UK Regulator Publishes Final Technical Standards on Strong Customer Authentication in the Event of a No-Deal Brexit

The U.K. Financial Conduct Authority has published a Policy Statement, final Technical Standards and changes to the Handbook rules on strong customer authentication and common and secure open standards of communication to be applicable when the U.K. leaves the EU. The FCA consulted on the proposed SCA RTS in early 2019 when the U.K. was due to leave the EU on March 29, 2019, and before the EU SCA Regulatory Technical Standards application date. Since then, Brexit has been extended and the EU SCA RTS has applied directly across the EU since September 14, 2019. As a result, the EU SCA RTS would be onshored into U.K. law under the Withdrawal Act. However, in preparation for a no-deal Brexit, the U.K. Payment Services Regulations would require firms to apply the U.K. SCA RTS. As a result, the EU SCA RTS would be revoked and the FCA's SCA RTS will apply in the U.K. in the event of a no-deal Brexit.

The EU SCA RTS (Commission Delegated Regulation (EU) 2018/389) impose obligations on PSPs to increase the security of customers' payments made by card and other means and set out requirements on account servicing payment service providers (ASPSPs) relating to the third party providers of Account Information Services and Payment Initiation Services. The U.K. SCA RTS are substantially similar to the EU SCA RTS, with amendments to reflect the U.K.'s position outside of the EU.

View the FCA's Policy Statement (PS19/26) and the final Technical Standards.

View details of the FCA's consultation.

Return to main website.