Here are some questions to ask yourself in order to help decide if you are in a position to build your own Open Banking APIs.
Q: Do I fully understand all requirements as outlined in the Payment Services Regulations 2017 (PSRs) and subsequent FCA and EBA guidelines? Do I have dedicated compliance and technical resources within the business to support, monitor and prepare for upcoming changes, consultations, and regulatory announcements?
Q: Do I already have a “Dedicated Interface” i.e. an API that is publicly accessible for regulated TPPs, which conforms to the Regulatory Technical Standards for Strong Customer Authentication and Common and Secure Open Standards of Communication (RTS), and is that API separate from my existing client APIs? Am I willing and able to maintain that API in accordance with all changes (planned and unknown) to those regulatory standards?
Q: Am I able to support an API according to the current OBIE and Berlin Group NextGenPSD2 specifications, and am I able to adhere to all releases - major and minor - to maintain adherence?
Q: Am I able to onboard all regulated TPPs without delay or friction, on presentation of valid OBWAC/OBSEAL/EIDAS certificates? Am I able to monitor the permissions and regulatory status of each TPP on a realtime basis, via their NCC and OBIE/EIDAS certificate status including revocation checking? Am I able to provide sufficient technical support to all TPP enquiries during onboarding and at all points thereafter?
Q: Am I able to manage Payment Service User (PSU) consents in a manner consistent with the principles and standards set out in the RTS, including delegated access, token longevity, revocation and refresh? Is this linked to the permissions of a TPP, and am I able to track and report on all activity in an anonymised manner?
Q: Am I able to ascertain and record all API activity at an individual request level such that I can produce realtime and quarterly statistics demonstrating uptime, error rates and response times per endpoint, per interface, per day? Can I produce this data in a manner that is published on my website and formatted into a pre-defined REP020 format for submission to the FCA or other equivalent regulatory body?
Q: Am I able to prepare, publish and maintain a dedicated developer portal, allowing TPPs (and any other interested party including the regulator) to view my open banking API specification, view all instructions, and connect to my APIs? Am I able to ensure that this portal is kept up to date and in line with regulatory changes as and when they arise?
Q: Am I able to support a separate Sandbox environment, specifically to allow TPPs to test their connections, with test stub data populated and made readily available at all times?
Q: Am I able to satisfy the PSR requirements for a Contingency Mechanism?
Q: Do I have direct connections with the Open Banking ecosystem, including the FCA, JROC and OBIE, enabling rapid access to information and support, and the ability to influence upcoming changes to the benefit of my organisation?
If the answer to all of these questions is a resounding “Yes” then you are in a good position to build and maintain your old open banking Dedicated Interface. If the answer to any of the above is “No”, why not speak to tell.money. We can tick all of these boxes for you, and from as little as £1,500 per month.
Comments