Cash & Liquidity ManagementPaymentsEBA responds to issues raised by EBA API Working Group

EBA responds to issues raised by EBA API Working Group

One of the the highlights of European Banking Authority's API Working Group's response was rejecting the proposal for an open banking ‘Guestbook’

On 15 August 2019, the European Banking Authority (EBA) published its clarifications to the fifth set of issues that had been raised by participants of its Working Group (WG) on Application Programming Interfaces (APIs) under the revised Payment Services Directive (PSD2).

The API WG has identified issues that market participants may face during the testing and use of API interfaces in the period approaching the Regulatory Technical Standard (RTS) application date of 14 September 2019. The group has proposed solutions to the issues it raised which will be considered by the EBA and national authorities when providing clarifications in response to such issues.

The fifth set response on the issues raised are as follows:

  • Machinereadability of the central register of the EBA under PSD2
  • Measurement of response times of the dedicated interface
  • Contingency mechanism in Art. 33(4) – Identification of third party providers (TPPs) through ‘guestbooks’
  • Contingency mechanism in Art. 33(4) RTS – Data that can be accessed
  • Documentation of the contingency mechanism in Art. 33(4) RTS
  • Availability of, and reliance on, eIDAS certificates under Art. 34 RTS

Setback for fintechs

One of the most highlighting responses by EBA in the published clarifications has been rejecting the proposal for an open banking ‘Guestbook’ as a workaround when third parties are using a bank’s fallback interface.

There have been ongoing disputes over contingency access to accounts under the revised PSD2, which applies when a bank’s main API is unavailable or has not gained regulatory approval.

EBA has clarified: “Concerning in particular the guestbook identification explored by some API WG participants, the EBA is of the view that such identification method does not meet the 3 requirements in Art. 34(1) and 33(5) RTS, as it does not allow Account Servicing Payment Service Providers (ASPSPs)  to rely on the eIDAS certificates for the identification of TPPs.

“In addition, such guestbook entry would not be compliant with the PSD2 because the ASPSP would not be able to check whether the TPP has identified itself at the time the access takes place. In this respect, Article 66(3)(d) of PSD2 provides that PISPs should identify themselves towards the ASPSP “every time a payment is initiated”. Similarly, Article 66(2)(c) PSD2 requires AISPs to identify themselves towards the ASPSP “for each communication session”.

“Finally, such guestbook registration would impose a condition for the identification of the TPPs that does not have any legal basis in PSD2 or the RTS.”

EBA’s API Working Group

The API WG was established in January 2019 by the EBA to facilitate industry readiness for the RTS on Strong Customer Authentication and Common and Secure Communication as well as to support the development of high-performing and customer-focused APIs under PSD2. The group consists of 30 individuals representing ASPSPs, TPPs, API initiatives, and other market participants.

On 11 March, 1 April, 26 April, and 26 July 2019, the EBA published clarifications to the first four sets of issues that had been raised by the working group. Today’s publication is the response to the fifth set of issues. In the weeks to come, the EBA will add further clarifications.

Related Articles

Open Banking, payments and tech: Finastra Q&A Part One

FinTech Open Banking, payments and tech: Finastra Q&A Part One

4w Tom Lemmon
SWIFT and HSBC to join forces for API standards

FinTech SWIFT and HSBC to join forces for API standards

2m Jay Ashar
Deutsche Bank opens innovation hub in China

Banking Deutsche Bank opens innovation hub in China

2m Jay Ashar
Banking industry's approach to technology shifting

Automation Banking industry's approach to technology shifting

3m Jay Ashar
Flexibility around PSD2 implementation needed to avoid cliff-edge scenario

Compliance Flexibility around PSD2 implementation needed to avoid cliff-edge scenario

3m Jay Ashar
Open Banking will “dramatically” change the way treasurers work

Open Banking Open Banking will “dramatically” change the way treasurers work

4m Tom Lemmon
Open Banking: Big tech, bank tech or fintech?

Open Banking Open Banking: Big tech, bank tech or fintech?

4m Austin Clark
Asian treasuries moving into the fintech era

FinTech Asian treasuries moving into the fintech era

5m Jay Ashar

Whitepapers & Resources

Transaction Banking Survey 2019

Transaction Banking Survey 2019

2m
TIS Sanction Screening Survey Report

Payments TIS Sanction Screening Survey Report

4m
Enhancing your strategic position: Digitalization in Treasury

Payments Enhancing your strategic position: Digitalization in Treasury

6m
Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation

9m