[Openid-specs-fapi] How are TTPs vetted under PSD2?

Brian Costello BCostello at yodlee.com
Tue Jul 7 15:24:48 UTC 2020

Hi Nat,

Each EU member country’s National Competent Authority (NCA) adminIsters an authorization process for their PISPs and AISPs per PSD2 and the respective enacting regulations (eg PSR 2017 for the UK).

I went through the UK FCA’s process in 2018.  Lots of focus on the customer journey and security detection and response.

It wasn’t the best assessment I’ve had, but certainly not the worst.  Happy to share more if we’re thinking about raising the bar on certification standards or practices.

Kind Regards,

Brian J. Costello
Envestnet | Yodlee
c:  +1 617 962 9742

On Jul 6, 2020, at 10:45 PM, Nat Sakimura via Openid-specs-fapi <openid-specs-fapi at lists.openid.net> wrote:

 External email, verify before opening attachments or links.


It is not really a technical spec issue but just out of curiosity: How are the appropriateness of data handling etc. of the TTPs (i.e., Fintechs) get verified under PSD2? Is there some kind of rules? Who is verifying that the TPP is trustworthy?


Nat Sakimura
Openid-specs-fapi mailing list
Openid-specs-fapi at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20200707/7682a210/attachment.html>

More information about the Openid-specs-fapi mailing list