In January 2018 the European Union Payment Services Directive (PSD2) came into force across Europe, delivering a consistent vision for Open Banking across all member states. End users will now have a legal right to share their personal transactional account data from their financial institution with regulated third parties.
Checking the TPP is regulated to provide the service (e.g. AISP / PISP) on the Regulatory databases and verifying eIDAS Seal Certificates.
The access permission for the third party accessing the data, ensuring suitable security and encryption etc.
Each time an access permission is used to request end user data, before information is provided by the FI, check the requesting party is still regulated as a TPP on the ‘multiple’ regulatory databases. Check the consumer has not revoked the access permission.
Access permission can only be issued for a maximum period of 12 months, so each year although the end user may have given ongoing permission, a new access permission must be provided to the TPP seeking the information.
By utilising the W2 Open Banking Consent Management Services, Financial Institutions (FIs) can enable their customers to securely participate in the open banking eco-system, confident in the knowledge that their data will only be provided to approved Third Party Providers (TPPs). Consumer consents and preferences are held after the FI has carried out Strong Customer Authentication (SCA) with the Payment System Users (PSUs) and issues the access token to the FI. This is passed to the TPP who uses it each time they want to access PSU data via the FI’s API. The access token binds the PSUs “explicit consents” with their nominated accounts, the period for which access has been granted and the TPP.
Want to know more?
To find out more about how W2 could help you to reduce risk and meet regulatory compliance.
During this period of uncertainty the W2 team are all working remotely and ensuring business continuity for all our customers and prospective customers. Should you have a need to reach us the best way to do this will either be directly to a member of the team if you have their contact details or via email@example.com