CP18/44: Brexit – Regulatory Technical Standards for Strong Customer Authentication and Common and Secure Open Standards of Communication

Open consultation: CP18/44
19/12/2018
Consultation closes
19/02/2019
19/02/2019
Consultation feedback and final rules
May 2019

In this Consultation Paper we propose to make regulatory technical standards for strong customer authentication and common and secure open standards of communication, which will apply in the UK from 14 September 2019 in the event of a no-deal exit by the UK from the EU.

Read CP18/44 (PDF)

Earlier in the year in CP18/25 we consulted on our proposals for implementing the requirements of the revised Payment Services Directive (PSD2) and associated European Banking Authority (EBA) regulatory technical standards and guidelines, including the regulatory technical standards for strong customer authentication and common and secure open standards of communication (SCA-RTS).

Today we publish PS18/24 that sets out our final approach to these standards and guidelines.

This consultation paper addresses the separate issue about European Union (EU) withdrawal, and how we propose to make technical standards substantially the same as the SCA-RTS if there is no withdrawal agreement following the UK’s departure from the EU.

Why we are consulting

A number of provisions of the SCA-RTS are effective from 14 March 2019, including the requirement to make testing facilities available if providing access to account information or payment initiation service providers. The remainder of the SCA-RTS will take effect on 14 September 2019.

On 29 March 2019, the UK will leave the EU. If the UK leaves the EU without a withdrawal agreement (a ‘no-deal exit’), the SCA-RTS will be left partially converted into UK law. This would leave a gap in the UK’s regulatory framework, causing potential disruption and considerable regulatory uncertainty. Despite the investments made by banks and other payment service providers to meet the 14 March 2019 deadline, consumer protections for the security and safety of payments would be at risk.

In our consultation paper, we propose to make regulatory technical standards for strong customer authentication and common and secure open standards of communication. These standards will be substantially the same as the SCA-RTS, and will apply in the event of a no-deal exit.

Who this applies to and who should read the consultation

This consultation applies to all payment service providers, including banks, building societies, e-money issuers, payment institutions, registered account information service providers and payment initiation service providers.

The consultation will also be of interest to consumer bodies and relevant trade bodies, retailers, consumers, micro-enterprises and those involved in open banking initiatives.

What you need to do

Please send us your comments by 19 February 2019.

Online response form

You can also:

  • email your responses to [email protected]
  • write to: Banking & Payments Policy, Strategy & Competition Division, Financial Conduct Authority, 12 Endeavour Square, London E20 1JN