Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels

/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.
News
See Headlines »

Related Companies

Financial Conduct Authority (FCA)

Lead Channel

Regulation & Compliance

Channels

Retail banking Identity

Keywords

Open APIs Brexit
Editorial | what does this mean?
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.
FCA changes Open Banking ID requirements for life after Brexit

FCA changes Open Banking ID requirements for life after Brexit

In a bid to limit the risk of disruption to open banking services after Brexit, fhe FCA is to permit UK-based third-party providers (TPPs) to use an alternative to eIDAS certificates to access customer account information from account providers, or initiate payments.

The FCA's intervention comes after the European Banking Authority (EBA) announced that eIDAS certificates of UK Third-Party Providers (TPPs) will be revoked when the transition period ends on 31 December 2020.

EIDAS certificates are required for TPPs to identify themselves to account providers and allow firms to interact and share customer account information online. Under the Strong Customer Authentication Regulatory Technical Standards (SCA-RTS), they are the only accepted identification standard permitted between providers of open banking services in the EU.

Under the FCA's proposals, UK-based banks will need to make technical changes to their systems to enable TPPs to continue accessing customer account information, by accepting an alternative certificate and informing TPPs "as soon as possible" which certificates they will accept

"Firms must review the changes immediately and implement any necessary changes as soon as possible,Q" states the FCA. "Acknowledging the challenges faced by the industry, the FCA will provide a transition period until the end of June 2021 for complying with our rules."

Related Companies

Financial Conduct Authority (FCA)

Lead Channel

Regulation & Compliance

Channels

Retail banking Identity

Keywords

Open APIs Brexit
Editorial | what does this mean?
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Sponsored: Join us at Money20/20 Europe 2024 - 4-6 June, Amsterdam | Use code FEX200 to save €200 on your ticket

Comments: (3)

A Finextra member
A Finextra member 03 November, 2020, 13:23Be the first to give this comment the thumbs up 0 likes

Account information service providers (AISPs) and payment initiation service providers (PISPs) registered/authorised in the UK will no longer be entitled to access customers’ payment accounts held at the EU payment service providers and their PSD2 eIDAS certificates under Article 34 of the Commission Delegated Regulation (EU) 2018/389 will be revoked. So whole lot of pain for those accessing European accounts?

Report abuse
A Finextra member
A Finextra member 04 November, 2020, 10:36Be the first to give this comment the thumbs up 0 likes

Another opportunity for AISP and PISP in the UK- we can provide regulatory solution via alternate infrastructure to this problem and favourably slope regulations!

Report abuse
Brendan Jones
Brendan Jones - Konsentus Ltd - Reading 04 November, 2020, 15:57Be the first to give this comment the thumbs up 0 likes

The FCA amendments to the open banking identification requirements have very clear next steps for both ASPSPs and TPPs.

 ASPSPs must assess what changes they need to make to their systems so they can accept at least one alternative form of digital certificate (in addition to eIDAS Certificates).  Any changes that need to be made must be implemented as soon as possible ahead of IP Completion Day. They also need to tell TPPs which alternative certificates they will accept as early as possible.

The amendments also clearly state that ASPSPs, without causing an obstacle, must “verify that the payment service provider is authorised or registered to perform the payment services relevant to its activities”.

For TPPs, the guidance is much simpler.  If their eIDAS certificates are likely to be revoked, they must have an alternative certificate(s) as soon as possible ahead of IP Completion Day.

Report abuse
Join the discussion

Write a blog post about this story (membership required)

[Upcoming Webinar] Instant Payments and their impact on the fraud landscape[Upcoming Webinar] Instant Payments and their impact on the fraud landscape

Trending

Related News
Open banking product usage surges in UK
/retail

Open banking product usage surges in UK

UK Finance proposes new oversight model for Open Banking
/regulation

UK Finance proposes new oversight model for Open Banking

Open Banking moves from compliance challenge to commercial opportunity

27 May 2020

Open Banking Europe publishes draft signature standards for bank APIs

13 May 2020

FCA calls for input on new model for open finance

17 Dec 2019

Trending

  1. TOP-5 use cases for GenAI implementation in Banks or Fintech companies

  2. UK government announces open finance task force

  3. Lloyds warns against fraudsters on Booking.com and Airbnb

  4. Canada's real-time payment system won't launch before 2026

  5. Temenos rejects Hindenburg claims after probe completed

Research
See all reports »
The Future of UK Fintech - 2015-2035

The Future of UK Fintech - 2015-2035

Definitive Differentiators - Forging a future-proof payments model

Definitive Differentiators - Forging a future-proof payments model

APP Fraud Liability: A Guide for Banks

APP Fraud Liability: A Guide for Banks