Response to consultation on the Technical Standards on the EBA Register under PSD2
Go back
As there are no plans that the revocation lists or OCSP-interfaces of the TTPs providing the certificates for AISPs and PISPs will mirror the correct status at any given time, the security of the whole system depends on the EBA Register.
Therefore, with the TPP-ID taken from the certificate of the AISP or PISP as input parameter an immediate answer (7x24) should provide the status of the TPP (authorised or withdrawn) in a machine readable format, preferably in XML. The whole process is envisaged as an automatism with no human intervention.
Moreover EBA has to ascertain that the TPP-ID is unique within the register. The best way to do this is by using the Legal Entity Identifier (LEI) according to LEI ROC. As the LEI is more and more used for regulatory reporting within the finance industry (e.g. within MiFIT, MAR, etc.) this would seem logical.
Question 2: Do you agree with the proposed criteria and functionalities related to the search of information in the EBA Register? If not, please provide your reasoning.
No – the information has to be machine readable to allow an immediate and fast check whether a request from a specific AISP or PISP is legal. In times of “Digitalization” it is rather unusual not to provide an online interface.As there are no plans that the revocation lists or OCSP-interfaces of the TTPs providing the certificates for AISPs and PISPs will mirror the correct status at any given time, the security of the whole system depends on the EBA Register.
Therefore, with the TPP-ID taken from the certificate of the AISP or PISP as input parameter an immediate answer (7x24) should provide the status of the TPP (authorised or withdrawn) in a machine readable format, preferably in XML. The whole process is envisaged as an automatism with no human intervention.
Moreover EBA has to ascertain that the TPP-ID is unique within the register. The best way to do this is by using the Legal Entity Identifier (LEI) according to LEI ROC. As the LEI is more and more used for regulatory reporting within the finance industry (e.g. within MiFIT, MAR, etc.) this would seem logical.