EBA Publishes Opinion On Implementation Of The RTS On Customer Authentication And CSC


Thursday, June 14, 2018   08.05AM / The European Banking Authority


The European Banking Authority (EBA) published yesterday two regulatory products, an Opinion and a Consultation Paper on draft Guidelines, to clarify a number of issues identified by market participants in relation to the regulatory technical standards (RTS) on strong customer authentication and common and secure communication (SCA and CSC), which will apply from 14 September 2019.


The Opinion focuses on the implementation of the RTS while the Consultation Paper proposes a pragmatic and consistent approach to the four conditions to be met to benefit from an exemption from the fallback option envisaged under Article 33(6) of the RTS.


The EBA will also extend its Single Rulebook Q&A tool to the revised Payments Services Directive (PSD2). With all these additional measures, the EBA aims at providing assistance to market participants for a smooth and transparent implementation of its RTS on SCA and CSC.


Given the cross-border nature of retail payments, the EBA and Competent Authorities have a shared interest in supporting the objectives of PSD2 of contributing to a single EU payments market, ensuring that these issues are addressed consistently across the EU and that the implementation period proceeds smoothly and transparently across the EU.


Market participants have approached the EBA and many Competent Authorities to seek further clarity on a number of issues that have emerged in the context of the implementation of the EBA RTS on SCA and CSC (Regulation (EU) 2018/389). 


Consultation Paper on draft Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) RTS on SCA & CSC

One issue that was brought to the EBA's attention relates to Article 33(6) of the RTS, which sets out the four conditions that an account servicing payment service provider (ASPSP) must meet when it wishes to provide access via a dedicated interface to be granted an exemption from the obligation to have a fallback option in place. Article 33(6) also requires Competent Authorities to consult with the EBA before granting such an exemption. 


The Consultation Paper on draft Guidelines provides clarity to the market and to Competent Authorities on the information to be considered for each of the four conditions in order to determine whether a request for the exemption meets the conditions in Article 33(6) of the RTS. In particular, the draft Guidelines aim at providing clarity for all parties involved (ASPSPs, Competent Authorities and the EBA) in a pragmatic way and allow Competent Authorities to carry out a speedy assessment, especially during the time when the bulk of the exemption requests will be received. 


Comments to these consultations can be sent to the EBA by clicking on the "send your comments" button on the consultation page. Please note that the deadline for the submission of comments is 13 August 2018.


All contributions received will be published following the close of the consultation, unless requested otherwise. A public hearing will then take place at the EBA premises on 25 July 2018 from 14:00 to 16:00 UK time.


Proshare Nigeria Pvt. Ltd. 


Opinion on the implementation of the RTS on SCA and CSC

The Opinion is addressed to Competent Authorities to convey the EBA's views in some pressing areas identified by the market and Competent Authorities, including on the exemptions to SCAs, consent, the scope of data sharing, and requirements for Application Programming Interfaces (APIs) and dedicated interfaces to take into account. For example, the Opinion explains that the ASPSP should not check the consent of the payment service user who has contracted with an account information service provider (AISP), payment initiation service provider (PISP) or card-based payment instrument issuers (CBPII) and that it is the ASPSP that applies SCA and decides whether or not to apply an exemption.


Also, the Opinion clarifies that when determining which method(s) to use for the purpose of carrying out the authentication procedure, the ASPSP needs to ensure that all methods of strong customer authentication offered to its customers can be supported when using the API.  


Interactive Single Rulebook and Q&A tool

Going forward, the EBA will provide further clarification on the interpretation of the RTS on SCA and CSC through its online Interactive Single Rulebook and Q&A tool, which will be extended to PSD2- related queries by the end of June. 


Legal basis and background

The EBA has published the consultation paper on the draft Guidelines in accordance with Article 16 of its Regulation (EU) No 1093/2010 of the European Parliament and of the Council, which requires the Authority to issue guidelines and recommendations addressed to Competent Authorities or financial institutions with a view to establishing consistent, efficient and effective supervisory practices, including, where appropriate, to conduct open public consultations.


The EBA has drafted the Opinion in accordance with Article 29(1)(a) of Regulation (EU) No 1093/2010 of the European Parliament and of the Council, which mandates the EBA to play an active role in building a common Union supervisory culture and consistent supervisory practices, as well as in ensuring uniform procedures and consistent approaches throughout the Union.


 Proshare Nigeria Pvt. Ltd.



Related Documents and Links

·   Opinion on the implementation of the RTS on SCA and CSC (EBA-2018-Op-04) [PDF, 188KB]

· Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC)

·   RTS on SCA & CSC



Proshare Nigeria Pvt. Ltd.



Related News

1.       Fintech Association Partners SEC On RoadMap For The Nigerian Capital Market

2.      The Nigerian Trading Online Report 2018 To Include Section on Regulatory Technology

3.      Nigeria’s Central Bank Mandates All Banks To Comply With Cybercrime Act 2015

4.      Machine Learning FICO Analytics Can Be Used By Lenders To Match Offers To Risk And Ability To Pay

5.      How The General Data Protection Regulation Will Affect Your Business

6.      ECB Publishes European Framework For Testing Financial Sector Resilience To Cyber Attacks

7.      2018 Nigerian Code of Corporate Governance: Sectorial Codes to Serve as Guidelines - FRC

8.     Landmark FHC Judgment On The Information Rights of Investors In The Nigerian Capital Market

9.      Finance and Accounting Outsourcing

10.  Judgment Delivered Against Plaintiff In First Nigerian Case on ATM Dispense Error

11.   Voluntary Membership of Trade Unions

12.  Executive Summary of Changes to CAMA

13.  Senate Passes New CAMA Bill into Law; Lists Seven Benefits

14.  New QCA Corporate Governance Code Provides The Answer For AIM Companies

15.   Fire Safety Compliances and Regulations

16.  Admissibility Of Evidence As It Relates To Electronic Devises, Social Media And Forensic Science

17.   New Requirements For Registration Of Charges (Form CAC8) Takes Effect April 3, 2018

18.  Court Approves Website Seizure and Anton Piller Order Against Online Copyright Piracy Platform



Related News