Authorization for OpenBanking

A bank needs to achieve open banking compliance.

Problem

A bank with branches in multiple countries around the world has to meet country-specific open banking regulatory requirements and needs a common open banking security profile provider.

Overview

The occurrence of open banking regulations is a consequence of the introduction of PSD2 in the EU. Regulations are specific for each country but there are a few generic requirements worldwide:

  • Strong OAuth2-based security profile, in many cases FAPI-compliant
  • Service APIs protection bound with an advanced enforcement, stronger than with regular Internet services
  • Regulatory-compliant application and developer registration
  • Advanced API governance.

The bank has to adapt its EU branches to local regulations in force. Still, the problem is not solved for the bank neither in the EU nor globally. The far-from-optimal approach taken in the EU is not extendable to the rest of the world at a reasonable cost.

The EU regulations have resulted in a few standards introduced by member states, such as Open Banking UK, NextGenPSD2, STET API, Polish API, or Slovak API. Given a limited time to achieve the compliance, the bank allows its branches to use separate security products for each of these standards. The bank cannot afford using this expensive strategy all over the world.

The bank intends to provide its branches worldwide with a single versatile product that is comprehensive enough to meet security requirements of most, if not all, upcoming open banking standards.

The next and currently most important region for the bank is North America, where the bank wants to test the new strategic approach. The selected product has to satisfy security requirements of the Financial Data Exchange (FDX) standard and the emerging open banking standard in Canada.

Solution

The bank selects Cloudentity with the following benefits in mind:

Result

Cloudentity’s solutions allow the company to

Certified provider

As of December 2019, Cloudentity is one of the nine FAPI R/W OP w/ MTLS certified providers.