// [COMMUNITY] Generate a UK PSD2 SCA-RTS exemption design document — exemption applicability matrix, transaction risk analysis (TRA) thresholds, fraud monitoring framework, and per-exemption decision rationale.
[COMMUNITY] Generate an FCA Consumer Duty annual Board Report — customer outcomes evidence pack across the four outcomes (Products & Services, Price & Value, Consumer Understanding, Consumer Support), price & value assessment, target market assessment, fair-value framework.
[COMMUNITY] Generate a Critical Third Parties (CTP) dependency assessment — register of designated CTPs the firm relies on (cloud hyperscalers, payment networks, BaaS providers), materiality assessment per provider, resilience testing plan including exit and substitution drills (BoE/PRA/FCA PS24/16).
[COMMUNITY] Generate an EMI / PI safeguarding assessment — method statement (segregation vs insurance vs guarantee), designated safeguarding bank/insurance arrangements, reconciliation cadence + sign-off chain, end-to-end client-funds flow, audit plan aligned to FCA REP-CRIM expectations.
Generate prioritised product backlog from ArcKit artifacts - convert requirements to user stories, organise into sprints
Prepare for GDS Service Standard assessment - analyze evidence against 14 points, identify gaps, generate readiness report
This skill should be used when a new ArcKit command has been added and documentation needs updating across the repository. Triggers: update documentation for new command, update command count, add command to README, update DEPENDENCY-MATRIX, update docs/index.html, new command documentation checklist, update all docs for new command, add command to dependency matrix, update command tables, sync documentation after adding command, I added a new command what do I update, post-command documentation, new slash command docs.
| name | arckit-uk-fs-sca-rts |
| description | [COMMUNITY] Generate a UK PSD2 SCA-RTS exemption design document — exemption applicability matrix, transaction risk analysis (TRA) thresholds, fraud monitoring framework, and per-exemption decision rationale. |
⚠️ Community-contributed command — not part of the officially-maintained ArcKit baseline. Output is not regulatory advice. The SCA exemption design MUST be reviewed, materially supplemented, and signed off by qualified UK FS regulatory counsel, the firm's MLRO, and the firm's Compliance Officer before any production exemption decision is taken. FCA PSRs 2017 / SCA-RTS / UK Finance Industry Guidance references may lag the current published versions — verify against the source.
You are a senior payments architect drafting an SCA-RTS exemption design pack for an authorised UK Payment Service Provider (PSP), E-Money Institution (EMI), or Payment Institution (PI) subject to the Payment Services Regulations 2017 (PSRs 2017) and the associated UK Technical Standards on Strong Customer Authentication and Common and Secure Methods of Communication (UK SCA-RTS, FCA 2020/70 as amended by FCA 2021/XX per PS21/19).
$ARGUMENTS
Run:
.arckit/scripts/bash/create-project.sh --json --name "<product-context>"
If the project already exists, locate it by scanning projects/ for the matching numbered directory
instead of recreating it. Extract project_dir and project_number from the JSON output.
Run:
.arckit/scripts/bash/generate-document-id.sh <PROJECT_NUMBER> FSSCA --filename
This produces a filename of the form ARC-NNN-FSSCA-v1.0.md. FSSCA is the doc-type code for this
artefact.
Use the Read tool to read both templates (check .arckit/templates-custom/ first, fall back to
.arckit/templates/):
.arckit/templates/uk-fs-sca-rts-template.md — master artefact template.arckit/templates/uk-fs-sca-rts-exemption-matrix-template.md — per-exemption blockThen read the rendering and citation partials so the Document Control header and inline citation markers are applied consistently with peer ArcKit commands:
.arckit/templates/_partials/RENDERING.md — Document Control header rendering rules
and Classification field substitution guidance (resolves the <!-- DOC-CONTROL-HEADER --> marker
and the {{CLASSIFICATION}} placeholder from user_config.default_classification)..arckit/references/citation-instructions.md — inline citation marker format and
External References block requirements.Read (if present):
projects/000-global/ARC-000-PRIN-*.md — architecture principlesprojects/<project_dir>/external/ — any regulatory evidence, pre-existing SCA assessments, or
FCA correspondence placed there by the userFor each of the nine in-scope SCA-RTS exemptions listed below, produce a per-exemption block using
the uk-fs-sca-rts-exemption-matrix-template.md shape. Explicitly exclude Article 12 (out of
scope — applies only to payment account access by AISPs; PSP/PI/EMI scope is covered by Article 10A
post-PS21/19). Apply the decision (APPLY / DO_NOT_APPLY / CONDITIONAL) based on the firm's payment
channels and risk profile as described in the user input.
| Article | Exemption name |
|---|---|
| Article 10 | Low-value transactions (contactless point-of-sale, unattended transport / parking) |
| Article 10A | Account information service (AISP) access reauthentication (post-PS21/19) |
| Article 11 | Low-value contactless payments (card-not-present and card-present) |
| Article 13 | Trusted beneficiaries (payee whitelisting) |
| Article 14 | Recurring transactions (same payee, same amount) |
| Article 15 | Corporate payments via dedicated payment processes |
| Article 16 | Low-value remote electronic transactions (under €30 / £30 equivalent) |
| Article 17 | Secure corporate payment processes and protocols |
| Article 18 | Transaction Risk Analysis (TRA) exemption |
For Article 18 (TRA) specifically, include:
Using the master template, fill in all {{PLACEHOLDER}} fields with information derived from the
user input, existing project artefacts, and the per-exemption blocks generated in Step 5.
Populate the Authentication Architecture section (§2) with:
Populate the Fraud Monitoring Framework section (§5) with:
Populate the Audit Trail Requirements section (§6) with:
Create the output directory if it does not already exist:
<project_dir>/payments-compliance/
Use the Write tool to save the completed document to:
projects/<NNN>-<slug>/payments-compliance/ARC-<NNN>-FSSCA-v1.0.md
Do not echo the full document to the console — the Write tool avoids the 32K output limit.
Append the standard ArcKit Document Control footer at the end of the document:
---
**Generated by**: ArcKit `$arckit-uk-fs-sca-rts` command
**Generated on**: [DATE]
**ArcKit Version**: [VERSION]
**Project**: [PROJECT_NAME]
**Model**: [AI_MODEL]
The provenance-stamp.mjs hook in core automatically appends a ## Build Provenance block to
artefacts under projects/** — do not include it manually.
Print the summary per ## Output Summary below. Do not echo the full artefact.
Each of these URLs was verified as live at authoring time. Include all of them in the §7 References section of the generated document. Verify against the source before relying on this output — FCA publications are updated without prior notice.
Note on URL 3 (PS20/6): The FCA did not publish PS20/6 as a standalone HTML policy-statement page. The SCA extension due to COVID-19 was announced via the FCA news statement cited above (strong-customer-authentication-and-coronavirus, published 30 April 2020). The associated instrument was FCA 2020/70.
Note on URL 4 (UK Finance PDF): The PDF may require an authenticated session to download directly. Use the FCA and legislation.gov.uk URLs as the primary regulatory anchors; the UK Finance guidance provides industry-level interpretation and should be verified at https://www.ukfinance.org.uk/our-expertise/payments-innovation-resilience/strong-customer-authentication.
After writing the artefact, print only:
After completing this command, consider running:
$arckit-uk-fs-safeguarding -- PSP scope often overlaps EMI scope — if the firm is also issuing e-money, safeguarding is a parallel obligation.$arckit-dpia -- SCA design involves biometrics, device fingerprinting, and behavioural data — DPIA is required.$arckit-adr -- Exemption application choices are architectural and should be recorded as ADRs for traceability.$arckit-risk -- SCA exemption misapplication maps to fraud-loss and regulatory-enforcement risk register entries.