The regulations around Payment Initiation Service Providers (PISPs) are not supposed to be prescriptive, according to Maha El Dimachki, head of payments at the UK’s Financial Conduct Authority (FCA).
“This regulation is meant to encourage innovation and new ideas," said Dimachki at PAY360 in London this week. "From our point of view, where propositions are testing regulation, we want to hear about that. I know in terms of PISP propositions, and their journeys in particular, there has been a dialogue around certain areas where a strict interpretation doesn’t actually allow for certain propositions. I think the message here is that we are open to those discussions.”
“If the outcome is the right outcome and the way it is deployed in the right way then we are very open to that dialogue. To be a progressive regulator, which is a tall order, we should never be prescriptive with regulation. We are looking at what the industry is coming up with in terms of new ideas to advance and go forwards, and we then take the role of how we can support that,” she said.
Dimachki was talking on a panel discussing the aftermath of PSD2, and the next steps for Open Banking.
The final deadline to comply with PSD2’s regulatory technical standards is September 14. The deadline for all account providers in the UK and Europe to open their APIs to third parties for testing is March 14.
For Dimachki, greater focus in the lead up to the September deadline is needed around when SMS-based strong consumer authentication (SCA) fails to work, and what other options must be used.
“We feel that adopting APIs is a more secure method of access, secure customer authentication contributes to a safer and more secure ecosystem under PSD2. We will be testing that, we will be monitoring that as we go, and having a look at the impact,” said Dimachki.
“We are hearing a lot of dialogue around the SMS code. Literally we talk about innovation or new ideas, we talk about the consumer at the heart of it, but how do we think about when things go wrong?
“We talk about what the value proposition is to consumers, but we also need to consider when things go wrong, how do we fix that as quickly as possible? This is one example where if you are looking at the SMS code as one of the SCA options, such as when there is no coverage what is the option? Are we thinking about biometrics, are we thinking about other innovative options?” she said.