Article 33 Contingency measures for a dedicated interface
- (1)
Account servicing payment service providers shall include, in the design of the dedicated interface, a strategy and plans for contingency measures for the event that the interface does not perform in compliance with Article 32, that there is unplanned unavailability of the interface and that there is a systems breakdown. Unplanned unavailability or a systems breakdown may be presumed to have arisen when five consecutive requests for access to information for the provision of payment initiation services or account information services are not replied to within 30 seconds.
- (2)
Contingency measures shall include communication plans to inform payment service providers making use of the dedicated interface of measures to restore the system and a description of the immediately available alternative options payment service providers may have during this time.
- (3)
Both the account servicing payment service provider and the payment service providers referred to in Article 30(1) shall report problems with dedicated interfaces as described in paragraph 1 to the FCA without delay.
- (4)
As part of a contingency mechanism, payment service providers referred to in Article 30(1) shall be allowed to make use of the interfaces made available to the payment service users for the authentication and communication with their account servicing payment service provider, until the dedicated interface is restored to the level of availability and performance provided for in Article 32.
- (5)
For this purpose, and from no later than six months after the date of the market launch of the interface,1 account servicing payment service providers shall ensure that the payment service providers referred to in Article 30(1) can be identified and can rely on the authentication procedures provided by the account servicing payment service provider to the payment service user. Where the payment service providers referred to in Article 30(1) make use of the interface referred to in paragraph 4 they shall:
- (a)
take the necessary measures to ensure that they do not access, store or process data for purposes other than for the provision of the service as requested by the payment service user;
- (b)
continue to comply with the obligations following from Regulations 69(3) and 70(3) of the Payment Services Regulations 2017 (SI 2017/752) respectively;
- (c)
log the data that are accessed through the interface operated by the account servicing payment service provider for its payment service users, and provide, upon request and without undue delay, the log files to the FCA;
- (d)
duly justify to the FCA, upon request and without undue delay, the use of the interface made available to the payment service users for directly accessing its payment account online;
- (e)
inform the account servicing payment service provider accordingly.
- (a)
- (6)
Subject to paragraph 6A of this Article, the1 FCA will exempt account servicing payment service providers that have opted for a dedicated interface from the obligation to set up the contingency mechanism described under paragraph 4 where the dedicated interface meets all of the following conditions:
- (a)
it complies with all the obligations for dedicated interfaces as set out in Article 32;
- (b)
it has been designed and tested in accordance with Article 30(5) to the satisfaction of the payment service providers referred to therein;
- (c)
it has been widely used for at least three months by payment service providers to offer account information services, payment initiation services and to provide confirmation on the availability of funds for card-based payments;
- (d)
any problem related to the dedicated interface has been resolved without undue delay.
- (a)
- (6A)
1An account servicing payment service provider to whom this paragraph applies is deemed to have been exempted by the FCA under paragraph 6 of this Article if, at 11pm on 31 December 2020, it was exempted from the obligation to set up a contingency mechanism by its home state competent authority under Article 33(6) of Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communications.
This paragraph applies to account servicing payment service providers deemed to be authorised under paragraph 1, 12B, 14(2(a)(i) or 24(4)(a)(i) of Schedule 3 of the Electronic Money, Payment Services and Payment Systems (Amendment and Transitional Provisions) (EU Exit) Regulations 2018 or regulation 8, 11, 28 or 34 of the EEA Passport Rights (Amendment, etc., and Transitional Provisions) (EU Exit) Regulations 2018.
- (7)
The exemption referred to in paragraph 6 (including any deemed exemption under paragraph 6A)1 will be revoked where the conditions 6(a) and 6(d) are not met by the account servicing payment service providers for more than two consecutive calendar weeks. The FCA will ensure that the account servicing payment service provider establishes, within the shortest possible time and at the latest within two months, the contingency mechanism referred to in paragraph 4.