Written by Ebony Ezekwesili
On 3 November 2020, the FCA announced changes to open banking identification requirements, permitting UK-based third-party providers (TPPs) to use an alternative to eIDAS certificates to access customer account information from account providers, or initiate payments, after Brexit. The changes were introduced in order to limit the risk of disruption to open banking services after Brexit.
eIDAS certificates are required for TPPs to identify themselves to account providers and they are the only accepted identification standard permitted between providers of open banking services in the EU, under the Strong Customer Authentication Regulatory Technical Standards (SCA-RTS). However, the European Banking Authority (EBA) announced in July 2020 that eIDAS certificates of UK TPPs would be revoked at the end of the transition period on 31 December 2020.
Under the changes announced by the FCA, TPPs will be able to rely on an alternative certificate, with the following impact:
UK-based TPPs will likely need to obtain a new certificate to be able to continue to provide open banking services in the UK, post-Brexit; and
Account providers (e.g. banks) will likely need to make technical changes to their systems to enable TPPs to continue accessing customer account information, by accepting an alternative certificate and informing TPPs as soon as possible which certificate(s) they will accept.
The FCA has stated that firms must review the changes immediately and implement any necessary changes as soon as possible. In light of the likely challenges faced by the industry, the FCA will provide a transition period until the end of June 2021 for complying with its rules.