Response to consultation on the Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC)

Go back

Question 1: Do you agree with the EBA’s assessments on KPIs and the calculation of uptime and downtime and the ASPSP submission of a plan to publishing statistics, the options that EBA considered and progressed or discarded, and the requirements proposed in Guideline 2 and 3? If not, please provide detail on other KPIs or calculation methods that you consider more suitable and your reasoning for doing so.

1. PKO Bank Polski feels concerned that publishing KPI’s and quarterly statistics on availability and performance of ASPSPs brings a new risk of this data being used by others to carry out, for example an attack on the host and evaluation of effectiveness of these attacks.
2. Additionally in paragraph 24 it is stated that CA should check the highest level of availability of any of the best performing PSU interfaces – according to the RTS on SCA the availability of users interface should not be worse than for clients of given ASPSP, not the best one possible.
3. Due to the fact that in majority of cases the mobile channel is a channel with lower usability in relation to the basic channel (which is online banking) in PKO Bank Polski view mobile channel does not indicate the availability of electronic banking for PSU. This is defined by the availability of the “master” channel, i.e. online banking. Therefore it is recommended to take into account the availability indicators of the selected channel, i.e. internet banking (unless that ASPSP is mobile-only).

Question 10: Do you agree with the level of detail set out in the draft Guidelines as proposed in this Consultation Paper or would you have expected either more or less detailed requirements on a particular aspect? Please provide your reasoning.

The level of detail seems insufficient specifically in the issue of how TPPs should identify themselves towards ASPSP before they start using fall back mechanism. PKO Bank Polski recommends that EBA or National Competent Authority should specify to the level of technical documentation the mechanism for TPP identity presentation towards ASPSP while using the fall back option. This should be prepared in time to implement the mechanism, if the waiver for not using fall back option is received, taking into account the dates required by RTS on SCA (i.e. March 2019 would be the latest preferable date).

Name of organisation

PKO Bank Polski SA