This publication focuses on the regulatory-driven markets, all of which have approved competent authorities that authorise and supervise market players.
Open Banking is a worldwide phenomenon.
Throughout the globe, multiple initiatives have emerged, some led by regulation and others by the market. This publication focuses on the regulatory-driven markets, all of which have approved competent authorities that authorise and supervise market players. Nonetheless, OBE also tracks market-driven initiatives and will represent them whenever possible.
Despite its name, Open Banking does not make financial information widely accessible to anyone. Accessing banking information is only possible in controlled and secure environments due to value, confidentiality, and risk issues. For a party to retrieve financial data, it has to be authorised, identify itself to the data holders, and have the permissions of the data owners. This piece focuses on the identification of the parties to the data holders.
After being issued with their license, API Users (Fintechs) must prove their identity to the Financial Institutions that provide APIs. To do this, Fintechs can rely on public-key certificates for electronic signatures and website authentication. To enable interoperability, the players should follow standards. The European Telecommunications Standards Institute (ETSI) developed the TS 119 495, the reference in Europe. Recognising the need for a global standard, ETSI updated their technical standard to make it global. OBE advocates using ETSI’s Technical Standard 119 495 for Open Banking trust certificates, as it is proven and widely used. Our work focuses on the TS 119 495.
Section 5.2.1 of TS 199 495 defines the requirements of the Authorisation Number issued by the “National Competent Authority” (NCA). The standard defines three components that should be included, as follows:
- 2 character ISO 3166-1 [8] country code representing the NCA country
- 2-8 character NCA identifier without country code (A-Z uppercase only, no separator)
- PSP identifier (authorisation number as specified by the NCA. There are no restrictions on the characters used).
The first component is defined by ISO 3166-1, the scope of which is global. The PSP identifier is determined locally by each NCA according to their local regulations. However, the NCA Identifier is not as clear. In Europe, the European Banging Authority manages and publishes the NCA codes for the European Economic Area (EEA). Nonetheless, there is nothing that specifies the codes for other areas.
This document defines the NCA codes to be used by Trust Service Providers when issuing Open Banking identity certificates. The paper is divided by regions: Europe, Asia and Oceania, Americas, Middle East and Africa. The European section incorporates proposals for countries outside the EEA. OBE has put forward a recommendation for the remaining geographies.
OBE will actively update and maintain this document and welcomes input from National Competent Authorities, API Providers, API Users and Trust Service Providers. To mitigate legacy issues, OBE will follow strict versioning rules and has in place a rigorous change process.
NCA Codes
The NCA codes section is divided by regions: Europe, Asia and Oceania, Americas, Middle East and Africa. The European section incorporates proposals for countries outside the EEA. The remaining geographies contain OBE’s proposals. 1.1 Europe The National identification codes to be used in the European Economic Area are defined by the European Banking Authority (EBA). The EBA maintains and updates the list, and should be used as reference. The list is available here: NCA abbreviations for inclusion in eIDAS certificates.pdf | European Banking Authority (europa.eu).| Country | Country Code (ISO 3166-1) | NCA | NCA Code | Link |
| Ukraine | UA | National Bank of Ukraine | NBU | Link |
| United Kingdom | GB | Financial Conduct Authority | FCA | Link |
| Country | Country Code (ISO 3166-1) | NCA | NCA Code | Link |
| South Korea | KR | Financial Services Commission | FSC | Link |
| India | IN | Reserve Bank of India | RBI | Link |
| Australia | AU | Consumer Data Right | CDR | Link |
| Hong Kong | HK | Hong Kong Monetary Authority | HKMA | Link |
| Japan | JP | Financial Services Agency | FSA | Link |
| Singapore | SG | The Monetary Authority of Singapore | MAS | Link |
| New Zealand | NZ | Financial Markets Authority | FMA | Link |
| Indonesia | ID | Bank Indonesia | BI | Link |
| Thailand | TH | Bank of Thailand | BOT | Link |
| Philippines | PH | Bangko Sentral ng Pilipinas | BSG | Link |
| Georgia | GE | National Bank of Georgia | NBG | Link |
| Azerbeijan | AZ | Central Bank of the Republic of Azerbaijan | CBA | Link |
| Russia | RU | Bank of Russia | CBR | Link |
| Country | Country Code (ISO 3166-1) | NCA | NCA Code | Link |
| Canada | CA | Office of the Superintendent of Financial Institutions | OSFI | Link |
| United States | US | The U.S. National Automated Clearing House Association | NACHA | Link |
| Brazil | BR | Brazilian Central Bank | BCB | Link |
| Mexico | MX | Comisión Nacional Bancaria y de Valores | CNBV | Link |
| Colombia | CO | Open Banking Exchange and Superintendencia Financiera de Colombia | OBECO & SFC | |
| Chile | CL | Financial Market Commission | FMC | Link |
| Country | Country Code (ISO 3166-1) | NCA | NCA Code | Link |
| Nigeria | NG | Central Bank of Nigeria | CBN | Link |
| Saudi Arabia | SA | Saudi Central Bank | SAMA | Link |
| Turkey | TR | Central Bank of Turkey | TCMB | Link |
| Kenya | KE | Central Bank of Kenya | CBK | Link |
| Rwanda | RW | National Bank of Rwanda | BNR | Link |
| United Arab Emirates | AE | Dubai Financial Services Authority | DFSA | Link |
| Bahrain | BH | Central Bank of Bahrain | CBB | Link |
