BIS published a report that explores the development of an identification and authentication application program interface (API) that could be used to implement privately and publicly administered open finance solutions with seamless scalability. This report is intended to serve as a general reference for individual countries that want to develop their own payments initiatives. However, the decision on which type of API architecture should be implemented depends on the characteristics of each jurisdiction. Comments on this report should be sent, preferably, by January 31, 2021.
The report highlights the importance of open finance for the development of the financial system, lists the trade-offs regarding implementation schemes for open finance, and serves as background for the other, more technical documents; these documents include a technical flow diagram of identity validation based on a centralized API architecture (unpublished), general hardware requirements to implement the centralized solution (Annex A), and technical requirements for third parties on the central validator API architecture (Annex B). The Technical Task Force of the Consultative Group on Innovation and the Digital Economy (CGIDE TTF) has been analyzing an API scheme based on mobile devices to support the remote, secure, and efficient identification and authentication of users of financial institutions. The analyzed scheme is based on the establishment of a central validator that allows secure relationships to be created between financial institutions and third parties, without the need for them to come into direct contact with each other. This is accomplished by establishing secure connections between the central validator and third parties on the one hand, and between the financial institutions and the central validator on the other. The security schemes used by the central validator would ensure that all connections in the scheme are established between previously certified entities for the orderly provision of financial services through third parties.
The report describes and proposes in detail the technical requirements for the key elements of the analyzed API scheme (that is, the central validator, third-party apps and servers, authentication app and servers). It also details the technical requirements for the third parties interested in participating in an API scheme like the one analyzed in this report. While the CGIDE TTF considers that the analyzed implementation is viable, this is not the only possible scheme and the ideal solution for each jurisdiction will depend on several factors, such as the level of involvement of the industry in the design of the API architecture, the powers given by law to the authority leading its implementation, the target use cases that the open finance ecosystem expects to cover, or the desired user experience. In this regard, the report discusses the open finance models supported by different API architectures, including those in Brazil, EU (revised Payment Services Directive), India, UK, and Singapore. Thus, this document should only serve as a general reference for individual countries that want to develop their own payments initiatives and, consequently, no member is endorsing the adoption of open banking or the analyzed identification and authentication API and central validator scheme.
Related Link: Report
Keywords: International, Banking, PMI, API, Open Finance, Fintech, Regtech, BIS
Previous ArticleBank of Finland Updates Instructions for AnaCredit Reporting
FED finalized a rule that updates capital planning requirements to reflect the new framework from 2019 that sorts large banks into categories, with requirements that are tailored to the risks of each category.
ECB published results of the quarterly lending survey conducted on 143 banks in the euro area.
ESAs published the final draft implementing technical standards on reporting of intra-group transactions and risk concentration of financial conglomerates subject to the supplementary supervision in EU.
EBA published the annual report on asset encumbrance of banks in EU.
MAS revised the guidelines that address technology and cyber risks of financial institutions, in an environment of growing use of cloud technologies, application programming interfaces, and rapid software development.
FED updated the reporting form and instructions for the FR Y-9C report on consolidated financial statements for holding companies.
EBA issued a consultation paper on the guidelines on monitoring of the threshold and other procedural aspects of the establishment of intermediate EU parent undertakings, or IPUs, as laid down in the Capital Requirements Directive.
EC published Regulation 2021/25 that addresses amendments related to the financial reporting consequences of replacement of the existing interest rate benchmarks with alternative reference rates.
BIS published a bulletin, or a note, that examines the cyber threat landscape in the context of the pandemic and discusses policies to reduce risks to financial stability.
HM Treasury, also known as HMT, has updated the table containing the list of the equivalence decisions that came into effect in UK at the end of the transition period of its withdrawal from EU.