On 25th June 2019 the FCA stated that any CMA9 ASPSP, or any other UK ASPSP, must; “ensure that its interface is capable of enabling a TPP to identify itself using only its eIDAS certificate.
Konsentus has responded to this by launching its new dedicated eIDAS checking service. Designed for ASPSPs in the UK using the UK Open Banking Standard, it enables them to comply with the FCA requirement of being able to check eIDAS certificates of any TPP who is not registered, or does not intend to register, on the Open Banking Directory.
“PSD2 Open Banking requirements are still evolving as we move towards the 14th September deadline for ASPSPs to be live. Konsentus, with its nimble architecture, is pleased to be able to launch this new service quickly to support the requirements the FCA has clearly outlined that all ASPSPs in the UK must be in a position to verify a TPP based on their eIDAS certificate(s) alone”.
Brendan Jones, Chief Commercial Officer, Konsentus
The FCA stated as background to this requirement that: In the UK, the development of an Open Banking standard in response to the CMA Order has also led to the development of a functioning infrastructure for identification. Authorised and registered third party providers (TPPs) that have already joined the Open Banking Directory have been issued with certificates by Open Banking, “OB Certificates”, and are currently using these to identify themselves toward ASPSPs. This system has received positive feedback from TPPs and ASPSPs. A small number of firms have proposed an approach of maintaining the Open Banking identification process, while at the same time, relying on eIDAS certificates for identification. The FCA understands that the proposed approach would entail a TPP having to enrol in the Open Banking Directory. As part of the enrolment, the TPP would use its eIDAS certificate to identify itself. Once registered, the TPP would receive a certificate from Open Banking. The TPP would then gain access to ASPSP APIs by using its Open Banking certificate.“ They went on to state that “Our view is that this approach can be taken and would not be a bar to gaining an exemption, but only if TPPs agree voluntarily to use Open Banking certificates for identification. Accordingly, an ASPSP that allows a TPP to identify itself in this way, must also ensure that its interface is capable of enabling a TPP to identify itself using only its eIDAS certificate.
About Konsentus
Konsentus is a RegTech company that was established to provide Identity & Regulatory checking services to Financial Institutions so that they can comply with PSD2 and open banking. Issued through a SaaS based platform it enables Financial Institutions (ASPSPs) to comply with EU regulation on PSD2 Open Banking and provide open banking services to their customers, confident in the knowledge that they are only providing data to Third Party Providers (TPPs) who are regulated and have customers’ “explicit” consent to use their data.
Headquartered in the UK, Konsentus is creating a world class solution for every Financial Institution in Europe. They are delivering this through utilising the best in open standards, coupled with unique solutions and most of all a belief that they can deliver for clients a cost-effective solution to their regulatory requirements.