FAPI WG Meeting Notes (2017-06-06)
Date & Time: 2017-06-06 14:00 UTC
Location: GoToMeeting https://global.gotomeeting.com/join/321819862
The meeting was called to order at 15:00 UTC.
- Attending: John, Dave, ...
- Regrets: Nat (due to travel)
The EBA's final draft is here: https://www.eba.europa.eu/documents/10180/1761863/Final+draft+RTS+on+SCA+and+CSC+under+PSD2+%28EBA-RTS-2017-02%29.pdf
This draft includes their responses to feedback. FAPI sent the following feedback: https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/regulatory-technical-standards-on-strong-customer-authentication-and-secure-communication-under-psd2?p_p_auth=uy1W7oVC&p_p_id=169&p_p_lifecycle=0&p_p_state=maximized&p_p_col_id=column-2&p_p_col_pos=1&p_p_col_count=2&_169_struts_action=%2Fdynamic_data_list_display%2Fview_record&_169_recordId=1617559
You will notice in their feedback they ignore the issue of the confusion between authentication and authorisation.
The Commission has recently published a proposed amended version of the RTS: https://www.eba.europa.eu/documents/10180/1863077/RTSEBA24052017.pdf/0e8f0242-8964-473d-8495-184fec286519
The changes made in the amendment are detailed in this letter: https://www.eba.europa.eu/documents/10180/1806975/%28EBA-2017-E-1315%29%20Letter+from+O+Guersent%2C%20FISMA+re+Commission+intention+to+amend+the+draft+RTS+on+SCA+and+CSC+-Ares%282017%292639906.pdf/efbf06e1-b0e9-4481-88e5-b70daa663cb9
There is currently uncertainty as to whether the amended draft will be adopted. From a bank and TPP perspective here in the UK we believe that the amendments will have unintended consequences and will publish a letter shortly where we detail our concerns.
Further to the RTS (which is more about principles than technical standards) the Euro Retail Payments Board at the European Central Bank is working on actual technical standards to be promoted across the EU for PSD2. Their latest report is attached and it is from this report that we started consideration of CIBA to support "decoupled" flows.
FAPI also drafted a letter to the ERPB working group which I've also attached.
I'm happy to answer any questions the group may have regarding these documents. It is worth noting that in the UK, the Financial Conduct Authority and Her Majesty's Treasury have both endorsed the work of OpenBanking Ltd on the Open Banking Standard:
FCA Approach Doc 17.66: During the period before the SCA-RTS becomes applicable, the parties may find it helpful to take account of industry standards which are being developed as a result of the Competition and Markets Authority’s Open Banking Remedy
HMT Consultation on PSD2 6.10: The government, therefore, sees the PSDII implementing regulations as providing the legislative foundations on which the Open Banking API Standard then sits. Although APIs are only one method by which ASPSPs could provide the access to AISPs or PISPs mandated under the PSDII, the government believes a commonly utilized API framework will lead to greater competition in the retail banking and “third party” services market and better outcomes for payers and other end users.
On a final note, a number of the "CMA9" banks who are mandated to implement the Open Banking Standard have operations in other EU states (e.g. Danske, AIB, BOI) and my understanding is that they want to use the standard not only in the UK but for all their operations.
Hopefully, we will see increased adoption of FAPI over the coming months.
- Letter sent out.
- Draft report is out now. It does not include any solutions. Dave expects more chance to interact.