Business Issue
A payment service provider (PSP) faced the complex challenge of implementing Strong Customer Authentication (SCA) across its client base. However, due to the distinct payment processes in place for its corporate clients, the firm was eligible to apply for the corporate exemption under the Second Payment Services Directive (PSD2). To do so, senior management needed assurance that its security measures met the required regulatory standards, and it had to provide a detailed notification to the FCA in advance.
Solution
fscom deployed a team of payments and cybersecurity experts to evaluate the PSP’s corporate payments protocols and processes. The team assessed these against the security requirements outlined in the Regulatory Technical Standards and PSD2. fscom then delivered a detailed audit report, outlining its findings and recommendations. In addition, fscom supported the PSP’s internal team in completing the necessary FCA notification and operational risk assessment.
Benefits
The PSP was able to confidently demonstrate that its corporate payment protocols met regulatory standards, enabling it to successfully apply for the corporate exemption from SCA. This removed the need for widespread technical implementation, reduced operational complexity, and maintained compliance with FCA expectations.
Client
Feedback
The client appreciated fscom’s expert guidance and the clarity of the audit report, which allowed senior management to proceed with confidence. The engagement was completed within six weeks, allowing the PSP to meet its regulatory timeline.
