OBE & ETSI Work Towards Standardisation and Security in Open Banking

PSD2 brought together the European Telecommunications Standards Institute (ETSI) and Open Banking Exchange Europe.

The Second Payment Services Directive (PSD2), brought together the European Telecommunications Standards Institute (ETSI) and Open Banking Exchange Europe.

ETSI and OBE signed an MOU in 2018 to facilitate better understanding of the PSD2 regulation and to encourage market collaboration on shared issues and problems. The success of the partnership led to the renewal of the MOU in December 2021. This case study looks at the achievements and future goals of the partnership.


Background

The European Banking Authority’s (EBA’s) Regulatory Technical Standards (RTS) required financial institutions to use eIDAS certificates as the means of identifying third party providers (TPPs) requesting access to open banking APIs.

What the RTS lacked was a set of standards and a supporting platform for educating the market – this is where ETSI and OBE could play their part:

  • ETSI, which supports over 800 organisations with the implementation of standards in Information Communications and Technology (ICT) enabled systems, put together and published a set of European standards to support the RTS regulation and the use of eIDAS certificates for TPP identity checking.
  • OBE had an established membership programme which was aimed at fostering collaboration in open banking and open finance. By holding working groups with regulators, financial institutions, fintechs and other stakeholders, regulatory and market issues could be discussed and solutions developed.

It was the requirement for the different stakeholders within the open banking ecosystem to understand and cooperate on the ETSI standards that led to OBE and ETSI signing the MoU in 2018.


Aims of the Partnership

ETSI and OBE set out three broad objectives for their partnership:

  • To advise the Qualified Trust Service Provider (QTSP) community on how to create relevant standards to support PSD2.
  • To support stakeholders in the use of eIDAS certificates, providing guidance on their strengths and limitations.
  • To raise awareness and promote collaboration amongst the ETSI and OBE communities around relevant standards, best practice and legislation.


Achievements

Through a series of Member working groups, workshops and industry documents, ETSI and OBE brought together their communities to achieve the aims and objectives of the MOU they set up in 2018. During the last three years, they have provided guidance on standardisation, identity and security in digital payments. The scope and success of their partnership comprises several key milestones:

Standard: ETSI TS 119 495 specification

An industry document used by all European QTSPs and financial institutions for defining additional data elements required for PSD2.

Following OBE discussions, the Standard was updated to include non PSD2 use cases whether outside the EU or for open finance.

Standard: JSON Web Signature Profile for Open Banking A Standard, built with the collaboration of the Berlin Group, STET, OBIE and the QTSPs, which brings together different ways of signing payloads.
Conference: eIDAS meets PSD2. Securing access to financial services with qualified certificates An ETSI and OBE joint conference, hosted at the ETSI headquarters in Nice, which brought together different parts of the European Commission and the European Central Bank alongside hundreds of Banks, TPPs and QTSPs
OBE eIDAS Qualified Certificates FAQ An FAQ which answers legal, operational and technical questions about PSD2 and eIDAS certificates.
Guide: Understanding Internet Security & eIDAS Certificates A Guide to help the ASPSP and TPP development teams understand internet security and eIDAS
Multiple factsheets, best practices and explanatory notes

Documentation, delivered with the support of the QTSP community and industry working groups. Different topics comprise:

  • Test certificates
  • Understanding Root Certificates and Trust Anchors
  • Expiring Certificates
NCA Data for QTSPs A document to help the QTSP community understand the regulatory statuses used by the 30 national competent authorities in Europe.
QTSPs Offering eIDAS Certificates A list of all the QTSPs offering PSD2 certificates. (While all QTSPs may offer PSD2 certificates, not all choose to. This resource is updated periodically and contains all those QTSPs that inform us that they offer PSD2 certificates along with contact details, so that TPPs and ASPSPs can find them).
Advocacy and regulator support Periodic letters sent to regulators around eIDAS topics, such as the official list of NCA codes, and issues around Brexit.
Industry Helpdesk Service and tailored support enabling any market participant to raise questions or problems concerning access to open banking and receive tailored support.


Future Plans

Having achieved so much under PSD2 and the rollout of open banking, continued collaboration between ETSI and OBE will be important in shaping the industry as it moves ahead. In 2022, OBE and its Members from financial institutions, third party providers and regulated certificate issuers (QTSPs) will be following the upcoming review of PSD2. They will also be exploring how eIDAS 2.0 will impact the way in which consumers log into their bank accounts and any developments or changes regarding the global applicability of eIDAS certificates and API security standards in open banking. As open finance spreads around the world and new players emerge global interoperability and standards will become more essential than ever before.

Share:

Have a question?
Get in touch

* Indicates a mandatory field

On submission of this form you will be sharing your personal data with OBE S.A.S. and its partners. We will process such information for the purposes of reviewing and responding to your request. For more information on how we will process your data and your rights in relation to your data, please review our privacy policy.

You may also be interested in:

The 5th version of Latam Fintech Market, one of the most important industry events in the country, will take place

Lauren will be discussing how to balance innovation and business standards with esteemed speakers from Swift and the Bank of

PLS EU will be taking place 12-13 September at the Hilton Rotterdam and will get into the topics on the

Become a Member

Please fill in the form below to register your interest in joining our OBE Membership programme with us and a member of our team will contact you shortly.

Please note: fields marked with * are mandatory

On submission of this form you will be sharing your personal data with OBE S.A.S. and its partners. We will process such information for the purposes of reviewing and responding to your request. For more information on how we will process your data and your rights in relation to your data, please review our privacy policy.