The definitive source of global instant payments intelligence

Berlin Group’s NextGenPSD2 becoming a European reality

18/04/2018

The Berlin Group is a pan-European payments interoperability standards and harmonisation initiative with the primary objective of defining open and common scheme- and processor-independent standards in the interbank domain. NextGenPSD2 is a Berlin Group Taskforce, complemented with additional banks (ASPSPs) and payment associations. Wijnand Machielse, from The Berlin Group Secretariat, provides an exclusive overview of the new  Framework and its efforts to ensure open, secure application program interfaces (APIs) under PSD2 and access to account (XS2A) services.         

Introducing the NextGenPSD2

The Berlin Group’s NextGenPSD2 recently published the NextGenPSD2 Framework Version 1.0, offering a modern, open, harmonised and interoperable set of APIs for PSD2 required bank account access services to third-party payment service providers (TPPs). The NextGenPSD2 Framework offers an Operational Rules document that covers the service description, abstract (logical) data model and detailed process flow descriptions in a B2B interface, and Implementation Guidelines that specify the APIs in technical detail, including XML/JSON schemas etc.

Version 1.0 integrates extensive public market consultation feedback, is based on the European Commission adopted European Banking Authority (EBA) ‘RTS for strong customer authentication and common and secure open standards of communication’, and is among others built on RESTful and JSON standards, relying on ISO20022 standards for the data elements to be exchanged.

NextGenPSD2 objectives

In 2013, the Berlin Group started to investigate the impact of emerging new regulatory and market requirements on Strong Customer Authentication (SCA) and third party account access on interbank messaging standards. The revised Payment Services Directive (PSD2) mandated banks to provide TPPs access to accounts (XS2A) for payment initiation and account information services, and banks are also held liable if anything goes wrong. With thousands of banks and TPPs in Europe, it’s easy to imagine why development, testing and maintenance of proprietary, bank-specific XS2A interfaces would create a huge pan-European IT complexity with high costs for all stakeholders involved.

The NextGenPSD2 Framework was developed as an industry initiative of currently 45 supply-side organisations (i.e. banks, banking associations, payment associations, payment schemes and interbank processors active in the SEPA payment industry) to create uniform and interoperable communications between banks and TPPs. This will not only save costs on development, implementation, maintenance and testing but will also reduce PSD2 XS2A complexity and fragmentation risks across Europe. The standard incorporates pan-European requirements on e.g. customer consent handling, SCA architectures, payment products for retail and corporate business and is now being used by banks and TPPs for implementing PSD2 access to account (XS2A) services. A minor release update V1.1 in April 2018 will integrate the results of convergence discussions with other API initiatives, and will cover some additional functionalities and errata. A second minor release update V1.2 is expected around the summer, taking e.g. into account specific corporate banking functionality and input from regulatory discussions. Additional updates might come through the ongoing alignment with SWIFT, OpenID, W3C, ISO workstreams and FIDO. A major release update follows next year and will incorporate additional functionalities and the first set of extended value-added services that go beyond the core PSD2 requirements.

New NextGenPSD2 Testing Framework

In order to give TPPs enough time for their own software development, the EBA RTS provide a.o. that banks must make available a testing facility from March 2019. In addition the EBA RTS assign responsibilities to the national competent authorities on assessing PSD2 compliancy of implementations. Therefore as a next step a separate project is defining a common NextGenPSD2 Testing Framework for implementers. This Framework aims to support the overall PSD2 compliance of implementers with their national competent authorities and EBA. The Testing Framework also takes care of implementation variants and options resulting from the divergence in today’s banking infrastructures, payment products and authentication methods/infrastructures across Europe. This will reduce actual testing efforts for both banks and TPPs to a large extent and should enable banks a smooth approval process with their national competent authority.

Ensuring a comprehensive engagement model

NextGenPSD2 is interested in further engagement to involve broader market interests as well. The idea to set up an open pan-European NextGenPSD2 Advisory Board with a balanced multi-stakeholder representation from the market demand- and supply-side is currently being explored. Such a platform would offer the opportunity to liaise, interact and engage in a 2-way dialogue on strategic, business and technical topics related to the use and evolution of the NextGenPSD2 standards and beyond, ensuring up-to-date information on all NextGenPSD2 activities and future specification development from inception. A NextGenPSD2 Advisory Board would provide a Forum for debate and should help to foster adoption of NextGenPSD2, remove barriers, find optimisation potentials, ensure usability of NextGenPSD2 for implementers, and contribute to pan-European harmonisation with improved interoperability across the PSD2 XS2A value chain.

Click here for more information.

 

Author: Saara Day