Brexit plans run the risk that PSD2 will be implemented in UK law without the RTS on Strong Customer Authentication.

PSD2 takes effect under UK law on 13 January 2018, well before the UK formally leaves the European Union in March 2019. However, the RTS on Strong Customer Authentication will only apply 18 months after its adoption and publication in the Official Journal which is currently expected to take place this autumn. This 18-month period is now likely to end after the UK has left the EU in March 2019, under the current timetable.

The European Union (Withdrawal) Bill will convert European Union laws into UK law to carry across existing EU laws and regulations. However, the Bill provides that only laws and regulations that have both entered into force and apply before Exit Day will be converted into UK domestic law. If so, this would mean that the RTS on Strong Customer Authentication would not be converted into UK domestic law as under the current timetable the RTS would not apply by Exit Day.

The Government will need to address this issue as the Bill progresses through Parliament. However, this illustrates the legal complexities that will arise as we approach Exit Day.

Author

Richard Powell is Lead Knowledge Lawyer for Baker McKenzie's Financial Institutions Industry Group where he is responsible for legal content projects, training and knowledge initiatives. Previously he was a member of the UK Financial Conduct Authority's Enforcement Division where he advised on regulatory cases. He has also been an editor of Bloomberg Law's UK Financial Services Law Journal.