At the end of the Brexit transition on 31st December 2020, eIDAS certificates, used by UK third party providers (TPPs) to identify themselves to Financial Institutions (ASPSPs) under PSD2 open banking, will no longer be valid.
The FCA has amended article 34 of the UK RTS on SCA and CSC to allow UK TPPs to use an alternative digital certificate to access customer account information or initiate payments.
Do you understand these requirements and what you need to do to comply?
Our summary below sets out the steps that need to be followed, the deadlines to be met and the on-going regulatory requirements.
To ensure ASPSPs meet the deadline, the following actions must be undertaken:
1. Assess any changes that need to be made to your systems so you can accept at least one alternative digital certificate
2. Decide which digital certificate(s) to accept
3. Implement any changes as soon as possible ahead of Implementation Period (IP) Completion Day
4. Publish which types of digital certificate(s) you will accept
5. Continue to accept eIDAS certificates. These will still be used by European TPPs to identify themselves
Konsentus Verify offers a single API solution to achieve instant compliance. It is easy to integrate and removes the heavy operational lift, associated costs, and resources required to implement these changes at speed.
To find out more about how we can help you meet these deadlines, comply with regulation and mitigate risk, contact one of our team on: FCABrexit@konsentus.com