PS21/19: Changes to the SCA-RTS and to guidance in the Approach Document and the Perimeter Guidance Manual

Open consultation
Consultation closed (for questions 5 and 6 relating to contactless payments)
Consultation closed
Policy Statement

We set out final rules for Regulatory Technical Standards on Strong Customer Authentication and Secure Communication (SCA-RTS). We also set out amendments to ‘Payment Services and Electronic Money – Our Approach’ (Approach Document, AD) and the Perimeter Guidance Manual (PERG).

Read PS21/19 (PDF) Read our Approach Document (PDF)

Why we are changing 

The proposed SCA-RTS amendments will help remove barriers to continued growth, innovation and competition in the payments and e-money sector, in particular for open banking. In addition, amendments to guidance in our AD and PERG aim to make the sector more resilient and protect consumers if firms fail. They also consolidate our expectations for firms and provide further clarity for industry.

Who this applies to 

This list is not exhaustive but includes: 

  • payment institutions (PIs), e-money institutions (EMIs) and registered account information service providers (RAISPs)  
  • credit institutions providing payment services and/or issuing e-money  
  • retailers  
  • consumers, consumer groups and micro-enterprises  
  • credit unions  
  • those involved in open banking initiatives  
  • businesses providing payment services under exclusions of the Payment Services Regulations 2017 (PSRs)/ Electronic Money Regulations 2011 (EMRs)

Background to our approach

In our 2020/2021 Business Plan, we identified the payments sector as a priority for the next 3 years. Our work intends to make sure: consumers transact safely with payment firms; payment firms meet their regulatory obligations while competing on quality and value; and consumers and SMEs have access to a variety of payment services.

Next steps 

ASPSPs offering personal payment accounts in the scope of the PARs, equivalent payment accounts held by SMEs and credit card accounts operated for consumers or SMEs will need to have a dedicated interface in place no later than 18 months after the rules come into force. We strongly encourage ASPSPs to apply the new exemption from the obligation to carry out SCA as soon as practicable after it has come into effect.

TPPs will need to reconfirm customer consent under Article 36(6) of the SCA-RTS no later than 4 months after the rules come into force.

Page updates

: Publication added
: Information changed Consultation closed
: Information added Update: April 2021
: Editorial amendment Email address corrected