If you’ve read the previous tomes in this series, you’ll know that the FCA’s proposed change to the 90-day reauthentication requirement will have significant positive impact on the industry – and why this course correction is good for the competitive landscape and fintech innovation. You’ll also already know the context for how the rules combining secure customer authentication (SCA) and the 90-day rule are mired in a conflicting quagmire that does nothing to materially improve customer security and access to open banking value propositions. Not to mention, you’ll already be familiar with how SCA and 90-day do nothing to further the PSD2 objectives to improve innovation, promote competition, and secure consumers better financial outcomes; in fact, it does the just the opposite as it dooms PSD2 to a political failure rather than an innovation triumph.
The Detrimental Impact of 90D Reauth & SCA on Fintech, the Market, & End Customers
Secure Customer Authentication (SCA), combined with the requirement for end-users to reauthenticate every 90 days, is meant to provide a secure and reliable way for consumer to connect their bank accounts to regulated fintech services. Or at least that was the intention when it was enshrined in law as part of PSD2’s Regulatory Technical Standards (RTS). But the road to Hell is paved with good intention, and the path that SCA and the 90 Day Reauth rule have created has been chthonic at best, and hellish at worst: the entire Open Banking market has suffered from lost revenues, lost opportunities, and less innovation with fewer value propositions brought to market because of it.
Opposing Forces: The PSD2 Secure Customer Authentication & Regulatory Technical Standards Quagmire
If you use any fintech product that relies on data from your primary bank account, you will have navigated Secure Customer Authentication (SCA) processes. You will also have run into the 90 Day Reauthentication requirement that demands you confirm you want the fintech to have access to your bank account data, while at the same time re-navigating SCA and consent mechanisms. These two components are part of PSD2’s regulatory technical standards. They’re also the finicky bits that are killing PDS2’s ability to deliver competition, innovation, and better customer outcomes to the EU and UK markets.
UK BEIS Cross Sector Options Feedback.
Thank you for the opportunity to respond to the BEIS Smart Data Cross Sector Options. The Financial Data and Technology Association (FDATA) has a vested interest how the HMG’s Smart Data initiative is delivered to market, as our members provide valuable digital financial services under Open Banking, and they will continue to serve UK residents with expanded value propositions as Open Finance begins rolling out across the market. FDATA is on the side of consumers, innovation, and competition; we welcome HMG’s willingness to orchestrate the initiative.
In regards to BEIS’ note on creating opportunities for wider collaboration within the ecosystem, FDATA strongly suggests engaging the capabilities housed in the Global Open Finance Centre of Excellence (GOFCoE), to whom BEIS awarded an innovation grant in 2020. GOFCoE has built a Global Open Finance Technical Working Group focused on establishing harmonised and interoperable international technical standards; along side this is a Consumer Data Protection Unit, an Economic Observatory, an Economic Crime unit, and an Innovation Sandbox. All of these capabilities align with the sort of support the Smart Data Initiative would require. We strongly encourage BEIS to identify other potential ecosystem resources that would contribute to enhanced cooperation.
FDATA – OBIE VRP & Sweeping Phase 2 Consultation Response
Please provide feedback on the following points:
The need for VRP/Sweeping – why it is so much better than any other option for the customer – control, transparency, flexibility, speed, etc.
Why this cannot be limited to 2 way sweeping, as this rules out many use cases which offer the most value to customers (eg. sweeping into non-current accounts)
How the risks that are being raised by some during the consultation are either nothing to do with VRP or significantly reduced by VRP, and why VRPs actually offer customers better outcomes
How sweeping providers will use smart/ethical AIS algorithms and tight/right sized VRP parameters to only sweep money the customer can afford – and why it’s 100% aligned to their business model to protect the customer this way
How, as regulated parties, TPPs are required to manage risk and look after customers, including if they have complaints
FDATA Response to HM Treasury’s Financial Services Future Regulatory Framework Review
On behalf of the membership of FDATA Europe, please find our response to the questions set forth in the Financial Services Future Regulatory Framework Review, Phase II Consultation.
FDATA Europe Response to FCA’s Quarterly Consultation 29 CP20-18 Chapter 3: Proposal to amend the open banking identification requirements (eIDAS certificates)
On behalf of the membership of FDATA Europe, please find our response to the Quarterly Consultation 29 CP20-18, specifically Chapter 3: Proposal to amend the open banking identification requirements (eIDAS certificates) below.