Submission #40

Primary tabs

View(active tab)

Nordea Bank Plc

Question 1: Do you agree with the EBA’s assessments on KPIs and the calculation of uptime and downtime and the ASPSP submission of a plan to publishing statistics, the options that EBA considered and progressed or discarded, and the requirements proposed in Guideline 2 and 3? If not, please provide detail on other KPIs or calculation methods that you consider more suitable and your reasoning for doing so.

Yes agree but more clarification needed:
◾is there a risk publishing the daily statistics?
◾When is the interface considered to be up again, after a period of downtime? How is this to be measured?
◾guidance needs to be available on how availability can be measured when the dedicated interface is not receiving requests.
◾how should partial availability impact the KPIs? how should partial availability be measured?
◾what is definition of a PSU interface? is each of the Netbanks a separate interface?

Question 2: Do you agree with the EBA’s assessments on stress testing and the options it considered and progressed or discarded, and the requirements proposed in Guideline 4? If not, please provide your reasoning. yes, agree

Question 3: Do you agree with the EBA’s assessments on monitoring? If not, please provide your reasoning. yes, agree

Question 4: Do you agree with the EBA’s assessments on obstacles, the options it considered and progressed or discarded, and the requirements proposed in Guideline 5? If not, please provide your reasoning.

More clarification needed.
What is considered as an additional check on consent"?
The ASPSP is the source of trust, is a data controller in the chain and has a duty of care to their customers. How will consumers differentiate a trustworthy TPP approach from any old hack phishing for their on-line password?
Is it compliant if, during the SCA step, the ASPSP enables the PSU to approve the TPP’s access before the ASPSP proceeds with servicing the TPP’s request? This would include displaying to the PSU the type of access being requested and the duration, the data and accounts, with the possibility to select the accounts for which the access is granted."

Question 5: Do you agree with the EBA’s assessments for design and testing, the options it considered and progressed or discarded, and the requirements proposed Guideline 6? If not, please provide your reasoning. yes, agree

Question 6: Do you agree with the EBA’s assessment for ‘widely used’, the options it considered and discarded, and the requirements proposed Guideline 7? If not, please provide your reasoning. Yes, agree.
More clarification needed what is widely used"?"

Question 7: Do you agree with the EBAs assessment to use the service level targets and statistical data for the assessment of resolving problems without undue delay, the options it discarded, and the requirements proposed Guideline 8? If not, please provide your reasoning. Yes, agree.

Question 8: Do you agree with the proposed Guideline 9 and the information submitted to the EBA in the Assessment Form in the Annex? If not, please provide your reasoning. yes, agree.

Question 9: Do you have any particular concerns regarding the envisaged timelines for ASPSPs to meet the requirements set out in these Guidelines prior to the September 2019 deadline, including providing the technical specifications and testing facilities in advance of the March 2019 deadline? no concerns.

Question 10: Do you agree with the level of detail set out in the draft Guidelines as proposed in this Consultation Paper or would you have expected either more or less detailed requirements on a particular aspect? Please provide your reasoning. yes, agree

File Upload

Name of organisation Nordea Bank Plc