Introduction
The Payment Services Directive Regulations (“PSD2”) enshrined the right of the newly regulated account information service providers (“AISPs”), payment information service providers (“PISPs”) and card-based payment instrument issuers (“CBPIIs”) to access customer payment accounts held with account servicing payment service providers (“ASPSPs”), based on the customers’ explicit consent.
As part of this the European Banking Authority (“EBA”) developed a regulatory technical standard (“RTS”) on strong customer authentication (“SCA”) and common and secure communication (“CSC”) that provides detail on the new security requirements under PSD2 and regulate the access of AISPs, PISPs and CBPIIs to the customer payment account data held with ASPSPs.
Citi Private Bank Compliance with the regulation
In compliance with the PSD2 regulation Citi Private Bank has developed a dedicated Application Programming Interface (“API”) that enables authorised Third Party Payment Providers (“TPPs”) to view and access its clients cash accounts in the UK and Luxembourg.
Accessing the API
TPPs can connect to Citi Private Bank’s dedicated API to perform testing in a sandbox environment.
The API is available for “live” testing. For further information on our API please send an email.
Identification of TPPs
In order to identify a TPP, we will rely on qualified certificates for electronic seals as referred to in Article 3(30) of the eIDAS Regulation 2014. If a TPP does not have an eIDAS certificate, please contact us to discuss potential alternatives.
Effective 1 July 2021:
Citi Private Bank will identify a TPP using a valid eIDAS (QWAC & QSEAL) certificates from QTSPs (Qualified Trust Service Providers) for TPPs registered within the EEA, or OBIE (OB WAC & OB Seal) certificates from OBIEs (Open Banking Implementation Entities) for TPPs registered within the UK.
