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual” . This document proposed a number of modifications including to Article 10 of the UK- RTS, by replacing the requirement for the PSU to re-authenticate with their ASPSP every 90 days to allow AISP access  with the requirement for the PSU to reconfirm their consent with their AISP directly.

The OBIE will review the policy statement over the course of the next few days and decide on next steps including, for example, whether any changes are required to the Customer Experience Guidelines.  We will, of course, keep open banking participants informed.