[Openid-specs-fapi] EBA Regulatory Technical Standards

Wed Jun 7 14:52:48 UTC 2017

Hi John and FAPI list members,

Apologies my mic wasn't working on the call, but here is a quick update on
the Regulatory Technical Standards on Strong Customer Authentication for
PSD2.

The EBA's final draft is here:
https://www.eba.europa.eu/documents/10180/1761863/Final+draft+RTS+on+SCA+and+CSC+under+PSD2+%28EBA-RTS-2017-02%29.pdf

This draft includes their responses to feedback.
FAPI sent the following feedback:
https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/regulatory-technical-standards-on-strong-customer-authentication-and-secure-communication-under-psd2?p_p_auth=uy1W7oVC&p_p_id=169&p_p_lifecycle=0&p_p_state=maximized&p_p_col_id=column-2&p_p_col_pos=1&p_p_col_count=2&_169_struts_action=%2Fdynamic_data_list_display%2Fview_record&_169_recordId=1617559

You will notice in their feedback they ignore the issue of the confusion
between authentication and authorisation.

The Commission has recently published a proposed amended version of the RTS:
https://www.eba.europa.eu/documents/10180/1863077/RTSEBA24052017.pdf/0e8f0242-8964-473d-8495-184fec286519

The changes made in the amendment are detailed in this letter:
https://www.eba.europa.eu/documents/10180/1806975/%28EBA-2017-E-1315%29%20Letter+from+O+Guersent%2C%20FISMA+re+Commission+intention+to+amend+the+draft+RTS+on+SCA+and+CSC+-Ares%282017%292639906.pdf/efbf06e1-b0e9-4481-88e5-b70daa663cb9

There is currently uncertainty as to whether the amended draft will be
adopted. From a bank and TPP perspective here in the UK we believe that the
amendments will have unintended consequences and will publish a letter
shortly where we detail our concerns.

Further to the RTS (which is more about principles than technical
standards) the Euro Retail Payments Board at the European Central Bank is
working on actual technical standards to be promoted across the EU for
PSD2. Their latest report is attached and it is from this report that we
started consideration of CIBA to support "decoupled" flows.

FAPI also drafted a letter to the ERPB working group which I've also
attached.

I'm happy to answer any questions the group may have regarding these
documents.
It is worth noting that in the UK, the Financial Conduct Authority and Her
Majesty's Treasury have both endorsed the work of OpenBanking Ltd on the
Open Banking Standard:

FCA Approach Doc 17.66
<https://www.fca.org.uk/publication/consultation/cp17-11-draft-approach-document.pdf>
:
*During the period before the SCA-RTS becomes applicable, the parties may
find it helpful to take account of industry standards which are being
developed as a result of the Competition and Markets Authority’s Open
Banking Remedy*

HMT Consultation on PSD2 6.10
<https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/589023/implementation_of_revised_EU_directive.pdf>
:
*The government therefore sees the PSDII implementing regulations as
providing the legislative foundations on which the Open Banking API
Standard then sits. Although APIs are only one method by which ASPSPs could
provide the access to AISPs or PISPs mandated under the PSDII, the
government believes a commonly utilised API framework will lead to greater
competition in the retail banking and “third party” services market and
better outcomes for payers and other end users. *

On a final note, a number of the "CMA9" banks who are mandated to implement
the Open Banking Standard have operations in other EU states (e.g. Danske,
AIB, BOI) and my understanding is that they want to use the standard not
only in the UK but for all their operations.

Hopefully we will see increased adoption of FAPI over the coming months.

-- 
Dave Tonge
CTO
[image: Moneyhub Enterprise]
<http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
10 Temple Back, Bristol, BS1 6FL
t: +44 (0)117 280 5120

Moneyhub Enterprise is a trading style of Momentum Financial Technology
Limited which is authorised and regulated by the Financial Conduct
Authority ("FCA"). Momentum Financial Technology is entered on the
Financial Services Register (FRN 561538) at fca.org.uk/register. Momentum
Financial Technology is registered in England & Wales, company registration
number 06909772 © . Momentum Financial Technology Limited 2016. DISCLAIMER:
This email (including any attachments) is subject to copyright, and the
information in it is confidential. Use of this email or of any information
in it other than by the addressee is unauthorised and unlawful. Whilst
reasonable efforts are made to ensure that any attachments are virus-free,
it is the recipient's sole responsibility to scan all attachments for
viruses. All calls and emails to and from this company may be monitored and
recorded for legitimate purposes relating to this company's business. Any
opinions expressed in this email (or in any attachments) are those of the
author and do not necessarily represent the opinions of Momentum Financial
Technology Limited or of any other group company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20170607/8445eb59/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ERPB PIS 017-17 v1.0 Report ERPB WG on Payment Initiation Services (2).doc
Type: application/msword
Size: 389120 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20170607/8445eb59/attachment-0001.doc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: LettertoCo-ChairsoftheERPBPISIdentificationSG-FinalApproved (3).pdf
Type: application/pdf
Size: 136492 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20170607/8445eb59/attachment-0001.pdf>