As described, Open Banking is a standard/framework to digitalize and standardize the financial services world. This standard is a robust standard born around 2016 from massive international collaboration at a European level.
The best minds sat down and reviewed the status quo and looked at the different countries and their standards in the financial services space. While some countries like Poland were well advanced with national standards that defined what a bank can implement, some other countries did not.
This called for a massive overhaul of the system and together with agencies dedicated to digital security and specialized in authentication and authorization frameworks. And at the end of it all, PSD2 and UK Open Banking were born by 2018.
Trust in Open Banking
One of the focus discussions around the Open Banking standards was trust: trust is paramount for a framework to allow one party to act on behalf of another, which is, in synthesis, what Open Banking allows.
One must remember that a third-party provider (TPP) can be allowed access to the bank account information and initiate payments and many other actions on behalf of the account owner. This is a significant step that needs to be as secure and trustworthy as possible.
To allow for such a step means that the TPP needs to be adequately screened by an authority that can vouch for the integrity and the trustworthiness of said TPP.
Authorities and certifications
For what concerns Open Banking UK, this falls to the (Financial Conduct Authority) FCA, while for the PSD2, that would be each national Authority’s responsibility.
A TPP needs to apply for TPP status by the authority letting the authority know what they want to offer as a financial service. To avoid putting all trust in a single body, a TPP also needs a digital certificate of authority provided by QTSPs (Qualified Trust Service Providers). In other words, a qualified certificate authority that is allowed to sign eIDAS certificates, which will then make a triangulated check with the authority and possibly other legal entities to verify the authenticity of the TPP claim.
On many occasions, insurances and conditions are applied to TPPs to make sure that any abuse or mishaps can be mitigated and resolved without any consequences to end customers.
Another requirement is a solid legal framework that can provide support in case of any disputes.
Any banks will have it in their best interests to make a thorough check when receiving the certificate from a TPP. This check should be readily available for all banks in the region.
This is an essential step in establishing a strong trust bond between the bank and the entity that will act on behalf of their customer. If the framework is not trustworthy enough, then the initiative will fail and can have a detrimental effect on consumer trust as a whole and create resistance when trying to achieve digitalization of the sector at a national or regional level. And this can mean, in extreme cases, falling behind the big players and losing deals and traction in the market at a national/regional level.