What is happening?
The FCA has announced, through its new Policy Statement PS 20/13, changes to limit the risk of disruption to open banking services after Brexit. These changes will permit UK-based third-party providers (TPPs) to use an alternative to eIDAS certificates to access customer account information from account providers or to initiate payments, after Brexit.
What do you need to do?
eIDAS certificates are required for TPPs to identify themselves to account providers and to allow firms to interact and share customer account information online. Under the Strong Customer Authentication Regulatory Technical Standards (the SCA-RTS), they are the only accepted identification standard permitted between providers of open banking services in the EU.
However, in July 2020, the European Banking Authority announced that eIDAS certificates of UK TPPs would be revoked when the Brexit transition period ends on 31 December 2020. A near-final instrument published by the FCA allows TPPs to rely on an alternative certificate.
The changes will mean:
ASPSP firms need to assess the need for any changes in their systems and processes and implement any necessary changes as soon as possible ahead of 31 December 2020. The FCA also expects them to tell TPPs which alternative certificates they will accept as early as possible, and to continue to encourage them to use existing certificates where possible.
The FCA will provide a transition period until the end of June 2021 for complying with these rules.
How can we help you?
If you’d like to know more about how we can help you with your eIDAS certificate arrangements, or with any other aspect of payment services compliance, our expert team is here to help. Contact us today on 0207 436 0630 – or email info@thistleinitiatives.co.uk.