/
April 10, 2018
mm Written by:
Ralf Ohlhausen
Business Development Director
An update on the API Evaluation Group

In January this year, the European Commission (EC) created the API Evaluation Group (API EG) with the support of the Euro Retail Payments Board (ERPB) of the European Central Bank (ECB). This industry body was tasked with creating new standards for application programming interfaces (APIs) for use in open banking.

APIs are the technical interface between banks and fintechs. They’re the foundation of Open Banking and since – at least in theory – they should be superior to ‘screen scraping’, they will be fundamental to the operation of many fintechs and payment specialists.

To ensure a level playing field and a workable technical basis for the European finance sector, whatever standards emerge for open-banking APIs must work for all parties: consumers, fintechs, banks and regulators.

It’s the job of the API Evaluation Group to formulate a set of recommendations describing what a standard that meets these requirements should contain. Once it has completed its recommendations, the national regulators can consider these in their decisions to grant exemptions for banks from providing PSD2-licensed Third Party Providers (TPPs) a fallback option in case their API does not perform as expected.

January: setting the terms of reference

On 29 January, the new group met for the first time to agree its terms of reference. The group elected as its co-chairs James Whittle, the director of international standards at the UK’s NPSO Ltd, and Oscar Berglund of online-payments specialist Trustly Group AB.

The members of the API Evaluation Group are:

Whilst the group cannot guarantee that using an approved API would exempt a bank from having to maintain the fallback of allowing access through its standard user interface. However, the co-chairs expressed their hope and expectation that using an approved API would increase the chances of gaining such an exemption.

The group agreed to report its progress to the ERPB by June 2018. By that time, it has committed itself to:

  1. Define objective API evaluation criteria and guidance.
  2. Evaluate ongoing API initiatives against those criteria and guidance.
  3. Provide guidance on KPIs such as API security and performance requirements
  4. Define the basic principles of a common testing framework
  5. Communicate the results of this work to national competent authorities (NCAs).

The group scheduled meetings for each month until June 2018.

February: reviewing the API requirements

The group held its second meeting on 22 February. The main item on the agenda, was what the API standard would need to include if the market was going to accept it. In its discussion, the group considered the interests of the consumer and the various sectors of the payment and financial industries. It also took into account the opinions of the European Association of Co-operative Banks (EACB), the European Banking Foundation (EBF) and the ECB, all of which submitted written statements.

The group agreed the following actions:

There were also two items which the group agreed to continue discussing later:

  1. Whether or not the stipulation in draft requirement number 13, that the API must ensure that banks can share end-user identity information (name, ID number, DoB etc) legitimately falls within the scope of PSD2.
  2. According to draft requirement number 17, payment initiation service providers (PISPs) should be able to initiate transactions without the use of strong customer authentication, if the transaction is low risk. The group is still discussing which party to the transaction should be able to make that decision.

The agreed next steps were to draw up a new version of the API requirements (draft version 5) and circulate this among API EG members, so that they could discuss it at the next meeting.

Back to all Articles
Tags:
Payment Industry | PSD2 | regulation | payments | RTS
NEWSLETTER
Receive the latest industry news and updates from PPRO
NEWSLETTER SIGNUP
Receive the latest industry news and updates from PPRO.
We treat your personal details with respect and in line with our privacy policy.Please check the box below and enter your email if you want to receive our e-news.

NEWSLETTER
Receive the latest industry news and updates from PPRO