ENG

PSD2. Polish's KNF grants grace period for SCA implementation

Published

Aug 22 2019

Written By

scott mcinnes Module
Scott McInnes

Partner
Belgium

ivan sagal Module
Ivan Sagál

Partner
Czech Republic

annette nielsen Module
Annette Printz Nielsen

Partner
Denmark

kristiina lehvila module
Kristiina Lehvilä

Senior Counsel
Finland

cathie rosalie joly module
Cathie-Rosalie Joly

Partner
France

michael juenemann module
Dr. Michael Jünemann

Partner
Germany

konrad siegler module
Konrád Siegler

Of Counsel
Hungary

diego cefaro Module
Diego Cefaro

Senior Associate
Italy

stefano febbi Module
Stefano Febbi

Partner
Italy

slawomir szepietowski module
Slawomir Szepietowski

Partner
Poland

hans svensson Module
Hans Svensson

Partner
Sweden

trystan tether module
Trystan Tether

Partner
UK

On 19 August 2019, the Polish financial supervisory authority (KNF) issued a note on SCA (available here), which is in line with EBA’s Opinion on SCA of 21 June 2019. 

KNF stated that, due to the state of unpreparedness of PSPs (i.e. issuers and acquirers) and merchants with the SCA requirements that come into effect on 14 September 2019, it will conditionally grant PSPs a regulatory holiday with regard to internet payments and contactless payments. This means that if a relevant PSP communicates to KNF its needs for a regulatory holiday period, along with its migration plan, KNF will not apply supervisory measures (e.g. fines) upon that PSP during the regulatory holiday period, provided of course that the PSP implement the migration plan in a timely fashion. 

The maximum grace period for SCA implementation will only be communicated by KNF after their on-going consultations with the will end (probably around 14 September 2019).

KNF added that, even in case of PSP benefiting from the grace period, the risk associated with the failure to use SCA, after 13 September 2019, is fully borne by PSP, who are required to use it". We presume this is a reference to Article 74(2) PSD2, as implemented within Polish law, that allocates the liability between the issuer and the PSP of the payee, including acquirer in case of fraud. We understand that KNF seems to be saying that an issuer or PSP of the payee, who benefits from a regulatory holiday will be liable for the fraud on a particular transaction. Query what will happen for transactions where both the issuer and the PSP of the payee benefit from a regulatory holiday? 

Other regulators have already announced similar measures – for example:
 
United KingdomFCA agrees plan for a phased implementation of Strong Customer Authentication

France: Rapport annuel de l’Observatoire de la sécurité des moyens de paiement (pp. 11-16)

DenmarkStatement from the Danish FSA regarding SCA in the light of the opinion from the Danish FSA

ItalyPSD2: transitional period for strong customer authentication for online card payments in Italy

Germany: PSD2: BaFin announces postponing SCA-rules for online credit card payments in Germany

The Netherlands: https://www.toezicht.dnb.nl/3/50-237794.jsp# (Dutch)

If you would like to receive our payments alerts directly in your inbox, please click here.

 

Latest insights

More Insights
Curiosity line green background

Bring out the wine and cheese: Enhanced protection for European GIs in New Zealand

Apr 26 2024

Read More
Birds on a beach

China Cybersecurity and Data Protection: Monthly Update - April 2024 Issue

Apr 26 2024

Read More
Snow-capped mountain range

Potential Expansion of Singapore’s TDM Exception?

Apr 26 2024

Read More
More Insights

Related capabilities

Finance & Financial Regulation Financial Services Retail and Consumer Technology & Communications