PSD2 Regulatory Technical Standards – A Practical Guide & Workshop
A ½ Day Course
The PSD2 Requirements for SCA from September 2019 onwards
What Makes This Course Different?
- We have been delivering training for over 20 years and this is one of our core competencies. We believe we are experts on this topic and having delivered training to a wide range of firms and businesses, we are certain we know the topic as well as anyone in the market place.
- PSD2 RTS always seems to many to be a nebulous or esoteric subject that is only for board and senior management; we will show you everyday workplace examples or situations.
- Your course director is a highly successful, qualified and experienced executive who will pass on past experiences and “war stories” generally to enhance the workshop and help bring it to life.
- We do not use academics. All our trainers are highly experienced professionals with relevant qualifications and vocational experience in the real world.
- We have delivered many core governance, risk and compliance courses over recent years and have a very clear understanding of what good and bad look like and the consequences, intended or not, of poor decision making.
- Additionally, participant feedback informs us in both a precise and timely manner what the current dilemmas and challenges are.
- We have developed highly interactive and very enjoyable case studies to enhance the learning points. All delegates report that these are a high point.
- We are always judged by our results which speak for themselves and the feedback received from previous delegates has always been excellent.
- To be able to identify PSD2 RTS elements effectively in a timely, professional and first-class manner
- To appreciate the regulators approach to PSD2 RTS and why it is critically important
- To understand the legal and regulatory framework
- To recognise the need for potential delays between customer, card issuer, and transaction authorisation due to PSD2 RTS requirements
- To recognise good practice
- To avoid lost business because of “timeouts”
- Be able to define an effective and comprehensive PSD2 RTS category of SCA
- Learn how to create and apply the best response for the 3 categories
- Be able to create a clear and auditable method for managing PSD2 RTS to ensure transparency
- Think like a compliance professional
What are “PSD2 RTS”?
- PSD2 RTS Intended Outcome (inc PSD2 RTS Key Date)
o give customers the freedom to utilise qualified third parties — known as Account Information Service Providers (AISPs) or Payment Initiation Service Providers (PISPs) — to manage their finances
- Who is impacted?
o AISPs and PISPs would allow customers to do everything from viewing their account information across multiple banks to making payments — all within one platform. Does your Account Servicing Payment Service Providers (ASPSPs) provide a testing facility and make technical specifications available.
- Strong Customer Authentication (SCA)?
o Many retailers, hospitality providers and other types of merchants have very little, or no, understanding of this new requirement.
- The Requirements
o Specific action needs to be taken rapidly if you do not already have a SCA programme underway. The deadline will not be changed, and big consequences will be seen if no action is taken.
- The Transactions
o In order to authenticate a payer securely at least two factors have to be checked and these must come from two of the three defined categories
- The Defined Categories
o Knowledge, Possession and Inherence. Each category has a range of valid elements.
- Face to Face Transactions
o These have the ‘Possession’ factor and the PIN as a ‘Knowledge’ factor and so there will be less (but not zero) impact. These will be subject to Transaction Risk Analysis.
- ECommerce Transactions
o Each card issuer will make their own decision on which factors to use and for their cardholders to perform, so merchants and cardholders should expect different user experiences. What unattended transactions are exempted?
- Risk Solutions
o Various exemptions will be allowed, and merchants are encouraged to discuss these with their acquirer. We discuss the practical aspects of these elements.
- Exceptions & Exemptions
o What exemptions apply and when to use them. Not all transactions will require additional authentication. PSD2 provides a number of exemptions to SCA, which could result in minimising friction, abandoned carts and attrition in the customer payment journey.
- Transaction Risk Analysis
o A Transaction Risk Analysis (TRA) exemption is perhaps the most significant and broadly used exemption; when is it best to apply this exemption and how will the analysis be defined?
- Workshop – SCA Method options.
o Discussions and desktop exercises to identify testing and suitability of exemptions and SCA application.
Think as a Compliance Professional
- right information and
- right process in-place to comply
- Documented audit trail
- Summary, Open Forum, Wrap up
Background of the Trainer
Lee has worked with a range of organisations from small start-ups through to FTSE100 companies, many that have had difficulties identifying and managing changes to legislation, and helped them develop effective, robust systems. He has adapted his experience to develop this course and supporting materials with the practical skills-based focus. Lee’s skills, qualifications and experience make him ideal for supporting anyone wishing to develop top-class knowledge in the management of PSD2 RTS’s.
Having been a freelance consultant and trainer for twenty years, your course director was appointed as a skilled person in 2012 and has conducted many audits, assessments, roll-outs and change management programmes from complaints programs, conduct risk frameworks, global risk frameworks, as well as having provided regulatory interpretation to insurance intermediaries through to investment banks, worked on many risk mitigation programs and set up retail banks.
PSD2 regulations is a staged approach for regulators to deal with the burgeoning array of reg tech apps being developed for a wide variety of reasons. Change on this scale has always appeared as a problem for Senior Management in the past. Following the banking crisis from 2008, and numerous data privacy breaches, as well as major frauds, transparency and clear audit trails have become even more important especially where customer data and third part access is key. PSD2 RTS Management is straightforward but the key element here is time. Work should have started a year or more ago, but if it is conducted in the right way today, you can still be in line to comply by the deadline.
It is the very culture of a firm that makes PSD2 RTS manageable or not. The accurate identification and reliable assessment of the potential impact, along with defined and practical procedures to take account of the new requirements, can make PSD2 RTS management effective, fair and compliant for those who create profits for all our businesses; the customers.