Konsentus – Identifying an approved TPP in PSD2 open banking

Share this post

PSD2 open banking is coming fast, but the challenge for many FIs is identifying who they can give data to.  A key part of PSD2 open banking is that ASPSPs, or as they are more generically called Financial Institutions, must be able to have confidence in who they are giving Payment Service Users’ data too.  Under PSD2 all Third Party Providers (TPPs) will be required to obtain approved/registered status with their National Competent Authority.   Further on obtaining approval all TPPs, other than those in the UK, are issued with an eIDAS certificate from a Qualified Trust Service Provider (QTSP).

In theory the solution is simple as the EBA has stated it will create a central database that will allow:

  1. NCAs to provide information to the EBA more frequently than once a day, where appropriate;
  2. The EBA Register to process and validate the automatically transmitted information as soon as possible but at the latest by the end of the day on which it is received;
  3. Public users to download the content of the EBA Register, both manually and automatically.

So what are the next steps for the EBA in relation to the database, well the final draft RTS and ITS will be submitted to the Commission for adoption. Following the submission, the RTS will be subject to scrutiny by the European Parliament and the Council before being published in the Official Journal of the European Union.

The EBA will be able to carry out the development of the EBA Register only after the adoption of the draft RTS and ITS. Therefore, the EBA has currently not published a date on when the database will be available.

So in overall in summary:

  • eIDAS certificates prove who a TPP is, but not if they approved and not if they are currently a TPP from the UK.
  • Scheme Regulatory Databases offer lists of approved TPPs, but TPPs do not have register on them.
  • National Competent Authorities hold lists of approved and registered TPPs, but often not in a machine readable form and no system is set up as of today to notify the EBA.
  • The EBA is creating a central machine readable database but there is no timing on when this will be available for FIs to access.

The full White Paper is attached or can be read by readers at: https://www.konsentus.com/white-papers/identifying-an-approved-tpp

 

More To Explore

Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?