Skip links

The FCA’s proposed SCA-RTS amendments have no impact on the use and performance of Konsentus Verify

The FCA's proposed SCA-RTS amendments have no impact on the use and performance of Konsentus Verify

The Financial Conduct Authority’s (FCA’s) proposed SCA-RTS amendments, announced on 29 November 2021, have no impact on the use and performance of Konsentus Verify.

Konsentus Verify sits within an ASPSP’s PSD2 process flow and is used by financial institutions to determine whether to grant or deny third party providers (TPPs) access to customer account data. Konsentus Verify sits in the “TPP checking” phase of the process. It provides, in real-time, all the data required to validate a TPP’s identity and regulatory status at the time of a transaction request.

Once an ASPSP is confident of a TPP’s identity and authorisation status, the next stage of the PSD2 process flow can take place. This requires the ASPSP to check the customer’s “Consent”.

The first time the customer requests account information via a TPP, they must authenticate themselves with their financial institution by performing strong customer authentication (SCA).

Up until now, the customer has also been required to re-confirm their consent with their Financial Institution every 90 days. From March 2022 customer re-authentication every 90 will no longer be required and the responsibility for confirming access permission will sit exclusively with the TPP.

Although this change simplifies the process for TPPs providing Account Information Services (AIS), it places greater reliance on the TPP’s due diligence for this task.

To comply with this change, ASPSPs must update their Consent Management rules and workflow processes accordingly

Note: The FCA’s update is specifically related to SCA requests by ASPSPs relating to customers accessing AIS via TPPs. There is no change to the requirement for TPPs to obtain the customer’s consent, which remains the same at 3 months.