Question to the HM Treasury:

To ask Her Majesty's Government what plans they have to remain closely aligned to any new EU security regulations for online banking transactions after Brexit.

The Strong Customer Authentication Regulatory Technical Standards (“the SCA RTS”), which are intended to reduce fraud and increase payments security, came into force on 14 March 2018 in EU law. The majority of its provisions will apply from 14 September 2019, and will apply in full in the UK.

The EU (Withdrawal) Act (“the Act”) will bring into UK law all directly applicated EU regulations which are operative at exit day, as defined by the Act, or at the end of the proposed Implementation Period if the withdrawal agreement reached between the Government and the EU is ratified. This includes operative Regulatory Technical Standards (RTS). The Act also permits ministers to make amendments which correct deficiencies in these regulations, if that is necessary to ensure they operate effectively in the UK.

The Financial Regulators’ Powers (Technical Standards etc.) (Amendment etc.) (EU Exit) Regulations 2018, made under the Act, delegated responsibility for fixing deficiencies in the SCA RTS to the FCA. Under the Electronic Money, Payment Services and Payment Systems (Amendment and Transitional Provisions) (EU Exit) Regulations 2018, the FCA is also the competent authority for the SCA RTS after EU Exit.

The FCA consulted on its approach to the SCA RTS after the UK has left the EU (see CP18/44, published on 19 December 2018). It proposes to substantially maintain these technical standards in UK law, to support consumer protection and to provide firms with certainty and clarity about the systems they have been building.