PSD2 open banking is coming fast, but the challenge for many FIs is identifying who they can give data to. A key part of PSD2 open banking is that ASPSPs, or as they are more generically called Financial Institutions, must be able to have confidence in who they are giving Payment Service Users’ data too. Under PSD2 all Third Party Providers (TPPs) will be required to obtain approved/registered status with their National Competent Authority. Further on obtaining approval all TPPs, other than those in the UK, are issued with an eIDAS certificate from a Qualified Trust Service Provider (QTSP).
In theory the solution is simple as the EBA has stated it will create a central database that will allow:
- NCAs to provide information to the EBA more frequently than once a day, where appropriate;
- The EBA Register to process and validate the automatically transmitted information as soon as possible but at the latest by the end of the day on which it is received;
- Public users to download the content of the EBA Register, both manually and automatically.
So what are the next steps for the EBA in relation to the database, well the final draft RTS and ITS will be submitted to the Commission for adoption. Following the submission, the RTS will be subject to scrutiny by the European Parliament and the Council before being published in the Official Journal of the European Union.
The EBA will be able to carry out the development of the EBA Register only after the adoption of the draft RTS and ITS. Therefore, the EBA has currently not published a date on when the database will be available.
So in overall in summary:
- eIDAS certificates prove who a TPP is, but not if they approved and not if they are currently a TPP from the UK.
- Scheme Regulatory Databases offer lists of approved TPPs, but TPPs do not have register on them.
- National Competent Authorities hold lists of approved and registered TPPs, but often not in a machine readable form and no system is set up as of today to notify the EBA.
- The EBA is creating a central machine readable database but there is no timing on when this will be available for FIs to access.
The full White Paper is attached or can be read by readers at: https://www.konsentus.com/white-papers/identifying-an-approved-tpp