Austrian Federal Economic Chamber, Division Bank and Insurance
No – the information has to be machine readable to allow an immediate and fast check whether a request from a specific AISP or PISP is legal. In times of “Digitalization” it is rather unusual not to provide an online interface.
As there are no plans that the revocation lists or OCSP-interfaces of the TTPs providing the certificates for AISPs and PISPs will mirror the correct status at any given time, the security of the whole system depends on the EBA Register.
Therefore, with the TPP-ID taken from the certificate of the AISP or PISP as input parameter an immediate answer (7x24) should provide the status of the TPP (authorised or withdrawn) in a machine readable format, preferably in XML. The whole process is envisaged as an automatism with no human intervention.
Moreover EBA has to ascertain that the TPP-ID is unique within the register. The best way to do this is by using the Legal Entity Identifier (LEI) according to LEI ROC. As the LEI is more and more used for regulatory reporting within the finance industry (e.g. within MiFIT, MAR, etc.) this would seem logical.
As outlined above, the register should be available 24/7 for online queries. Moreover we miss a clear assertion that any updates of a local register of an NCA will be mirrored without delay in the EBA Register.
For the sake of minimizing implementation efforts and operational costs the register should include financial institutions that provide PI and AI services as well.