What are the regulatory consequences for German-domiciled PSPs of failing to apply SCA?
On 17 October 2019 the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht, “BaFin”) announced that it would not object if German-domiciled payment service providers („PSPs“) execute card payments on the internet without strong customer authentication („SCA“) – as required by the EU Payments Services Directive (EU) 2015/2366 („PSD2“) and the SCA Regulatory Technical Standards Delegated Regulation (EU) 2018/389 („SCA RTS“) – until 31 December 2020.