POLISH COMMERCIAL BANK
SCA exemption
We advised the Polish commercial bank on the following project:
SCA EXEMPTION FOR CORPORATE PAYMENTS
- Payment service providers are obliged to use strong customer authentication (SCA). One of the most formalized exemptions from among the range of those that suppliers may invoke to discontinue the application of the SCA is the exemption for corporate payments in Article 17 of the RTS. The aforesaid exemption is of a special nature, as to apply it, apart from the initiative on the part of the payment service provider, the supervision authority, i.e. in the case of the Polish market – the Polish Financial Supervision Authority, also needs to take certain action and present positive position.
- Providers may only apply if the supervision authority (PFSA) “decides” that the processes or reports guarantee a level of security at least equivalent to that provided by the PSD2 Directive. In practice, the position of the PFSA takes the form of an administrative decision, in which the authority determines whether the processes or reports aspiring for exemption ensure the level of security at least equal to that under the PSD2 Directive.
- The exemption in Article 17 of the RTS differs from the other exemptions in that, in addition to the general requirement to monitor fraud signs that applies to all SCA exemptions (Article 19 of the RTS), the supplier must provide other equivalent security mechanisms. Therefore, in compliance with the provision, the required level of security may be ensured in other ways than just through the use of SCA elements or elements directly corresponding to the SCA requirements indicated in the PSD2 Directive and the RTS.
The advisory services of DLK Legal included:
- preparation and submission with the PFSA an application for exemption of the bank from the obligation to use the SCA with respect to processes or reports that the bank makes available only to non-consumer payers
- representation of the bank in the proceedings before the PFSA, response to the requests of the PFSA and obtaining of a positive decision from the authority on the recognition of processes or reports that the bank makes available to non-consumer payers only, i.e. guarantee that an appropriate level of security at least equivalent to the level provided for in the PSD2 Directive is ensured by the bank
Lawyers involved in the project:
Krzysztof Korus
attorney-at-law, partner Krzysztof Korus
Bartosz Wyżykowski
attorney-at-law, partner Bartosz Wyżykowski
Banking & Fintech
Banking & FinanceOnline & eCommerce
Online & eCommerceAlso check
#Banking & Fintech #IT & Outsourcing
national payment institution
B2B CONTRACT VS. REGULATED OUTSOURCING
B2B CONTRACT VS. REGULATED OUTSOURCING