Does the use of a 3rd party digital ID and password for strong customer authentication (SCA) require an outsourcing agreement in order to be compliant with Regulation (EU) 2018/389 - RTS on SCA and secure communication?
Yes. If a knowledge factor used in SCA processes is not under direct control of the payment service provider, DNB expects a valid outsourcing arrangement to ensure adequate management of operational risks. A knowledge factor such as 3rd party digital ID and password, which has not been issued by the payment service provider, cannot be deemed to be under the direct control of the payment service provider. Thus, the use of 3rd party digital ID and password must be subject to a valid outsourcing arrangement between the payment service provider and the 3rd party in order to be compliant with the Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication. This outsourcing arrangement must comply not only with the Delegated Regulation, but also the EBA guidelines on outsourcing.
Ieder jaar worden honderden bestuurders en commissarissen getoetst door DNB en AFM op geschiktheid en betrouwbaarheid. Dat is een intensief traject. En dan kan er wel eens onvrede ontstaan bij degene die getoetst wordt.
Lees meer
The European Central Bank (ECB) has successfully introduced interaction on Fit and Proper testing with significant institutions and their advisors via a dedicated infrastructure called IMAS Portal.
Lees meer
DNB has revised the format of the annual Article 23 LCR DR qualitative data request. The new template will be used in the upcoming data request which will be launched in September.
Lees meer
