Community

Great article and totally agree with you, especially regarding the need for entities that would bridge the gap created by the lack of a single established API standard and implementation differences. We've been walking this road for many years now and know how different APIs actually are. Being a pioneer in Open Banking and building such a platform since 2013, we bring interoperability not just on the pan-European level, but on a global one - equipped with AML transaction monitoring & sanctions checks mechanism, etc. We often hear even from big companies how they initially try making the connections themselves and then just end up looking for an Open Banking provider, due to all the reasons mentioned in your article.

Brendan, thank you for your comments. I agree that verification of TPP’s eIDAS PSD2 certificate is a regulatory requirement each ASPSP must comply with, and such verification should be sufficient for the purposes of TPP identification under PSD2 and related RTS. EBA’s responses to issues VIII to XIII raised by participants of the EBA Working Group on APIs under PSD2 only reinforces this position: “ASPSPs are not legally required to rely on any other means for the purpose of identification of TPPs.” Thus, can you please provide reference to the specific provisions in PSD2 or RTS that would require the ASPSP to namely check the EBA Register and/or National Registers? Moreover, considering that both EBA and NCAs do not guaranty accuracy of the information presented in their registers and disclaim liability for any errors or omissions therein, it is not clear how such additional checks would help an ASPSP to comply with its other regulatory duties of care.