Response to consultation on the Technical Standards on the EBA Register under PSD2
Go back
We would respectfully like to observe that the proposal for uploading the data from NCAs may prove cumbersome and heighten the risk of error. While there are benefits to doing a mass upload of the NCAs’ complete databases in some circumstances, the amount of processing that such a complete overwrite of every national register would require should not be underestimated; furthermore, in the event of an error, it would be difficult to identify the fault. Therefore our recommendation is to use smarter technology solutions such as delta updates, which would be less costly and allow for much easier error detection.
A further consideration that should be born in mind is the threat from malicious cyber activity. Adequate protection of data is a prime requirement in today’s environment. Simply adopting a policy of encrypting data during transport is not enough, as the data could be compromised prior to transmission. End-points need to have sufficient cybersecurity protection in place to ensure data integrity.
An additional area that might be considered is the data validation function. In the proposal there is no provision for the data to be checked against a source database, either at the national level or the European level. It is best practice to employ a system of metadata from source to ensure that data is checked and validated on input. This would be true at the national level as well as at the European level, when NCAs are uploading data to the central registry.
We would recommend that a machine readable format of the register’s data is made available to enable automatic checking of the data with applications and systems
In our provision of directory services for authorities, we always ensure that there are adequate audit functions, as well as the ability to roll back to earlier datasets in case issues are encountered.
We would also recommend that ISO 20022 is considered as a standard for the data points in the register, as some references in the documentation point to some proprietary definitions.
Question 1: Do you agree with the option the EBA has chosen regarding the transmission of information by NCAs to the EBA? If not, please provide your reasoning
SWIFT, through its reference data service SWIFTRef, has built up valuable experience of designing, building and deploying directory services and solutions for both national and international payment systems, as well as for regulatory authorities.We would respectfully like to observe that the proposal for uploading the data from NCAs may prove cumbersome and heighten the risk of error. While there are benefits to doing a mass upload of the NCAs’ complete databases in some circumstances, the amount of processing that such a complete overwrite of every national register would require should not be underestimated; furthermore, in the event of an error, it would be difficult to identify the fault. Therefore our recommendation is to use smarter technology solutions such as delta updates, which would be less costly and allow for much easier error detection.
A further consideration that should be born in mind is the threat from malicious cyber activity. Adequate protection of data is a prime requirement in today’s environment. Simply adopting a policy of encrypting data during transport is not enough, as the data could be compromised prior to transmission. End-points need to have sufficient cybersecurity protection in place to ensure data integrity.
An additional area that might be considered is the data validation function. In the proposal there is no provision for the data to be checked against a source database, either at the national level or the European level. It is best practice to employ a system of metadata from source to ensure that data is checked and validated on input. This would be true at the national level as well as at the European level, when NCAs are uploading data to the central registry.
Question 2: Do you agree with the proposed criteria and functionalities related to the search of information in the EBA Register? If not, please provide your reasoning.
Online searching is an essential means of consulting a database and enables individual transactional searching to be performed. However, we believe it should not be the only means of searching the data, as manual searching is human-resource intensive.We would recommend that a machine readable format of the register’s data is made available to enable automatic checking of the data with applications and systems
Question 3: Do you agree with the proposed non-functional requirements related to the operation of the EBA Register? If not, please provide your reasoning.
We believe the wide scope of entities in the register will require more comprehensive audit and management information functionalities than those that are set out in the proposal. We also note that there is no mention of roll backs of the data, should there be any failure in the system.In our provision of directory services for authorities, we always ensure that there are adequate audit functions, as well as the ability to roll back to earlier datasets in case issues are encountered.
We would also recommend that ISO 20022 is considered as a standard for the data points in the register, as some references in the documentation point to some proprietary definitions.