Banks leaving it late for SCA testing environment deadline

The UK’s deadline for banks and payments providers to offer full test environments of the live infrastructure under the Strong Consumer Authentication (SCA) is less than a month away, but many in the market are lagging behind to meet the March 14 date set by the Financial Conduct Authority (FCA).

“There’ll be quite a few payment providers with websites that have development details on how they are making the data available, that they need to make available, and the capabilities they need to make available under PSD2, but I doubt all of them will have the capabilities for a third party to connect,” says Olly Betts, CEO of OpenWrks.

The FCA has made clear that from March 14, account servicing payment service providers (ASPSPs) that are accessible online must provide technical specifications regarding their access interfaces, as well as testing facilities for third party providers (TPPs). SCA goes live on September 14, and the FCA reminded market participants of the obligations in an email on January 30.

The regulator’s email also reminded market participants of the June 14 deadline for submitting contingency exemption requests – in which firms intending to implement dedicated interfaces and gain exemption form contingency mechanism requirements. Essentially, firms must have a sandbox for TPPs by the March deadline, provide evidence of their systems by June, and be ready to go in September. Betts suggests it’s a “three strikes and you’re out” approach.

“The really interesting thing is if payment providers don’t have test environments on March 14, what chance do they have of by June 14 being able to present the FCA with evidence that their solution works to avoid a whole load of other costs and expenditures?” he asks.

“Really the biggest losers could be the payment providers and I don’t think it’ll be a regulatory fine that bites it’ll be in the fact they’ll need to quickly build an alternative solution. It’s kicking the can down the road – they’ll have a really big problem, because the one thing the FCA has said is if you don’t have a solution in place by June 14 you need to build a fall-back option.”

Outside the CMA9, ASPSPs scrambling with integration and last minute integrations and testing procedures, says Mitul Sudra, CTO at OpenWrks. While a lot of banks have signed up to Open Banking – and the UK’s rendering of PSD2 – many have left implementation processes very late, he says.

“We’re seeing a scurry of activity now from a number of payment account providers ranging from personal, business and credit card providers to tier two banks and ones that fell outside of CMA9 last year,” he says.

OpenWrks – which builds Open Banking technology and assists firms with the regime’s protocols – has had a number of enquiries.

“We’re seeing a number of banks come to us that are probably already quite late, that are asking for help – help with their testing, help them meet the regulatory commitments, not only the RTS and Open Banking but the deadlines for the provision of the sandbox in March,” says Sudra.

With the deadlines in place as they are, it seems the regulator is keen to allow Open Banking to flourish.

“For the standards to work they need to be policed,” says Sudra. “For Open Banking to work you need the banks to deliver because you’ve got fintechs building business models entirely on the back of this ecosystem working and all the APIs to be performing at the quality they should be.”

When the March 14 deadline arrives, many fintech firms will be hoping to work with the market’s sandboxes, and develop services over the next few months. That collaborative approach – an underlying theme in the UK’s Open Banking protocol – should engender a better financial services offering.

“Our approach would be to engage with banks directly to understand why they don’t have test environments and see where we could help with that,” says Betts. “You could see other situations though where firms go to the regulator with lists of those who do have test environments and those that don’t.”

Related reading