Response to public hearing on the Consultation paper on the amendment of the RTS on SCA&CSC under PSD2

Go back

Q1. Do you have any comments on the proposal to introduce a new mandatory exemption for the case when the information is accessed through an AISP and the proposed amendments to Article 10 exemption?

Yes, there should not be any exemption and if there is finally an exemption, banks and other actors should let the possibility for the user to choose to be exempted or not (on an opt-out policy). You regulators should not bend before financial institution given the amount of cybersecurity incident that could and are being avoided with MFA.

Q2. Do you have any comments on the proposal to extend the timeline for the renewal of SCA to 180-days?

Yes, this should not be extended, and if it is extended it should be configurable by the customer

Q3. Do you have any comments on the proposed 6-month implementation timeline, and the requirement for ASPSPs to make available the relevant changes to the technical specifications of their interfaces not less than one month before such changes are required to be implemented?

WHAT TYPE OF INSTITUTION OR STAKEHOLDER DO YOU REPRESENT?

consumers and consumers' associations

Name of the organization

Unknown

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre