[Openid-specs-fapi] EBA Regulatory Technical Standards

Brian Costello BCostello at yodlee.com
Mon Jun 12 19:48:02 UTC 2017

No mention at all, to my knowledge.  The US banks are generally resistant to “open” or even “ecosystem” banking as we know it in the UK.  In fact the banks are signing bilateral agreements with aggregators to restrict consumers’ access to their own data.

I agree with you, safeguards and governance in consumer-permissioned data sharing is fertile ground for more innovation.


From: Ralph Bragg [mailto:Ralph.Bragg at openbanking.org.uk]
Sent: Monday, June 12, 2017 12:40 PM
To: Brian Costello <BCostello at yodlee.com>; 'Financial API Working Group List' <openid-specs-fapi at lists.openid.net>; Tom Jones <thomasclinganjones at gmail.com>; Dave Tonge <dave.tonge at momentumft.co.uk>
Subject: RE: [Openid-specs-fapi] EBA Regulatory Technical Standards

Any mention of access to account information / data?
The biggest driver for OpenBanking and biggest interest is unlocking the data held by banks – the UK has a number of almost instant clearance payment systems available and has for some time. Immediacy of payment clearance isn’t where I’m expecting to see the most innovation with these APIs. It’s the data where I think we’ll see the most interesting innovations emerge.

From: Openid-specs-fapi [mailto:openid-specs-fapi-bounces at lists.openid.net] On Behalf Of Brian Costello via Openid-specs-fapi
Sent: 12 June 2017 20:17
To: Tom Jones; Financial API Working Group List; Dave Tonge
Subject: Re: [Openid-specs-fapi] EBA Regulatory Technical Standards

Indeed.  This is the “upgrade” from ClearXchange, with Early Warning (bank owned) as the service provider.

From: Openid-specs-fapi [mailto:openid-specs-fapi-bounces at lists.openid.net] On Behalf Of Tom Jones via Openid-specs-fapi
Sent: Monday, June 12, 2017 10:57 AM
To: Dave Tonge <dave.tonge at momentumft.co.uk<mailto:dave.tonge at momentumft.co.uk>>; Financial API Working Group List <openid-specs-fapi at lists.openid.net<mailto:openid-specs-fapi at lists.openid.net>>
Subject: Re: [Openid-specs-fapi] EBA Regulatory Technical Standards

looks like the US banks have build their own payment network.


On Wed, Jun 7, 2017 at 7:52 AM, Dave Tonge via Openid-specs-fapi <openid-specs-fapi at lists.openid.net<mailto:openid-specs-fapi at lists.openid.net>> wrote:
Hi John and FAPI list members,

Apologies my mic wasn't working on the call, but here is a quick update on the Regulatory Technical Standards on Strong Customer Authentication for PSD2.

The EBA's final draft is here:

This draft includes their responses to feedback.
FAPI sent the following feedback:

You will notice in their feedback they ignore the issue of the confusion between authentication and authorisation.

The Commission has recently published a proposed amended version of the RTS:

The changes made in the amendment are detailed in this letter:

There is currently uncertainty as to whether the amended draft will be adopted. From a bank and TPP perspective here in the UK we believe that the amendments will have unintended consequences and will publish a letter shortly where we detail our concerns.

Further to the RTS (which is more about principles than technical standards) the Euro Retail Payments Board at the European Central Bank is working on actual technical standards to be promoted across the EU for PSD2. Their latest report is attached and it is from this report that we started consideration of CIBA to support "decoupled" flows.

FAPI also drafted a letter to the ERPB working group which I've also attached.

I'm happy to answer any questions the group may have regarding these documents.
It is worth noting that in the UK, the Financial Conduct Authority and Her Majesty's Treasury have both endorsed the work of OpenBanking Ltd on the Open Banking Standard:

FCA Approach Doc 17.66<https://www.fca.org.uk/publication/consultation/cp17-11-draft-approach-document.pdf>:
During the period before the SCA-RTS becomes applicable, the parties may find it helpful to take account of industry standards which are being developed as a result of the Competition and Markets Authority’s Open Banking Remedy

HMT Consultation on PSD2 6.10<https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/589023/implementation_of_revised_EU_directive.pdf>:
The government therefore sees the PSDII implementing regulations as providing the legislative foundations on which the Open Banking API Standard then sits. Although APIs are only one method by which ASPSPs could provide the access to AISPs or PISPs mandated under the PSDII, the government believes a commonly utilised API framework will lead to greater competition in the retail banking and “third party” services market and better outcomes for payers and other end users.

On a final note, a number of the "CMA9" banks who are mandated to implement the Open Banking Standard have operations in other EU states (e.g. Danske, AIB, BOI) and my understanding is that they want to use the standard not only in the UK but for all their operations.

Hopefully we will see increased adoption of FAPI over the coming months.

Dave Tonge
[Moneyhub Enterprise]<http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
10 Temple Back, Bristol, BS1 6FL
t: +44 (0)117 280 5120<tel:+44%20117%20280%205120>

Moneyhub Enterprise is a trading style of Momentum Financial Technology Limited which is authorised and regulated by the Financial Conduct Authority ("FCA"). Momentum Financial Technology is entered on the Financial Services Register (FRN 561538) at fca.org.uk/register<http://fca.org.uk/register>. Momentum Financial Technology is registered in England & Wales, company registration number 06909772 © . Momentum Financial Technology Limited 2016. DISCLAIMER: This email (including any attachments) is subject to copyright, and the information in it is confidential. Use of this email or of any information in it other than by the addressee is unauthorised and unlawful. Whilst reasonable efforts are made to ensure that any attachments are virus-free, it is the recipient's sole responsibility to scan all attachments for viruses. All calls and emails to and from this company may be monitored and recorded for legitimate purposes relating to this company's business. Any opinions expressed in this email (or in any attachments) are those of the author and do not necessarily represent the opinions of Momentum Financial Technology Limited or of any other group company.

Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net<mailto:Openid-specs-fapi at lists.openid.net>


Please consider the environment before printing this email.

This email is from Open Banking Limited. Our postal address is 2 Thomas More Square, London, E1W 1YN. Any views or opinions are solely those of the author and do not necessarily represent those of Open Banking.

This email and any attachments are confidential and are intended for the above named only. They may also be legally privileged or covered by other legal rights and rules. Unauthorised dissemination or copying of this email and any attachments, and any use or disclosure of them, is strictly prohibited and may be illegal. If you have received them in error, please delete them and all copies from your system and notify the sender immediately by return email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20170612/4eb2d642/attachment-0001.html>

More information about the Openid-specs-fapi mailing list