Consultation

OBIE’s response to FCA consultation on eIDAS certificates

04 September 2020
consultation

Since the European Banking Authority (EBA) published statement on July 29th 2020 which stated that that PSD2 eIDAS certificates issued in the EU to UK Third Party Providers would be revoked on 31st December 2020, we have been in discussion with the Financial Conduct Authority (FCA) on how best to find a suitable solution given that the current legislation is based on the use of such certificates for the purposes of identification.   

OBIE welcomes the consultation on eIDAS certificates announced today by the FCA (Consultation can be found on pages 8 to 12 with the legal instrument on pages 35 to 38. The consultation is open until 5 October) and OBIE will be actively contributing to the consultation processWe believe, subject to FCA agreement, the existing OB certificates (certificates issued by the OBIE) are a proven alternative to PSD2 eIDAS certificates for the basis of identification and the provision of electronic signatures 

OBIE also encourages the UK open banking ecosystem participants to play an active role in the consultation process so their contributions are considered, and we will be facilitating a series of events to enable this both pre and post the FCA consultation process. We encourage you to sign up and participate, our first event is on Tuesday September 15th 10am-12 noon 

Click on the link here to register interest for the event.

Commenting on the ramifications of the EBA statement, Trustee of the OBIE, Imran Gulamhuseinwala OBE said: 

“We recognise that the EBA’s recent notice has caused concern for our open banking community. However, at OBIE we are committed to supporting the FCA’s Consultation to find the best and most simple solution as quickly as possible. We encourage all of our open banking ecosystem participants to collaborate in the consultation with us. 

Background to OBIE provided certificates: 

As defined by the RTS, PSD2 eIDAS certificates are a requirement for all TPPs to identify themselves to ASPSPs for purposes of providing open banking services in Europe. However, at the time open banking went live in the UK (Jan 2018, 18 months in advance of the live date for open banking in Europe), the format for these PSD2 eIDAS certificates had not been agreed, and hence OBIE had to provide an alternative. 

Therefore, since January 2018, OBIE has been providing certificates (OB certificates) to TPPs and ASPSPs to facilitate security between firms exchanging data on behalf of users. 

The vast majority of the UK open banking ecosystem (approximately 90% of all ASPSPs enrolled with OBIE, and 100% of TPPs connected to these ASPSPs) already have and use OB certificates. Utilising these certificates will ensure the trust already established in the ecosysteis maintained, limiting any disruption in service to the million plus customers that are using open banking enabled products each month to access better financial products and make better financial decisionsOBIE remains focused on completing the final stages of the implementation of Open Banking.  

Background to this issue: 

The European Banking Authority (EBA) published a statement on July 29th 2020 regarding the need for financial institutions to finalise preparations for the end of the post-Brexit transitional arrangements between the EU and UK, i.e. 31st December 2020. 

The key points of this statement are: 

  1. PSD2 eIDAS certificates issued in the EU to UK Third Party Providers will be revoked, meaning that they can no longer be used for the purposes of identification with ASPSPs. 
  2. UK-based financial institutions will no longer be able to offer financial services to EU customers on a cross-border basis (passporting). 
  3. Financial institutions wishing to operate in the EU and offer services to their EU customers should ensure they have obtained the necessary authorisation and effectively establish themselves before the end of the transition period. 

Regarding point 1, continue to be in discussion with the Financial Conduct Authority (FCA) on how best to resolve this, given that the current legislation is based on the use of eIDAS certificates for the purposes of identification and are participating in their recently announced Consultation. 

 We are also working through potential technical solutions which would allow, subject to FCA agreement, alternative certificates to form the basis of identification. 

 

 – – – ENDS – – –

For further information, please contact:

press@openbanking.org.uk

About Us

Open Banking is a new, secure way for customers to take control of their financial data and share it with organisations other than their banks. Open Banking has the power to revolutionise the way we move, manage and make more of our money. For businesses, it is about making the management of cash flow and receiving paymes cheaper and easier. Open Banking will make things simpler, faster and more convenient.

Open Banking follows the Competition and Markets Authority (CMA) investigation into the supply of personal current accounts (PCAs) and of banking services to small and medium-sized enterprises (SMEs).

Open Banking was created to enable innovation, transparency and competition in UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures and security architectures that will enable developers to harness technology, making it easy and safe for individuals and SMEs to share the financial information held by their banks with third parties.

Open Banking will bring substantial benefits. It gives customers and SMEs greater market choice and greater control over their money and associated data, along with better and easier access to new financial services providers in a secure environment.

Notes to Editors:

1. Open Banking Ltd was set up by the Competition & Markets Authority (CMA) in September 2016 to fulfil one of the remedies mandated by the CMA following an investigation into UK retail banking.

2. The CMA’s investigation into the retail banking market (whose findings were published in August 2016) concluded that older and larger banks do not compete hard enough for customers’ business and that Open Banking should deliver a new, secure option for customers to be able to compare the deal they are getting from their bank.

3. Open Banking was created to enable innovation, transparency and competition to UK financial services. It is tasked with delivering the Application Programming Interfaces (APIs), data structures and security architectures that will make it easy and safe for customers to share their financial records by January 2018.

4. The data provided by Open Banking will enable developers to harness technology that allows individuals and businesses to share their financial records held by their banks with third parties.

5. Open Banking is a private body; its governance, composition and budget was determined by the CMA. It is funded by the UK’s nine largest current account providers and overseen by the CMA, the Financial Conduct Authority and Her Majesty’s Treasury.

6. The 9 mandated institutions (referred to as the CMA9) are: Barclays plc, Lloyds Banking Group plc, Santander, Danske, HSBC, RBS, Bank of Ireland, Nationwide and AIBG.