The Second Payment Services Directive (PSD2), brought together the European Telecommunications Standards Institute (ETSI) and Open Banking Exchange Europe.
ETSI and OBE signed an MOU in 2018 to facilitate better understanding of the PSD2 regulation and to encourage market collaboration on shared issues and problems. The success of the partnership led to the renewal of the MOU in December 2021. This case study looks at the achievements and future goals of the partnership.
The European Banking Authority’s (EBA’s) Regulatory Technical Standards (RTS) required financial institutions to use eIDAS certificates as the means of identifying third party providers (TPPs) requesting access to open banking APIs.
What the RTS lacked was a set of standards and a supporting platform for educating the market – this is where ETSI and OBE could play their part:
- ETSI, which supports over 800 organisations with the implementation of standards in Information Communications and Technology (ICT) enabled systems, put together and published a set of European standards to support the RTS regulation and the use of eIDAS certificates for TPP identity checking.
- OBE had an established membership programme which was aimed at fostering collaboration in open banking and open finance. By holding working groups with regulators, financial institutions, fintechs and other stakeholders, regulatory and market issues could be discussed and solutions developed.
It was the requirement for the different stakeholders within the open banking ecosystem to understand and cooperate on the ETSI standards that led to OBE and ETSI signing the MoU in 2018.
Aims of the Partnership
ETSI and OBE set out three broad objectives for their partnership:
- To advise the Qualified Trust Service Provider (QTSP) community on how to create relevant standards to support PSD2.
- To support stakeholders in the use of eIDAS certificates, providing guidance on their strengths and limitations.
- To raise awareness and promote collaboration amongst the ETSI and OBE communities around relevant standards, best practice and legislation.
Through a series of Member working groups, workshops and industry documents, ETSI and OBE brought together their communities to achieve the aims and objectives of the MOU they set up in 2018. During the last three years, they have provided guidance on standardisation, identity and security in digital payments. The scope and success of their partnership comprises several key milestones:
|Standard: ETSI TS 119 495 specification||
An industry document used by all European QTSPs and financial institutions for defining additional data elements required for PSD2.
Following OBE discussions, the Standard was updated to include non PSD2 use cases whether outside the EU or for open finance.
|Standard: JSON Web Signature Profile for Open Banking||A Standard, built with the collaboration of the Berlin Group, STET, OBIE and the QTSPs, which brings together different ways of signing payloads.|
|Conference: eIDAS meets PSD2. Securing access to financial services with qualified certificates||An ETSI and OBE joint conference, hosted at the ETSI headquarters in Nice, which brought together different parts of the European Commission and the European Central Bank alongside hundreds of Banks, TPPs and QTSPs|
|OBE eIDAS Qualified Certificates FAQ||An FAQ which answers legal, operational and technical questions about PSD2 and eIDAS certificates.|
|Guide: Understanding Internet Security & eIDAS Certificates||A Guide to help the ASPSP and TPP development teams understand internet security and eIDAS|
|Multiple factsheets, best practices and explanatory notes||
Documentation, delivered with the support of the QTSP community and industry working groups. Different topics comprise:
|NCA Data for QTSPs||A document to help the QTSP community understand the regulatory statuses used by the 30 national competent authorities in Europe.|
|QTSPs Offering eIDAS Certificates||A list of all the QTSPs offering PSD2 certificates. (While all QTSPs may offer PSD2 certificates, not all choose to. This resource is updated periodically and contains all those QTSPs that inform us that they offer PSD2 certificates along with contact details, so that TPPs and ASPSPs can find them).|
|Advocacy and regulator support||Periodic letters sent to regulators around eIDAS topics, such as the official list of NCA codes, and issues around Brexit.|
|Industry Helpdesk||Service and tailored support enabling any market participant to raise questions or problems concerning access to open banking and receive tailored support.|
Having achieved so much under PSD2 and the rollout of open banking, continued collaboration between ETSI and OBE will be important in shaping the industry as it moves ahead. In 2022, OBE and its Members from financial institutions, third party providers and regulated certificate issuers (QTSPs) will be following the upcoming review of PSD2. They will also be exploring how eIDAS 2.0 will impact the way in which consumers log into their bank accounts and any developments or changes regarding the global applicability of eIDAS certificates and API security standards in open banking. As open finance spreads around the world and new players emerge global interoperability and standards will become more essential than ever before.