UK RTS Compliant Certificates

The European Banking Authority (EBA) have recommended that the eIDAS certificates of UK Payment Services Providers (PSPs) should be revoked at the end of the Brexit transition period. There are concerns that this will majorly disrupt the UK open banking ecosystem.

Under PSD2, eIDAS certificates are required for PSPs to identify themselves. The UK Regulatory Technical Standards for Strong Customer Authentication and Secure Communication (PS19/26) states that they are the only accepted identification standard permitted between open banking services providers in the EU.

On 29 July 2020, the EBA published a statement, followed by a reminder on 9 November 2020, recommending that Qualified Trust Service Providers (QTSPs) revoke the eIDAS certificates of UK financial institutions at the end of the Brexit transition period and that financial institutions wanting to operate in the EU should ensure that they have obtained the necessary authorisation and effectively establish themselves before the end of the transition period.

In response to this, the Financial Conduct Authority (FCA) published amendments to Article 34 of the UKRTS in November 2020. These amendments will permit UK-based PSPs to use an alternative to eIDAS certificates to access customer account information or initiate payments, after Brexit.

European Telecommunications Standards Institute (ETSI) is also extending the European Technical Standard TS 119 495 for PSD2 certificates to include non-EU cases and non-EU countries.

The UK’s Open Banking Implementation Entity (OBIE) currently operates as a certificate issuer used by many in the UK financial industry and has positioned themselves as a supplier of these ‘alternative identification’ certificates. However, at present, OBIE is not a trusted party audited within any of the EU or UK trust frameworks, although they could choose to become one.

 

The purpose of this white paper is to summarise:
  • The regulatory requirements for alternative identification certificates as defined by the FCA.
  • How the UK regulatory requirements and technical standards compare to those adopted in the EU and how closely OBIE’s certificate offer aligns to both.
  • The ETSI TS 119 495 changes and whether they can be used by the UK as their compliance standard.
  • Why and how OBIE issues certificates today, their current suitability as a certificate issuer, and what changes should be put in place to clarify the compliance of their certificates.
  • The way forward for certificate issuance to ensure compliance with both UK and EU regulations which OBE believes will enable UK PSPs to continue to provide open banking services.

Downloading the full report is restricted to OBE Europe members only. Please login to download.

Share:

Have a question?
Get in touch

* Indicates a mandatory field

On submission of this form you will be sharing your personal data with OBE S.A.S. and its partners. We will process such information for the purposes of reviewing and responding to your request. For more information on how we will process your data and your rights in relation to your data, please review our privacy policy.

You may also be interested in:

Day 2 of Open Banking Expo London kicked off with a Fireside Chat between Luis Miguel Zapata, Vice President, Digital

The 5th version of Latam Fintech Market, one of the most important industry events in the country, took place in

Lauren will be discussing how to balance innovation and business standards with esteemed speakers from Swift and the Bank of

Become a Member

Please fill in the form below to register your interest in joining our OBE Membership programme with us and a member of our team will contact you shortly.

Please note: fields marked with * are mandatory

On submission of this form you will be sharing your personal data with OBE S.A.S. and its partners. We will process such information for the purposes of reviewing and responding to your request. For more information on how we will process your data and your rights in relation to your data, please review our privacy policy.