On 1 March 2022, the FCA updated its webpage on strong customer authentication (SCA) so that it includes commentary on the SCA reauthentication exemption. If an account servicing payment service provider (ASPSP) adopts the exemption it means customers will not need to reauthenticate when they access their account information through a third party provider (TPP). Instead, TPPs will be required to obtain explicit consent from customers at least every 90 days.

The FCA strongly encourages ASPSPs to apply the exemption as soon as possible after the changes to the onshored  Regulatory Technical Standards on Strong Customer Authentication and Secure Communication (SCA-RTS) has come into effect on 26 March 2022 with a view to the widespread adoption of the exemption by 30 September 2022.

The FCA expects TPPs to be technically ready to reconfirm customer consent under Article 36(6) of the SCA-RTS as soon as possible after 26 March. However, up to 30 September 2022 the FCA will not object if TPPs do not reconfirm customer consent, provided that SCA is applied at least every 90 days during that period. This is to limit the risk of consumer disruption and to ensure that either SCA has been applied or re-consent obtained in any 90-day period.