FCA agree to SCA delay due to a lack of market readiness

After intense lobbying from cross industry parties throughout Europe, the UK’s Financial Conduct Authority has agreed to delay EU mandated SCA payments regulations by more than 18 months, after warnings that the rules would strongly affect online sales.

New Strong Customer Authentication (SCA) rules, which will require most online payments to go through an extra level of verification to reduce fraud, are due to be introduced in September, but industry groups said that a lack of preparedness would make more than a quarter of payments impossible to complete.

In an update in June, the European Banking Authority rejected calls for a continent-wide grace period, arguing that companies had more than three years to prepare. But critics of the rules said certain key technical details were not confirmed until this year, and companies have turned to national regulators to plead for more time.

The FCA asked the trade group UK Finance to design an alternative timetable for the UK. Its final recommendations, which were agreed with major financial, retail and travel groups, were submitted to the regulator last Friday. The report said companies should have until March 2021 to implement most of the technical requirements, and a further six months to implement a more advanced form of authentication.

Companies in the hospitality and travel sector would receive an additional year to prepare because of the “incredibly complex” nature of their payment systems. The FCA, which was consulted throughout the design process, is expected to formally endorse the recommendations later this week.

Banks, tech groups and retailers had initially pinned their hopes on the EBA, Europe’s top banking regulator, for a transition period that would apply across the EU. However, it agreed only to let national regulators “provide limited additional time” on a local basis.

The UK Finance report notes that “due to the cross-border nature of payments, we strongly believe this issue requires an EU-wide solution”.

The Central Bank of Ireland agreed that local regulators should work together to avoid disruption. A spokesperson for the regulator said it “will continue to engage with the EBA and other National Competent Authorities in the European Union in relation to this issue, aiming to agree a harmonised approach to the migration time periods across the EU.”

A person involved in the process at another European regulator, including France, Italy and Denmark, said they were in “constant discussions” with counterparts, but cautioned that a coordinated timetable was not guaranteed, according to the FT.

Since this article was first published it has since been announced that the Central Bank of Ireland has followed the lead of the Bank of England and announced a delay to the roll out of Strong Customer Authentication (SCA) rules. Announcing the delay, the CBI states: “The Central Bank of Ireland recognises the difficulties with meeting this deadline. We have been engaging with the industry to develop a migration plan to implement SCA for e-commerce transactions, as soon as possible after this date.”