To: European Banking Authority
Distribution: Public
From: Open Banking Exchange Europe
We are writing on behalf of the Qualified Trust Service Provider (QTSP) community concerned by PSD2.
We take note of the EBA call to financial institutions for the finalisation of preparations on the potential event of the end of the Brexit transition period. Within this you make it clear that:
“…account information service providers (AISPs) and payment initiation service providers (PISPs) registered/authorised in the UK will no longer be entitled to access customers’ payment accounts held at the EU payment service providers and their PSD2 eIDAS certificates under Article 34 of the Commission Delegated Regulation (EU) 2018/389 will be revoked.”
As, the QTSPs will be the ones who will have to revoke the eIDAS certificates, they are eager to know what will be the formal signal that they need to act.
In December last year ETSI and OBE sent you the attached liaison describing their expectations. In short they feel that the presence of the UK National Competent Authority in the list published by the EBA called “NCA abbreviations for inclusion in eIDAS certificates”.
As the PSD2 Qualified Certificate requirements specification (ETSI TS 119 495) requires that the field NCA code found in this document, is the one to be put into the certificate – the removal of GBFCA would be a clear signal that the QTSP community should revoke certificates to UK registered TPPs. We asked if this approach was appropriate.
At the time you indicated that you would consider it and come back to us after having discussed it with your members. Are you yet able to confirm this?
Given that it is highly likely that the UK will fully leave the EU at the end of this year, it would help EU Qualified Trust Service Providers to be certain on the rules that will apply to the issuing of qualified certificates for PSD2 to UK financial institutions.
Best regards,
John Broxis, Managing Director, OBE
Nick Pope, Consultant, OBE