BIS published a report that explores the development of an identification and authentication application program interface (API) that could be used to implement privately and publicly administered open finance solutions with seamless scalability. This report is intended to serve as a general reference for individual countries that want to develop their own payments initiatives. However, the decision on which type of API architecture should be implemented depends on the characteristics of each jurisdiction. Comments on this report should be sent, preferably, by January 31, 2021.
The report highlights the importance of open finance for the development of the financial system, lists the trade-offs regarding implementation schemes for open finance, and serves as background for the other, more technical documents; these documents include a technical flow diagram of identity validation based on a centralized API architecture (unpublished), general hardware requirements to implement the centralized solution (Annex A), and technical requirements for third parties on the central validator API architecture (Annex B). The Technical Task Force of the Consultative Group on Innovation and the Digital Economy (CGIDE TTF) has been analyzing an API scheme based on mobile devices to support the remote, secure, and efficient identification and authentication of users of financial institutions. The analyzed scheme is based on the establishment of a central validator that allows secure relationships to be created between financial institutions and third parties, without the need for them to come into direct contact with each other. This is accomplished by establishing secure connections between the central validator and third parties on the one hand, and between the financial institutions and the central validator on the other. The security schemes used by the central validator would ensure that all connections in the scheme are established between previously certified entities for the orderly provision of financial services through third parties.
The report describes and proposes in detail the technical requirements for the key elements of the analyzed API scheme (that is, the central validator, third-party apps and servers, authentication app and servers). It also details the technical requirements for the third parties interested in participating in an API scheme like the one analyzed in this report. While the CGIDE TTF considers that the analyzed implementation is viable, this is not the only possible scheme and the ideal solution for each jurisdiction will depend on several factors, such as the level of involvement of the industry in the design of the API architecture, the powers given by law to the authority leading its implementation, the target use cases that the open finance ecosystem expects to cover, or the desired user experience. In this regard, the report discusses the open finance models supported by different API architectures, including those in Brazil, EU (revised Payment Services Directive), India, UK, and Singapore. Thus, this document should only serve as a general reference for individual countries that want to develop their own payments initiatives and, consequently, no member is endorsing the adoption of open banking or the analyzed identification and authentication API and central validator scheme.
Related Link: Report
Keywords: International, Banking, PMI, API, Open Finance, Fintech, Regtech, BIS
Previous ArticleBank of Finland Updates Instructions for AnaCredit Reporting
The European Commission (EC) published the Delegated Regulation 2022/786 with regard to the liquidity coverage requirements for credit institutions under the Capital Requirements Regulation (CRR).
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying the criteria to identify shadow banking entities for the purposes of reporting large exposures.
The Office of the Superintendent of Financial Institutions (OSFI) published the strategic plan for 2022-2025 and the departmental plan for 2022-23.
The European Banking Authority (EBA) is consulting, until August 31, 2022, on the draft implementing technical standards specifying requirements for the information that sellers of non-performing loans (NPLs) shall provide to prospective buyers.
The European Council and the Parliament reached an agreement on the revised Directive on security of network and information systems (NIS2 Directive).
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying information that crowdfunding service providers shall provide to investors on the calculation of credit scores and prices of crowdfunding offers.
The European Council published a draft Commission Delegated Regulation to amend the regulatory technical standards on specification of the calculation of specific and general credit risk adjustments.
The European Securities and Markets Authority (ESMA) published a paper that examines the systemic risk posed by increasing use of cloud services, along with the potential policy options to mitigate this risk.
The Monetary Authority of Singapore (MAS) published amendments to Notice 635, which sets out requirements that a bank in Singapore has to comply with when granting an unsecured non-card credit facility to individuals.
The European Commission (EC) published a public consultation on the review of revised payment services directive (PSD2) and open finance.