The direction in SUP 15.14.6D will not apply if the FCA gives a different direction to a specific credit institution, in the light of the particular circumstances surrounding a refusal of access to payment account services, about how to notify the FCA. The FCA is likely to be minded to do so where a credit institution decides to withdraw access to a large number of persons falling within paragraphs (1)(a) to (e) (excluding (1)(d)) of the Glossary definition of payment service provider simultaneously, such that complying with SUP 15.14.6D becomes impractical, and provides advance notice of the proposed withdrawal to their usual supervisory contact at the FCA. For these purposes, fewer than ten persons is unlikely to be considered a large number.
Credit institutions are reminded of the general notification requirements in SUP 15.3, including the obligation to notify the FCA as soon as they become aware of any matter (including a matter which may occur in the foreseeable future) which could affect their ability to continue to provide adequate services to their customers and which could result in serious detriment to a customer of the credit institution (SUP 15.3.1R(3)).
these denials of access:
arise out of the same facts and happen for the same reasons,
Where an account servicing payment service provider has already submitted a notification in accordance with regulation 71(8)(c) of the Payment Services Regulations and SUP 15.14.10D and continues to deny access to a payment account, it is not required to notify the FCA of a consecutive denial of access that happens after the original notification was sent if it:
An account servicing payment service provider that has previously submitted a notification in accordance with regulation 71(8)(c) of the Payment Services Regulations and SUP 15.14.10D must notify the FCA if it subsequently restores access to the payment account for the account information service provider or payment initiation service provider that was the subject of the original notification, unless it indicated in the first notification that it intended to immediately restore access and access was so restored.
Regulation 99(1) of the Payment Services Regulations provides that, if a payment service provider becomes aware of a major operational or security incident, the payment service provider must, without undue delay, notify the FCA. The purpose of this section is to direct the form and manner in which such notifications must made and the information they must contain, in exercise of the power in regulation 100(2) of the Payment Services Regulations.
The EBA has issued Guidelines on incident reporting under the Payment Services Directive that specify the criteria a payment service provider should use to assess whether an operational or security incident is major and needs to be reported to the FCA. These Guidelines also specify the format for the notification and the procedures the payment service provider should follow.
Where the electronic means of submission of notifications is known not to be available or operated at the time the incident is first detected, the notification should be sent to the FCA as soon as the electronic means of submission becomes available and operational again. Unless the FCA has informed a specific payment service provider that electronic means of submission are also available to it and operated at other times, the electronic means of submission are available and operated during normal operating hours, as specified by the FCA.
The EBA’s Guidelines on incident reporting under the Payment Services Directive contain guidelines on the completion of the form specified in SUP 15 Annex 11D. Payment service providers should use the same form in all reports concerning the same incident. Payment service providers may not have sufficient information to complete all parts of the form in the initial report. They should complete the form in an incremental manner and on a best effort basis as more information becomes readily available in the course of their internal investigations.
SUP 15.6.1R to SUP 15.6.6G (Inaccurate, false or misleading information) apply to payment service providers that are required to make notifications in accordance with this section as if a reference to firm in SUP 15.6.1R to SUP 15.6.6G were a reference to the relevant category of payment service provider and a reference to a rule were a reference to the directions in this section.
Payment service providers are reminded that regulation 142 of the Payment Services Regulations (Misleading the FCA or the Payment Systems Regulator) makes it an offence for a person to knowingly or recklessly provide the FCA with information which is false or misleading in a material particular in purported compliance with the directions given in this section or any other requirement imposed by or under the Payment Services Regulations.
The Financial Services and Markets Act 2000 (Service of Notices) Regulations 2001 (SI 2001/1420) contain provisions relating to the service of documents on the FCA. They do not apply to notifications required under this section because of the specific directions given in this section.
2Article 18 of the SCA RTS permits payment service providers not to apply strong customer authentication where the payer initiates a remote electronic payment transaction identified by the payment service provider as posing a low level of risk according to the transaction monitoring mechanism referred to in article 2 and article 18 of the SCA RTS.
2Article 19 of the SCA RTS requires payment service providers to ensure that the overall fraud rates per quarter for transactions executed under the article 18 exemption are equivalent to or lower than the reference fraud rates indicated in the Annex to the SCA RTS. Article 19 defines a quarter as 90 days.
2Where a fraud rate calculated in compliance with article 19 of the SCA RTS exceeds the applicable reference fraud rate, article 20(1) of the SCA RTS requires payment service providers to immediately report to the FCA, providing a description of the measures that they intend to adopt to restore compliance with the reference fraud rates.
2Where a fraud rate exceeds the applicable reference rate for two consecutive quarters, the payment service provider is required by article 20(2) of the SCA RTS to immediately cease to make use of the article 18 exemption. The report for the second quarter should confirm that the payment service provider has ceased to make use of the article 18 exemption.
2A payment service provider that has previously ceased to make use of the article 18 exemption in accordance with article 20(2) of the SCA RTS must notify the FCA in accordance with article 20(4) of the SCA RTS before again making use of the article 18 exemption:
2A payment service provider notifying the FCA before again making use of the article 18 exemption must provide evidence of the restoration of compliance of their monitored fraud rate with the applicable reference fraud rate for that exemption threshold range for one quarter, under article 20(4) of the SCA RTS.
2Account information service providers, payment initiation service providers, payment service providers issuing card-based payment instruments, and account servicing payment service providers must report problems with dedicated interfaces as required by article 33(3) of the SCA RTS to the FCA:
2The following problems with dedicated interfaces should be reported:
the interface does not perform in compliance with article 32 of the SCA RTS; or
there is unplanned unavailability of the interface or a systems breakdown.
Unplanned unavailability or a systems breakdown may be presumed to have arisen when five consecutive requests for access to information for the provision of payment initiation services or account information services are not replied to within 30 seconds.