Since the FCA announced on 4th September that it would be holding a Consultation regarding the revocation of eIDAS certificates from midnight 31st December 2020, the OBIE has encouraged members of the open banking ecosystem to participate fully in that Consultation and has also submitted its own response.
The OBIE welcomes the FCA’s report on that Consultation process, published on their website this morning – not least in recognition of the expedited process to provide as much clarity as possible to open banking ecosystem participants within compressed timeframes leading up to the 31st December.
The OBIE has worked to support our participants throughout this process, including hosting a series of digital webinar events dedicated to this important issue. On Thursday 5th November we hosted a 90-minute session for open banking participants, which included an update from an FCA representative on their statement. The material presented at that event, as well as early impact analysis and a full recap of the Q&A session, is available to download here.
Commenting on the FCA’s announcement, David Beardmore, OBIE’s Director of Ecosystem Development, said:
“We will continue to work hand in hand with all members of the ecosystem, including financial institutions, fintechs and regulatory stakeholders, to facilitate the clarity that our participants require regarding the proposed changes from midnight on the 31st December 2020. We hope that collaboration of this type will in turn enable sensible and practical solutions are developed, to minimise disruption to the ecosystem and, most importantly, to the over two million end users of open banking-enabled solutions.”
Background to this issue:
The European Banking Authority (EBA) published a statement on July 29th 2020 regarding the need for financial institutions to finalise preparations for the end of the post-Brexit transitional arrangements between the EU and UK, i.e. 31st December 2020.
The key points of this statement are:
- PSD2 eIDAS certificates issued in the EU to UK Third Party Providers will be revoked, meaning that they can no longer be used for the purposes of identification with ASPSPs.
- UK-based financial institutions will no longer be able to offer financial services to EU customers on a cross-border basis (passporting).
- Financial institutions wishing to operate in the EU and offer services to their EU customers should ensure they have obtained the necessary authorisation and effectively establish themselves before the end of the transition period.
In response to point one, the Financial Conduct Authority (FCA) invited responses to a Consultation on how best to resolve this, given that the current legislation is based on the use of eIDAS certificates for the purposes of identification. The OBIE participated fully in this Consultation and encouraged members of its ecosystem to submit their own responses.
Background to eIDAS and OBIE-provided certificates:
As defined by the RTS, PSD2 eIDAS certificates are a requirement for all TPPs to identify themselves to ASPSPs for purposes of providing open banking services in Europe. However, at the time open banking went live in the UK (Jan 2018, 18 months in advance of the live date for open banking in Europe), the format for these PSD2 eIDAS certificates had not been agreed, and hence OBIE had to provide an alternative.
Therefore, since January 2018, OBIE has been providing certificates (OB certificates) to TPPs and ASPSPs to facilitate security between firms exchanging data on behalf of users.
The vast majority of the UK open banking ecosystem (approximately 90% of all ASPSPs enrolled with OBIE, and 100% of TPPs connected to these ASPSPs) already have and use OB certificates. Utilising these certificates will ensure the trust already established in the ecosystem is maintained, limiting any disruption in service to the million plus customers that are using open banking enabled products each month to access better financial products and make better financial decisions. OBIE remains focused on completing the final stages of the implementation of Open Banking.
– – – ENDS – – –
For further information, please contact:
Open Banking is a new, secure way for customers to take control of their financial data and share it with organisations other than their banks. Open Banking has the power to revolutionise the way we move, manage and make more of our money. For businesses, it is about making the management of cash flow and receiving payments cheaper and easier. Open Banking will make things simpler, faster and more convenient.
Open Banking follows the Competition and Markets Authority (CMA) investigation into the supply of personal current accounts (PCAs) and of banking services to small and medium-sized enterprises (SMEs).
Open Banking was created to enable innovation, transparency and competition in UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures and security architectures that will enable developers to harness technology, making it easy and safe for individuals and SMEs to share the financial information held by their banks with third parties.
Open Banking will bring substantial benefits. It gives customers and SMEs greater market choice and greater control over their money and associated data, along with better and easier access to new financial services providers in a secure environment.
Notes to Editors:
- Open Banking Ltd was set up by the Competition & Markets Authority (CMA) in September 2016 to fulfil one of the remedies mandated by the CMA following an investigation into UK retail banking.
- The CMA’s investigation into the retail banking market (whose findings were published in August 2016) concluded that older and larger banks do not compete hard enough for customers’ business and that Open Banking should deliver a new, secure option for customers to be able to compare the deal they are getting from their bank.
- Open Banking was created to enable innovation, transparency and competition to UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures and security architectures that will make it easy and safe for customers to share their financial records by January 2018.
- The data provided by Open Banking will enable developers to harness technology that allows individuals and businesses to share their financial records held by their banks with third parties.
- Open Banking is a private body; its governance, composition and budget was determined by the CMA. It is funded by the UK’s nine largest current account providers and overseen by the CMA, the Financial Conduct Authority and Her Majesty’s Treasury.
- The 9 mandated institutions (referred to as the CMA9) are: Barclays plc, Lloyds Banking Group plc, Santander, Danske, HSBC, RBS, Bank of Ireland, Nationwide and AIBG.