On 28 June 2019, the UK Financial Conduct Authority (in response to an Opinion published by the European Banking Authority) published a statement on the possible delay of enforcement against businesses who have not met the Regulatory Technical Standards for Strong Customer Authentication ("SCA") in relation to e-commerce card payments by 14 September 2019.
The FCA, recognising that some businesses may have been struggling to meet the deadline (set under the Second EU Payment Services Directive, and the Payment Services Regulations), have said that they will work with industry stakeholders to agree a plan for implementation by a later date. Although the 14 September 2019 deadline will remain in place generally, if a business does not meet that deadline, the FCA will not take enforcement action provided that they are operating in an area which is covered by the plan and are complying with the plan.
Whilst this will be welcome news to those businesses (especially start-ups and scale-ups) who were struggling to meet the SCA requirements, it is not a complete waiver. It remains to be seen what any agreed plan between the FCA and the industry will cover and what timetables it imposes. Those businesses that are required to meet the SCA requirements should monitor the proposed plan and whether it applies to their business. Otherwise the obligation remains the same.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.