OBIE response to the FCA's report on eIDAS Consultation

Since the FCA announced on 4^th September that it would be holding a Consultation regarding the revocation of eIDAS certificates from midnight 31^st December 2020, the OBIE has encouraged members of the open banking ecosystem to participate fully in that Consultation and has also submitted its own response.

The OBIE welcomes the FCA’s report on that Consultation process, published on their website this morning – not least in recognition of the expedited process to provide as much clarity as possible to open banking ecosystem participants within compressed timeframes leading up to the 31^st December.

The OBIE has worked to support our participants throughout this process, including hosting a series of digital webinar events dedicated to this important issue. On Thursday 5th November we hosted a 90-minute session for open banking participants, which included an update from an FCA representative on their statement. The material presented at that event, as well as early impact analysis and a full recap of the Q&A session, is available to download here.

Commenting on the FCA’s announcement, David Beardmore, OBIE’s Director of Ecosystem Development, said:

“We will continue to work hand in hand with all members of the ecosystem, including financial institutions, fintechs and regulatory stakeholders, to facilitate the clarity that our participants require regarding the proposed changes from midnight on the 31^st December 2020. We hope that collaboration of this type will in turn enable sensible and practical solutions are developed, to minimise disruption to the ecosystem and, most importantly, to the over two million end users of open banking-enabled solutions.”

Background to this issue:

The European Banking Authority (EBA) published a statement on July 29th 2020 regarding the need for financial institutions to finalise preparations for the end of the post-Brexit transitional arrangements between the EU and UK, i.e. 31st December 2020.

The key points of this statement are:

PSD2 eIDAS certificates issued in the EU to UK Third Party Providers will be revoked, meaning that they can no longer be used for the purposes of identification with ASPSPs.
UK-based financial institutions will no longer be able to offer financial services to EU customers on a cross-border basis (passporting).
Financial institutions wishing to operate in the EU and offer services to their EU customers should ensure they have obtained the necessary authorisation and effectively establish themselves before the end of the transition period.

In response to point one, the Financial Conduct Authority (FCA) invited responses to a Consultation on how best to resolve this, given that the current legislation is based on the use of eIDAS certificates for the purposes of identification. The OBIE participated fully in this Consultation and encouraged members of its ecosystem to submit their own responses.

Background to eIDAS and OBIE-provided certificates:

As defined by the RTS, PSD2 eIDAS certificates are a requirement for all TPPs to identify themselves to ASPSPs for purposes of providing open banking services in Europe. However, at the time open banking went live in the UK (Jan 2018, 18 months in advance of the live date for open banking in Europe), the format for these PSD2 eIDAS certificates had not been agreed, and hence OBIE had to provide an alternative.

Therefore, since January 2018, OBIE has been providing certificates (OB certificates) to TPPs and ASPSPs to facilitate security between firms exchanging data on behalf of users.

The vast majority of the UK open banking ecosystem (approximately 90% of all ASPSPs enrolled with OBIE, and 100% of TPPs connected to these ASPSPs) already have and use OB certificates. Utilising these certificates will ensure the trust already established in the ecosystem is maintained, limiting any disruption in service to the million plus customers that are using open banking enabled products each month to access better financial products and make better financial decisions. OBIE remains focused on completing the final stages of the implementation of Open Banking.

– – – ENDS – – –

For further information, please contact:

press@openbanking.org.uk

About Us

Open Banking is a new, secure way for customers to take control of their financial data and share it with organisations other than their banks. Open Banking has the power to revolutionise the way we move, manage and make more of our money. For businesses, it is about making the management of cash flow and receiving payments cheaper and easier. Open Banking will make things simpler, faster and more convenient.

Open Banking follows the Competition and Markets Authority (CMA) investigation into the supply of personal current accounts (PCAs) and of banking services to small and medium-sized enterprises (SMEs).

Open Banking was created to enable innovation, transparency and competition in UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures and security architectures that will enable developers to harness technology, making it easy and safe for individuals and SMEs to share the financial information held by their banks with third parties.

Open Banking will bring substantial benefits. It gives customers and SMEs greater market choice and greater control over their money and associated data, along with better and easier access to new financial services providers in a secure environment.

Notes to Editors:

Open Banking Ltd was set up by the Competition & Markets Authority (CMA) in September 2016 to fulfil one of the remedies mandated by the CMA following an investigation into UK retail banking.
The CMA’s investigation into the retail banking market (whose findings were published in August 2016) concluded that older and larger banks do not compete hard enough for customers’ business and that Open Banking should deliver a new, secure option for customers to be able to compare the deal they are getting from their bank.
Open Banking was created to enable innovation, transparency and competition to UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures and security architectures that will make it easy and safe for customers to share their financial records by January 2018.
The data provided by Open Banking will enable developers to harness technology that allows individuals and businesses to share their financial records held by their banks with third parties.
Open Banking is a private body; its governance, composition and budget was determined by the CMA. It is funded by the UK’s nine largest current account providers and overseen by the CMA, the Financial Conduct Authority and Her Majesty’s Treasury.
The 9 mandated institutions (referred to as the CMA9) are: Barclays plc, Lloyds Banking Group plc, Santander, Danske, HSBC, RBS, Bank of Ireland, Nationwide and AIBG.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
pardot	past	The cookie is set when the visitor is logged in as a Pardot user.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
lpv840283	30 minutes	No description
visitor_id840283	10 years	No description
visitor_id840283-hash	10 years	No description

How can we help?

OBIE response to the FCA’s report on eIDAS Consultation