Regulatory

Key background information and documentation to help you keep up to speed on regulatory and conformance requirements in the open banking ecosystem. 

regulatory

background

In 2016, the Competition and Markets Authority (CMA) published a report on their investigation into competition and innovation in the retail banking industry. They found that big banks dominated the market and consumers and small businesses would benefit from increased competition.

To remedy this, the CMA and UK government mandated nine of the largest banks to implement common standards for open banking. This would ensure that there were standard APIs that allow customers to securely share their financial data or safely initiate transactions. Trusted companies could use these APIs to offer new innovative services to customers and SMEs increasing competition.

You can see the original Order and subsequent regulatory documents below.

The open banking roadmap

On 15th May 2020, the revised Roadmap was published following a comprehensive and structured consultation process that we managed at the instruction of the Trustee.

The process included two distinct phases of consultation, open workshops and the assessment of over 75 pieces of feedback, received from a cross-section of stakeholders including the CMA9, non-CMA9 banks, third party providers and end user representatives.

View the final approved roadmap 

Useful documents

The CMA Order – Retail Banking Market Investigation Order 2017 

The CMA Order established appropriate remedies to address a lack of competition in the UK retail banking market. This included a requirement for the nine largest banks and building societies in Great Britain and Northern Ireland to adopt open banking. 

Download

The CMA’s recommendations on the future arrangements for open banking and the Joint Regulatory Statement

The CMA has today published its response on the next steps for open banking across several key areas including monitoring, regulatory oversight, resourcing, sustainability, leadership and representation. Alongside the CMA’s consultation response, HMT, FCA, PSR and CMA have published a Joint Regulatory Statement providing further clarity to the open banking ecosystem on the government’s and regulators’ ambition for open banking and its extension into open finance and other sectors.

Revised Payment Service Directive (PSD2) and The Payment Services Regulations 2017 (PSRs)

PSD2 is an EU directive which came into force in January 2018. PSD2 is aimed at driving innovation, competition and improvement of customer protection and payments security with the payment services industry.  

For open banking, this means a focus on attracting new account information service providers (AISPs), payment initiation service providers (PISPs) and card-based payment instrument issuers (CBPIIs). They also need access to online payment accounts at account servicing payment service providers (ASPSPs) to provide their services to customers. 

Read more 

The PSRs are the transposition of PSD2 into UK Law – Download 

Regulatory Technical Standards for Strong Customer Authentication and Common and Secure Open Standards of Communication (RTS-SCA

RTS-SCA describes the technical specifications required for the technical implementation of the security principles in PSD2. 

Read more

UK regulatory technical standards for strong customer authentication and secure communication (UK-RTS)

Following Brexit, on 30 December 2020 at 23:00, the UK- RTS came into effect as legislation replacing the SCA- RTS in the United Kingdom.

Technical standards on strong customer authentication and common and secure methods of communication instrument 2020 – Download

FCA updates guidance on 90-day Strong Customer Authentication

On 1 March 2022, the FCA updated its guidance on Strong Customer Authentication (SCA) to support the transition requirement of the UK- RTS Article 10A exemption including reconfirmation of consent by AISPs (pursuant to Article 36(6)).

This regulatory change comes into force on 26 March 2022. However, the FCA has provided the following updates: 

ASPSPs to apply the exemption as soon as possible after 26 March 2022 with a view to the widespread adoption of the exemption by 30 September 2022.

TPPs to be technically ready to reconfirm customer consent under Article 36(6) of the SCA-RTS as soon as possible after 26 March 2022. However, they may choose not to reconfirm consent until 30 September 2022 provided that SCA is applied at least every 90 days during that period.

We support these changes which we believe will minimise disruption to consumers and SMEs as the industry prepares to implement these changes.

Other regulatory guidance

FCA Approach – details the FCA’s role under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011. Download 

FCA Policy Statement PS 18/24 – Approach to final Regulatory Technical Standards and EBA guidelines under PSD2. Download 

The European Banking Authority opinion on regulatory technical standards implementation on SCA and CSC. Download  

EBA report on conditions to benefit from an exemption from the contingency mechanism under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC). Download 

eIDAS

In November 2020, the FCA published a Policy Statement relating to amendments to the open banking identification requirements (eIDAS certificates). This document outlines the amendments to Article 34(1) of the UK RTS in respect of digital certificates, including the requirements for the transition period for the use of alterative certificates.

Amendments to the open banking identification requirements (eIDAS certificates) – Download

Brexit & Temporary Permissions Regime

As a result of Brexit, EEA regulated firms wishing to provide payment services in the UK were required to notify the FCA under the Temporary Permission Regime (“TPR”).

Temporary permissions regime – read more

Changes to the SCA-RTS and to the guidance in
‘Payment Services and Electronic Money

On 28 January 2021, the FCA published its consultation on the proposed changes to the UK RTS, the FCA approach document and Perimeter Guidance Manual. This consultation closed on 14 May 2021 and the policy statement is expected to be published in Autumn 2021.

FCA consultation paper – Download