Response to consultation on the Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC)
Go back
◾is there a risk publishing the daily statistics?
◾When is the interface considered to be up again, after a period of downtime? How is this to be measured?
◾guidance needs to be available on how availability can be measured when the dedicated interface is not receiving requests.
◾how should partial availability impact the KPIs? how should partial availability be measured?
◾what is definition of a PSU interface? is each of the Netbanks a separate interface?
What is considered as an additional check on consent"?
The ASPSP is the source of trust, is a data controller in the chain and has a duty of care to their customers. How will consumers differentiate a trustworthy TPP approach from any old hack phishing for their on-line password?
Is it compliant if, during the SCA step, the ASPSP enables the PSU to approve the TPP’s access before the ASPSP proceeds with servicing the TPP’s request? This would include displaying to the PSU the type of access being requested and the duration, the data and accounts, with the possibility to select the accounts for which the access is granted."
More clarification needed what is widely used"?"
Question 1: Do you agree with the EBA’s assessments on KPIs and the calculation of uptime and downtime and the ASPSP submission of a plan to publishing statistics, the options that EBA considered and progressed or discarded, and the requirements proposed in Guideline 2 and 3? If not, please provide detail on other KPIs or calculation methods that you consider more suitable and your reasoning for doing so.
Yes agree but more clarification needed:◾is there a risk publishing the daily statistics?
◾When is the interface considered to be up again, after a period of downtime? How is this to be measured?
◾guidance needs to be available on how availability can be measured when the dedicated interface is not receiving requests.
◾how should partial availability impact the KPIs? how should partial availability be measured?
◾what is definition of a PSU interface? is each of the Netbanks a separate interface?
Question 2: Do you agree with the EBA’s assessments on stress testing and the options it considered and progressed or discarded, and the requirements proposed in Guideline 4? If not, please provide your reasoning.
yes, agreeQuestion 3: Do you agree with the EBA’s assessments on monitoring? If not, please provide your reasoning.
yes, agreeQuestion 4: Do you agree with the EBA’s assessments on obstacles, the options it considered and progressed or discarded, and the requirements proposed in Guideline 5? If not, please provide your reasoning.
More clarification needed.What is considered as an additional check on consent"?
The ASPSP is the source of trust, is a data controller in the chain and has a duty of care to their customers. How will consumers differentiate a trustworthy TPP approach from any old hack phishing for their on-line password?
Is it compliant if, during the SCA step, the ASPSP enables the PSU to approve the TPP’s access before the ASPSP proceeds with servicing the TPP’s request? This would include displaying to the PSU the type of access being requested and the duration, the data and accounts, with the possibility to select the accounts for which the access is granted."
Question 5: Do you agree with the EBA’s assessments for design and testing, the options it considered and progressed or discarded, and the requirements proposed Guideline 6? If not, please provide your reasoning.
yes, agreeQuestion 6: Do you agree with the EBA’s assessment for ‘widely used’, the options it considered and discarded, and the requirements proposed Guideline 7? If not, please provide your reasoning.
Yes, agree.More clarification needed what is widely used"?"