Latest News

UK watchdog scraps 90-day reauthentication rule for Open Banking

By Alexandra Leonards

The Financial Conduct Authority (FCA) has revealed that customers will no longer need to reauthenticate with their account servicing payment service provider every three months as part of Strong Customer Authentication (SCA) rules.

Previously, customers were required to reauthenticate every 90 days to continue accessing account information through a third-party provider (TPP).

The regulator explained that the reauthentication process was one of the key barriers to the continued development and uptake of Open Banking because it creates friction for customers when using TPP services and “increases the likelihood of customers dropping off.”

However, SCA will continue to be required when customers first decide to connect their account to a third-party service, and TPPs will still need to reconfirm their customers’ consent every three-months.

“We consider that these measures are proportionate, taking into account the level of risk,” said the UK watchdog in a policy statement. “They balance the need to protect consumers from TPP access without explicit consent, and unwittingly sharing data, with reducing friction for customers."

The FCA identified the use of existing customer interfaces, or modified customer interfaces (MCIs), that are not specifically designed for TPPs to access customer account information, as another barrier to Open Banking.

“Many TPPs face operational difficulty when accessing customers’ payment accounts via MCIs,” added the authority. “This has discouraged them from serving customers whose account providers enable access through MCIs.”

The regulator now requires some account servicing payment service providers to have dedicated interfaces so that TPPs have access to customer account information for retail and SME payment accounts. Alongside this, rules on providing interface technical specifications, testing interfaces, and fallback interfaces by these payment service providers will be amended so that they can launch products and services more quickly.

Finally, the FCA said that it will allow account servicing payment service providers with a deemed authorisation under the Temporary Permissions Regime (TPR) to rely in the UK on an exemption from setting up a fallback interface granted by a home state competent authority located in the EU.

    Share Story:

Recent Stories

Barclays issued with $361m penalty

Toqio raises €20m in Series A funding round

Penfold launches Advisor Portal aimed at SMEs


Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

BANNER

BANNER

Beyond compliance: Transforming document management into a strategic advantage for financial institutions
In this exclusive fireside chat, John Rockliffe, Pre-Sales Manager at d.velop, discusses the findings of Adapting to a Digital-Native World: Financial Services Document Management Beyond 2025 and explores how FSIs can turn document workflows into a competitive advantage.

Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.

© 2019 Perspective Publishing     Privacy & Cookies