Request for exemption from the obligation to set up a contingency mechanism (SUP 15C Annex 1D)

Similar documents
Joint Initiative on a PSD2 Compliant XS2A Interface NextGenPSD2 XS2A Framework Operational Rules

Open Banking Operational Guidelines

NextGenPSD2 Conference 2017

Authentication (Strong Customer Authentication)

FIDO Alliance Response to the European Banking Authority (EBA)

Strong Customer Authentication and common and secure communication under PSD2. PSD2 in a nutshell

Open Banking Consent Model Guidelines. Part 1: Implementation

Consent Model Guidelines

Slovak Banking API Standard. Rastislav Hudec, Marcel Laznia

PSD2 open banking for Prepaid Programme Managers. Implications and Requirements

FIDO & PSD2. Providing for a satisfactory customer journey. April, Copyright 2018 FIDO Alliance All Rights Reserved.

PSD2/EIDAS DEMONSTRATIONS

EU Code of Conduct on Data Centre Energy Efficiency

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

PSD2 Assessment of Operational and Security Risks 1 ONR User Guidelines Document

POLICY ON ALGORITHMIC TRADING AND ORDER ROUTING SERVICES

Authentication (SCA) and Common and Secure Communication

European Code of Conduct on Data Centre Energy Efficiency

Introduction. Notations. Test with Curl. Value Examples

PSD2 Compliance - Q&A

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

PSD2 & OPEN BANKING Transform Challenge into Opportunity with Identity & Access Management E-BOOK

GDPR Compliance. Clauses

ALGORITHMIC TRADING AND ORDER ROUTING SERVICES POLICY

PSD2 webinar session - Q&A

Plus500UK Limited. Website and Platform Privacy Policy

White Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security

BOARD OF THE BANK OF LITHUANIA. RESOLUTION No 46 ON THE REGULATIONS ON KEEPING THE PUBLIC REGISTER OF PAYMENT INSTITUTIONS. of 24 December 2009

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

Technical guidelines implementing eidas

Privacy Notice. Lonsdale & Marsh Privacy Notice Version July

eidas Regulation (EU) 910/2014 eidas implementation State of Play

Data Subject Access Request Form

Call for Expressions of Interest

Data Protection Policy

Document Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.

Joint Initiative on a PSD2 Compliant XS2A Interface XS2A Interface Interoperability Framework Implementation Guidelines

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Consents Service - SMBC NextGenPSD2

PS Mailing Services Ltd Data Protection Policy May 2018

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

Data Subject Access Request Form (GDPR)

Introduction to the Personal Data (Privacy) Ordinance

Adviser Application Form

Chapter 1. Purpose, definitions and application

Hertfordshire Natural History Society

Contract Services Europe

Privacy Policy. Information about us. What personal data do we collect and how do we use it?

DIRECTORATE GENERAL MOBILITY AND TRANSPORT Units MOVE-E3 & SRD2. User Manual. Single European Sky Performance website

EIT Health UK-Ireland Privacy Policy

Internet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement

Online Banking - Accessing and Navigating How to Log into Your Account and Frequently Asked Questions

GDPR Compliant. Privacy Policy. Updated 24/05/2018

TIA. Privacy Policy and Cookie Policy 5/25/18

NIPPON VALUE INVESTORS DATA PROTECTION POLICY

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

Our Data Protection Officer is Andrew Garrett, Operations Manager

SWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ

SCHEME HANDBOOK REFCOM F GAS COMPANY CERTIFICATION SCHEME. Refcom F gas Company Certification Scheme Scheme Handbook V9.1 February 2017 Page 1 of 6

The information we collect

Data Subject Access Request Procedure. Page 1 KubeNet Data Subject Access Request Procedure KN-SOP

APPROVAL PROCESS TO BE FOLLOWED FOR PROVISIONAL ACCREDITATION OF CBs UNDER FM CERTIFICATION SCHEME

Data Subject Access Request Form (GDPR)

Depending on the Services or information you request from us, we may ask you to provide the following personal information:

ARTICLE 29 DATA PROTECTION WORKING PARTY

Notification Form AP50 Minor Update to Risk Management Programme Details

Accreditation Process. Trusted Digital Identity Framework February 2018, version 1.0

A NEW MODEL FOR AUTHENTICATION

Starflow Token Sale Privacy Policy

Guide to Applications for Certificates of Free Sale for Medical Devices

Checklist: Credit Union Information Security and Privacy Policies

Data Protection and Privacy Policy PORTOBAY GROUP Version I

GC0106: Mod Title: Data exchange requirements in accordance with Regulation (EU) 2017/1485 (SOGL)

RECOMMENDATION FOR USE

Google Cloud & the General Data Protection Regulation (GDPR)

Schools and Libraries (E-rate) Program FCC Form 472 (BEAR) User Guide

Privacy Policy. About Us

Under the GDPR, you have the following rights, which we will always work to uphold:

HRP GDPR Subject Access Request procedure for website , version: v1

Version 1/2018. GDPR Processor Security Controls

Hohenstein Laboratories GmbH & Co. KG Schloss Hohenstein Boennigheim Germany

This website is managed by Club Systems International on behalf of the Hoburne and Burry and Knight Groups.

The data submitted in this application are covered by official/professional secrecy under Article 54 of Law 4261/2014.

Token Sale Privacy Policy

Continuing Professional Education (CPE) CPE Rules for Pesticide Advisors

TaxiMe Privacy Policy for Passengers

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

NZQA registered unit standard 8086 version 7 Page 1 of 5. Demonstrate knowledge required for quality auditing

Reference Offer for Wholesale Roaming Access

MFA-AIMA STANDARD CERTIFICATION FIA TEMPLATE QUESTIONNAIRE DIRECT ELECTRONIC ACCESS ( DEA ) CLIENT REPRESENTATION

ENISA s Position on the NIS Directive

Chain of Custody Policy. July, 2015

Payment Services Directive (PSD2) Opening the doors to a secure business

INNOVENT LEASING LIMITED. Privacy Notice

EUROPEAN MEDICINES AGENCY (EMA) CONSULTATION

Directive on Security of Network and Information Systems

Subject access policy and template response letters

Appendix: List of possible compliance measures. Note:

Transcription:

Request for exemption from the obligation to set up a contingency mechanism (SUP 15C Annex 1D) Interface name / ID (ASPSPs submitting a return should provide the name or ID used within the PSP to identify the interface being reported on) FRN (Firms registration number) Purpose of this form Account servicing payment service providers (ASPSPs) that opt to provide a dedicated interface under article 31 of the Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication () may request that the FCA grant an exemption from the obligation in article 33(4) to set up a contingency mechanism. The exemption will be granted if the dedicated interface meets the conditions set out in article 33(6). ASPSPs wishing to rely on the exemption in article 33(6) of the must submit this form via Connect. Important information you should read before completing this form Where a group of ASPSPs operates the same dedicated interface across different banking brands, subsidiaries or products, we require a single request for that dedicated interface. Where a group of ASPSPs or a single ASPSP operates a number of different dedicated interfaces, e.g. in respect of different banking brands, subsidiaries or products, we require separate requests in respect of each different dedicated interface for which an ASPSP is seeking an exemption. Guidance on completing the form can be found in the Payment Services and Electronic Money Approach Document, Chapter 17. ASPSPs completing the form should also comply with the Guidelines on the conditions to be met to benefit from an exemption from contingency measures under article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC) (EBA Guidelines). The FCA processes personal data in line with the requirements of The General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018. For further information about the way we use the personal data collected in this form, please read our privacy notice available on our website: www.fca.org.uk/privacy. Filling in the form Please complete the form electronically: use the TAB key to move from question to question and press SHIFT TAB to move back to the previous question save all the parts of the pack you have completed and attach to your application

General information General information i Is this a single request for a dedicated interface operated across different banking brands, subsidiaries or products? No Yes Give names below of the different banking brands, subsidiaries or products. ii Is this is a request for one of a number of dedicated interfaces being operated across different banking brands, subsidiaries or products? No Yes Identify the group (eg banking group) and the brand, subsidiary or product which is the subject of this request. Contact for this application iii Contact details of the person we will get in touch with about this application Name Role within organisation Phone number (including STD code) Email address

Service level, availability and performance Service level, availability and performance Use this section to provide the information required under EBA Guideline 2 Q1 Has the ASPSP defined service level targets for out of hours support, monitoring, contingency plans and maintenance for its dedicated interface that are at least as stringent as those for the interface(s) used by its own payment service users (EBA Guideline 2.1)? Yes No Q2 Has the ASPSP put in place measures to calculate and record performance and availability indicators in line with EBA Guidelines 2.2 and 2.3? Yes No Please provide supporting evidence for your answer to question 1.

Publication of statistics Publication of statistics Use this section to provide the information required under EBA Guideline 3 Q3 Please set out the plan for the quarterly publication of daily statistics on the availability and performance of the dedicated interface and payment service user interface.

Stress testing Stress testing Use this section to provide the information required under EBA Guideline 4 Q4 Please provide a summary of the results of stress tests undertaken.

Obstacles Obstacles Use this section to provide the information required under EBA Guideline 5 Q5 Please describe the method(s) of carrying out the authentication procedure(s) of the payment service user that are supported by the dedicated interface. Redirection Summary of the authentication procedure Explanation of why the methods of carrying out the authentication procedure does not create obstacles Please confirm if you have attached any supporting evidence Attached

Obstacles Decoupled Summary of the authentication procedure Explanation of why the methods of carrying out the authentication procedure does not create obstacles Please confirm if you have attached any supporting evidence Attached

Obstacles Embedded Summary of the authentication procedure Explanation of why the methods of carrying out the authentication procedure does not create obstacles Please confirm if you have attached any supporting evidence Attached

Obstacles Other authentication method Summary of the authentication procedure Explanation of why the methods of carrying out the authentication procedure does not create obstacles Please confirm if you have attached any supporting evidence Attached

Design and testing to the satisfaction of PSPs Design and testing to the satisfaction of PSPs Use this section to provide the information required under EBA Guideline 6. Also complete Form B Q6 Please provide information on whether, and, if so, how the ASPSP has engaged with AISPs, PISPs and CBPIIs in the design and testing of the dedicated interface. Q7 Q8 Please provide the date from which the ASPSP has made available, at no charge, upon request, the documentation of the technical specification of any of the interfaces specifying a set of routines, protocols, and tools needed by AISPs, PISPs and CBPIIs to interoperate with the systems of the ASPSP. (dd/mm/yyyy) / / Please provide the date on which the ASPSP published a summary of the technical specification of the dedicated interface on its website and a web link. (dd/mm/yyyy) / / Q9 Please provide the date on which the testing facility became available for use by AISP, PISPs, CBPIIs (and those that have applied for the relevant authorisation. (dd/mm/yyyy) / / Q10 Please provide the number of different PISPs, CBPIIs, AISPs that have used the testing facility. AISPs CBPIIs PISPs

Design and testing to the satisfaction of PSPs Q11 Please provide a summary of the results of the testing as required.

Wide usage of the interface Wide usage of the interface Use this section to provide the information required under EBA Guideline 7 Q12 Please provide a description of the usage of the dedicated interface in a three month (or longer) period prior to submission of the exemption request. Q13 Describe the measures undertaken to ensure wide use of the dedicated interface by AISPs, PISPs, CBPIIs.

Form B Design of the dedicated interface Resolution of problems Use this section to provide the information required under EBA Guideline 8 Q14 Please describe the systems or procedures in place for tracking, resolving and closing problems, particularly those reported by AISPs, PISPs, and CBPIIs. Q15 Please explain any problems, particularly those reported by AISPs, PISPs and CBPIIs, that have not been resolved in accordance with the service level targets set out in EBA Guideline 2.1.

Form B Design of the dedicated interface Form B Design of the dedicated interface Use this section to provide the information required under EBA Guideline 6 Requirement Description of the functional and technical specifications that the ASPSP has implemented to meet this requirement. 67 SCARTS 30 RTS Enabling AISPs to access the necessary data from payment accounts accessible online [Where relevant, also reference to the specific market initiative API specification used to meet this requirement and the results of conformance testing attesting compliance with the market initiative standard] Summary of how the implementation of these specifications fulfils the requirements of, and FCA Guidelines. [Where relevant, any deviation from the specific market initiative API specification which has been designed to meet this requirement] 1a 1b 1c If not in place at the time of submission of the exemption request, when will the functionality be implemented to meet the requirement (must be before 14 September 2019). Has a plan for meeting the relevant requirements been submitted to the FCA alongside this form?

Form B Design of the dedicated interface 65 & 66 SCARTS 30 Enabling provision or availability to the PISP, immediately after receipt of the payment order, of all the information on the initiation of the payment transaction and all information accessible to the ASPSP regarding the execution of the payment transaction 2a 2b 2c 30(3) Conforming to (widely used) standard(s) of communication issued by international or European standardisation organisations 3a 3b 3c 64 (2) 30(1) ( c) Allowing the payment service user to authorise and consent to a payment transaction via a PISP 4a 4b 4c

Form B Design of the dedicated interface 66(3)(b ) and 67(2)(b ) Enabling PISPs and AISPs to ensure that when they transmit the personalised security credentials issued by the ASPSP, they do so through safe and efficient channels. 5a 5b 5c 65(2)(c ), 66(2)(d ) and 67(2)(c ) 30(1) (a) and 34 10(2) (b) Enabling the identification of the AISP/PISP/CBPII and support eidas for certificates Allowing for 90 days reauthentication for AISPs 6a 6b 6c 7a 7b 7c

Form B Design of the dedicated interface 36(5) Enabling the ASPSPs and AISPs to count the number of access requests during a given period 8a 8b 8c 30 (4) Allowing for a change control process 9a 9b 9c

Form B Design of the dedicated interface 64(2) and 80(2) and 80(4) Allowing for the possibility for an initiated transaction to be cancelled in accordance with, including recurring transactions 10a 10b 10c 36(2) Allowing for error messages explaining the reason for the unexpected event or error 11a 11b 11c 19(6) Supporting access via technology service providers on behalf of authorised actors 12a 12b 12c

Form B Design of the dedicated interface 97(5) and 30(2) Allowing AISPs and PISPs to rely on all authentication procedures issued by the ASPSP to its customers 13a 13b 13c 67 (2) (d) and 30 (1) (b) and 36 (1) (a) Enabling the AISP to access the same information as accessible to the individual consumer and corporates in relation to their designated payment accounts and associated payment transactions 14a 14b 14c 36(1)(c ) Enabling the ASPSP to send, upon request, an immediate confirmation yes/no to the PSP (PISP and CBPII) on whether there are funds available 15a 15b 15c

Form B Design of the dedicated interface 97(2) and 5 Enabling the dynamic linking to a specific amount and payee, including batch payments 16a 16b 16c s 30(2), 32(3), 18(2)(c )(v) and (vi) and 18(3) Enabling the ASPSP to apply the same exemptions from SCA for transactions initiated by PISPs as when the PSU interacts directly with the ASPSP 17a 17b 17c 4 Enabling strong customer authentication composed of two different elements 18a 18b 18c

Form B Design of the dedicated interface s 28 & 35 Enabling a secure data exchange between the ASPSP and the PISP, AISP and CBPII mitigating the risk for any misdirection of communication to other parties 19a 19b 19c 97(3) s 30 (2)(c) and 35 Ensuring security at transport and application level 20a 20b 20c

Form B Design of the dedicated interface 97(3) s 22, 35 and 3 Supporting the needs to mitigate the risk for fraud, have reliable and auditable exchanges and enable providers to monitor payment transactions 21a 21b 21c 29 Allowing for traceability 22a 22b 22c 32 Allowing for the ASPSP s dedicated interface to provide at least the same availability and performance as the user interface 23a 23b 23c

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback