The Financial Conduct Authority (FCA) on 3 September issued an email from Andrew Laidlaw, Manager / Payments Policy Team / Consumer Distribution Department Consumer & Retail Policy Division / Strategy and Competition to ASPSPs clearly stating that ASPSPs must be able to accept eIDAS certificates on their PSD2 Open Banking APIs.
He went on to say “With ASPSPs being forced to accept eIDAS certificates they need to put in place infrastructure to ensure acceptance of these from any of the 70+ eIDAS providers across Europe”
The FCA also stated in the communication that any ASPSP: "Must also ensure that its interface is capable of enabling a TPP to identify itself using only its eIDAS certificate”. Although they stated that Open Banking (OB) Certificates can be used and “would not be a bar to gaining an exemption”, this would be “only if TPPs agree voluntarily to use Open Banking certificates for identification”.
The FCA also clearly advised that whilst OB Certificates can be used, ASPSPs cannot insist that TPPs use them and must enable eIDAS certificates on their APIs.
“The FCA has been very clear that eIDAS certificates can be used by TPPs to identify themselves at UK ASPSPs and that they cannot be forced to use any other forms of identification”
Brendan Jones, Chief Commercial Officer, Konsentus
About Konsentus
Konsentus is a RegTech company that was established to provide Identity & Regulatory checking services to Financial Institutions so that they can comply with PSD2 and open banking. Issued through a SaaS based platform it enables Financial Institutions (ASPSPs) to comply with EU regulation on PSD2 Open Banking and provide open banking services to their customers, confident in the knowledge that they are only providing data to Third Party Providers (TPPs) who are regulated and have customers’ “explicit” consent to use their data.
Headquartered in the UK, Konsentus is creating a world class solution for every Financial Institution in Europe. They are delivering this through utilising the best in open standards, coupled with unique solutions and most of all a belief that they can deliver for clients a cost-effective solution to their regulatory requirements.