Regulatory

Everything you need to keep up to speed on regulatory and conformance requirements in the open banking ecosystem. 

regulatory

Regulatory background

In 2016, the Competition and Markets Authority (CMA) published a report on their investigation into competition and innovation in the retail banking industry. They found that big banks dominated the market and consumers and small businesses would benefit from increased competition.

To remedy this, the CMA and UK government mandated nine of the largest banks to implement common standards for open banking. This would ensure that there were standard APIs that allow customers to securely share their financial data or safely initiate transactions. Trusted companies could use these APIs to offer new innovative services to customers and SMEs increasing competition. The original Order and subsequent regulatory documents are available below.

The open banking roadmap

On 15th May 2020, the OBIE’s revised Roadmap was published following a comprehensive and structured consultation process that OBIE managed at the instruction of the Trustee.

The process included two distinct phases of consultation, open workshops and the assessment of over 75 pieces of feedback, received from a cross-section of stakeholders including the CMA 9, non-CMA 9 banks, third party providers and end user representatives.

Final approved roadmap 

THE OBIE’S ANNUAL REPORT

2020 was a transformational year for open banking and for the OBIE. This report provides an overview of the OBIE’s activities for 2020 and 2021.

Read the report
annual report

Useful documents

The CMA Order – Retail Banking Market Investigation Order 2017 

The CMA Order established appropriate remedies to address a lack of competition in the UK retail banking market. This included a requirement for the nine largest banks and building societies in Great Britain and Northern Ireland to adopt open banking. 

Download

Revised Payment Service Directive (PSD2) and The Payment Services Regulations 2017 (PSRs)

PSD2 is an EU directive which came into force in January 2018. PSD2 is aimed at driving innovation, competition and improvement of customer protection and payments security with the payment services industry.  

For open banking, this means a focus on attracting new account information service providers (AISPs), payment initiation service providers (PISPs) and card-based payment instrument issuers (CBPIIs). They also need access to online payment accounts at account servicing payment service providers (ASPSPs) to provide their services to customers. 

Read more 

The PSRs is the transposition of PSD2 into UK Law – Download 

Regulatory Technical Standards for Strong Customer Authentication and Common and Secure Open Standards of Communication (RTS-SCA

RTS-SCA describes the technical specifications required for the technical implementation of the security principles in PSD2. 

Read more

UK regulatory technical standards for strong customer authentication and secure communication (UK-RTS)

Following Brexit, on 30 December 2020 at 23:00, the UK- RTS came into effect as legislation replacing the SCA- RTS in the United Kingdom.

Technical standards on strong customer authentication and common and secure methods of communication instrument 2020 – Download

Other regulatory guidance

FCA Approach – details the FCA’s role under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011. Download 

FCA Policy Statement PS 18/24 – Approach to final Regulatory Technical Standards and EBA guidelines under PSD2. Download 

The European Banking Authority opinion on regulatory technical standards implementation on SCA and CSC. Download  

EBA report on conditions to benefit from an exemption from the contingency mechanism under Article 33(6) of Regulation (EU) 2018/389 (RTS on SCA & CSC). Download 

eIDAS

In November 2020, the FCA published a Policy Statement relating to amendments to the open banking identification requirements (eIDAS certificates). This document outlines the amendments to Article 34(1) of the UK RTS in respect of digital certificates, including the requirements for the transition period for the use of alterative certificates.

Amendments to the open banking identification requirements (eIDAS certificates) – Download

Brexit & Temporary Permissions Regime

As a result of Brexit, EEA regulated firms wishing to provide payment services in the UK were required to notify the FCA under the Temporary Permission Regime (“TPR”).

Temporary permissions regime – read more

Changes to the SCA-RTS and to the guidance in
‘Payment Services and Electronic Money

On 28 January 2021, the FCA published its consultation on the proposed changes to the UK RTS, the FCA approach document and Perimeter Guidance Manual. This consultation closed on 14 May 2021 and the policy statement is expected to be published in Autumn 2021.

FCA consultation paper – Download