04 December 2018
The European Banking Authority (EBA) published today its final Guidelines on the conditions that account servicing payment service providers (ASPSPs) must meet in order to be exempted from the obligation to implement the fallback mechanism under the Regulation (EU) 2018/389 on strong customer authentication and common and secure communication (RTS on SCA&CSC). The Guidelines aim at providing clarity to ASPSPs and national competent authorities (CAs) regarding the elements that should be considered for the purpose of an exemption and at ensuring a consistent application of the conditions for an exemption across the 28 EU Member States.
These final Guidelines aim at specifying the conditions set out in Article 33(6) of the RTS, which must be met in order to be exempted from the obligation to implement the fallback mechanism. These conditions, which were included by the European Commission in the draft RTS submitted by the EBA, raised a number of practical questions and requests for clarifications by market participants. The Guidelines also clarify how CAs should consult the EBA, particularly in the crucial period leading up to the date of application of the RTS, on 14 September 2019.
Based on the feedback received during the consultation phase, the EBA has amended the draft Guidelines in a number of areas. In particular, as regards the involvement of TPPs in the exemption process, the EBA clarified that, for the purpose of the exemption, ASPSPs will need to show TPPs' involvement in the design and testing of their dedicated interfaces and provide the CA with the feedback they received from TPPs that have participated in the testing, together with an explanation of how the ASPSP has addressed any issues identified during the testing.
Furthermore, the final Guidelines clarify that in assessing whether an ASPSP fulfils the ‘wide usage' condition, CAs should take into account not only the number of TPPs that have used the ASPSP's production interface but also additional factors, including how much the interface has been used by TPPs, the steps that the ASPSP has taken to achieve ‘wide usage', the feedback received by the ASPSP from the TPPs that have participated in the testing and how any issues identified have been resolved.
With regard to the obligation for ASPSPs to publish data on the availability and performance of their interfaces, the final Guidelines clarify that ASPSPs should publish such data in a way that enables TPPs and payment service users (PSUs) to compare the daily availability and performance of the dedicated interface with those of the interfaces made available by the ASPSP to its own PSUs.
The EBA acknowledges that the timelines for meeting the conditions for an exemption are tight and, therefore, strongly encourages ASPSPs to start testing, to launch their production interfaces and to engage with their CA as soon as possible before the September 2019 deadline. While acknowledging that these Guidelines cannot address all issues that may possibly arise during the assessment process, both the EBA and CAs remain committed to continue supporting the industry to meet the timelines set by RTS and achieve the objectives of PSD2.
Legal basis and background
These Guidelines are issued in accordance with Article 16 of the EBA founding regulation and Article 33(6) of the RTS. The Guidelines specify the conditions that are set out in Article 33(6) of the RTS and that are to be met by ASPSPs that have opted for a dedicated interface in order to be exempted from the obligation to set up the contingency mechanism described in Article 33(4) of the RTS. The Guidelines further provide guidance on how CAs should consult the EBA for the purposes of the exemption in accordance with Article 33(6) of the RTS.