On 22 June 2018, the FCA issued a statement supporting the views expressed by the European Banking Authority (EBA) in an opinion and draft guidelines on the Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication under the revised Payment Services Directive (PSD2). The FCA adds that if the final version of the EBA guidelines is the same as the published draft, and subject to its own consultation process (expected this summer), it would expect to comply with it.
The FCA also sets out some issues account servicing payment service provders (ASPSPs) and third party providers of account information and payment initiation services (TPPs) should be aware of before it launches its consultation. These include:
- ASPSPs are encouraged to provide dedicated access to TPPs using secure application programming interfaces (APIs). Where standardised APIs, such as those developed by the Open Banking Implementation Entity, align with PSD2 requirements, the FCA encourages providers to use these as a basis for providing secure access to payment accounts;
- where ASPSPs do not opt to implement the dedicated interface, their interface must still meet various requirements under the RTS;
- all ASPSPs will need to make available technical specifications, and provide support and a testing facility by 14 March 2019; and
- the RTS does not allow the FCA to grant a partial exemption.
The EBA has also added the PSD2 to its online interactive Single Rulebook and Q&A tools.