The Regulatory Technical Standards (RTS) on assessment methodology for internal ratings-based (IRB) approach are a key component of the EBA’s work to ensure consistency in models outputs and comparability of risk-weighted exposures.
The European Banking Authority (EBA) launched today a consultation on draft Regulatory Technical Standards (RTS) specifying the prudential treatment of software assets. The Opinion also explains that sufficient time has been available for the industry to prepare for the application date of SCA, given that the definition of SCA had been set out in PSD2 when it was published in 2015, which gave clear indications that existing authentication approaches would need to be phased out, and because PSD2 already granted an additional 18-month period for the industry to implement SCA.Today's Opinion also recommends national competent authorities (NCAs) to take a consistent approach toward the SCA migration period across the EU and to require their respective payment service providers (PSPs) to carry out the actions set out in the Opinion.The RTS, which the EBA will be developing in close cooperation with the European Central Bank (ECB), will specify the requirements of the strong customer authentication; exemptions from the application of these requirements; requirements to protect the user's security credentials; requirements for common and secure open standards of communication; and security measures between the various types of providers in the payments sector.SCA is defined in the Directive as an "authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data." The Directive will confer on the EBA the development of six technical standards and five sets of guidelines. The Commission must then enact the regulatory standard as a delegated act in order to give it binding legal effect. In addition, the Opinion recommends that, where required, NCAs communicate to PSPs in their jurisdiction that the supervisory flexibility they have exercised does not represent a delay in the application date of the SCA requirements in PSD2 and the EBA's Technical Standards. However it remains to be seen as to what kind of role the e-IDAS Regulation will play in practice. The EBA will assess the responses received, and use them as input for the development of the draft RTS, which it will publish in summer 2016, for a consultation period of three months.The EBA, therefore, accepts that, on an exceptional basis and in order to avoid unintended negative consequences for some payment service users after 14 September 2019, NCAs may decide to work with PSPs and relevant stakeholders, including consumers and merchants, to provide limited additional time. Draft Regulatory Technical Standards on the uniform conditions of application of the calculation methods for determining the amount of capital required at the level of the financial conglomerate Guidelines on the convergence of supervisory practices relating to the consistency of supervisory coordination arrangements for financial conglomerates The EBA must present this standard to the Commission on 13 January 2017 at the latest. The EBA is able to prevent regulatory arbitrage and should allow banks to compete fairly throughout the EU. The Directive also provides that SCA is to be applied to all electronic payments, unless one of the exemptions applies.The Opinion is addressed to national competent authorities, but it is also useful for account servicing payment service providers (ASPSPs), account information service providers, payment initiation service providers, card-based payment instrument issuers, third party providers, and industry initiatives, including initiatives of application of programming interface (API).However, the Opinion acknowledges the complexity of the payments markets across the EU and the challenges arising from the changes that are required, in particular by actors that are not payment service providers (PSPs) and, therefore, not directly subject to PSD2 and the EBA's technical standards, such as e-merchants, which may lead to some actors in the payments chain not being ready by 14 September 2019.In order to fulfil the objectives of PSD2 and the EBA of achieving consistency across the EU, the EBA will later this year communicate deadlines by which the aforementioned actors will have to have completed their migration plans.The EBA issued the Opinion in accordance with Article 29(1)(a) of its Founding Regulation, which mandates the Authority to play an active role in building a common Union supervisory culture and consistent supervisory practices, as well as in ensuring uniform procedures and consistent approaches throughout the Union.When publishing the Opinion in June, the EBA announced that, in order to fulfil the objectives of PSD2 and the EBA of achieving consistency across the EU, it would communicate later in 2019 the deadlines for the completion of the SCA migration plans, which today's Opinion provides.Finally, in order for all payment service providers (PSPs) to be in a position to rely on the eIDAS certificates, the Opinion identifies a few measures that competent authorities may apply, including by requesting the revocation of certificates issued to a PSP that has had its authorisation withdrawn.