FCA announce changes to open banking identification requirements

With the Brexit transition period coming to an end this year, financial institutions, banks and payment solution companies in the UK are preparing for their strategies post-Brexit and in this process, the Financial Conduct Authority (FCA), which is the financial regulatory body in the UK, has announced changes to limit the risk of disruption to open banking services after Brexit.

The changes which the FCA has made would permit UK-based third-party providers (TPPs) to use an alternative to eIDAS certificates which would allow them to access customer account information from account providers, or initiate payments after Brexit.

According to the FCA press release, “eIDAS certificates are required for TPPs to identify themselves to account providers and allow firms to interact and share customer account information online in a trusted and secure way”.

Under the Strong Customer Authentication Regulatory Technical Standards (SCA-RTS), eIDAS are the only accepted identification standard permitted between providers of open banking services in the EU.

In July 2020, the European Banking Authority (EBA) announced that eIDAS certificates of UK TPPs would be revoked when the transition period ends on 31 December 2020. The FCA action would allow TPPs to rely on an alternative certificate.

The changes by FCA would mean that UK-based TPPs would be required to obtain new certificates to continue to provide open banking services in the UK post-Brexit. Also, the accounts provided would need to make technical changes to their respective systems to enable TPPs to continue accessing the customer account information, by accepting an alternative certificate and informing TPPs as soon as possible which certificate(s) they will accept.

According to the FCA, in view of challenges faced by the payments industry, it will provide a transition period until the end of June 2021 for complying with the rules.