Community
In a recent dialogue with the EBA, they stated about PSD2 open banking regulations that: “Ignorance of them can of course not be used to justify non-compliance”. Further adding: “Non-compliance amounts to a breach of law, with the resultant consequences for the legal entity.”
With that mind and with a deadline of March 14 2019 looming less than 6 months away, whereby all Financial Institutions offering an API solution, which allows Third Party Providers (TPPs) access to end user transactional account data, must have it available for external testing, we can’t help but wonder if Prepaid and Debit Programme Managers (PMs) fully understand what they need to do in order to be ready.
BIN sponsors in almost all cases will push down the regulatory responsibility from themselves to the Programme Managers. Thus, the reality is that the timelines are likely to be even shorter, as we can assume that PMs will need to provide proof of compliance to their BIN Sponsors, and the BIN Sponsors will almost definitely require documentary evidence of compliance to PSD2 open banking before we reach the March 14 2019 deadline. In addition, to avoid implementing a fallback mechanism, an exemption certificate from the National Competent Authority will need to be obtained. As the BIN sponsor is the regulated entity they will need to work with the PM to obtain this prior to March 14.
So, here are the key things that a PM will need to implement to ensure they are PSD2 open banking compliant.
Firstly, there are two options available to the PM: they can offer an API solution, or alternatively offer a dedicated interface for TPP approval. Each option has slightly different requirements:
Option 1 – API solution
1. API interface - live for six months prior to externally going live
2. Exemption certificate from NCA or fallback option
3. SCA solution
4. TPP regulatory checking
5. eIDAS Seal Certificate checking if operating in Europe
6. Access token issuance
7. Management of Consents by PSU
Option 2 – Dedicated interface: Not API
A key area of complexity for the PM is TPP identity and regulatory checking, as they must only provide data to registered/approved TPPs, no matter how they access the data – via the API or dedicated interface.
But how can they tell if a TPP is approved? This is an additional challenge as there are over 100+ databases (31 National Competent Authorities and over 70 eIDAS Qualified Trust Service Providers) that need referencing, and unfortunately for the PM none of them are online or real time currently.
These are just some of the challenges Programme Managers face as they work towards meeting their PSD2 requirements.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Arthur Azizov CEO at B2BINPAY
20 December
Sonali Patil Cloud Solution Architect at TCS
Retired Member
Andrew Ducker Payments Consulting at Icon Solutions
19 December
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.