Sandbox – get PSD2-ready with Finologee
Even though the technical access to account obligations introduced by the PSD2 Directive will become effective only as of September 2019, banks must meet some “pre-go-live” requirements by 14th March 2019. By this date, banks need to make sure that the technical specifications of the interfaces shared with or made available to third party providers (TPPs) are documented. In essence, banks must provide a so-called ‘sandbox’, i.e. a testing environment, to TPPs so they can carry out tests of the software and applications they develop for their customers and end-users.
But what exactly is expected from banks? How can Finologee’s solution help to reduce efforts on the banks’ side?
This first deadline (14th March 2019) can be seen as a first attempt of friendly cohabitation between two strangers, banks and TPPs. They do not know each other quite yet, but they have to get acquainted to jointly fulfil the payment services users’ needs. Basically, banks (ASPSPs) have to make sure that the technical specifications of any of the interfaces are documented, i.e. by specifying a set of routines, protocols, and tools needed by payment initiation service providers (PISP), account information service providers (AISP) and payment service providers issuing card-based payment instruments to allow their software and applications to interact with the systems of the ASPSP.
- Banks must make the documentation available – at no charge – to all Third-Party Providers (PISPs, PISPs issuing card-based payment instruments and AISPs) that have applied with competent authorities for the relevant authorisation or licence. They also have to publish a summary of the documentation on their websites.
- A testing environment, with support services, for connection and functional testing will have to be deployed to enable authorised payment initiation service providers to test their software and applications used for providing payment services to users. However, no sensitive information from banks should be shared through the testing facility.
As a part of its PSD2 Compliance product, Finologee includes a developer portal providing consolidated developer resources with a single point of contact for all documentation, how-tos, tutorials, examples, code samples, and SDKs. Finologee’s sandbox is the place where the TPP can sign up and manage its subscription, define the APIs and versions that he wants to use, and it provides access to premium APIs, billing and invoicing overview of API usage. It is an easy entry point for accessing APIs of all banks connected. The sandbox is exposed through the developer portal and lets the TPP test its application before going into production. The sandbox environment contains sample data for the different APIs that cover most real-life scenarios that the TPP may encounter in a production environment.
Effectively, only very few efforts are required on the bank’s side at this stage. Only the definition of sample data to be used in the sandbox will be needed from the bank. Finologee’s approach is aligned with the two phases required by the PSD2 and related regulation. Indeed, Finologee intends to release a sandbox environment where no technical resources, efforts or interconnection works are required on the banks’ side.
By using Finologee’s solution banks can thus benefit from a 3-month buffer and then focus their efforts on the deployment of access-to-account connectivity and environments to will have to be ready by September 2019.
As a FinTech player, Finologee is providing a PSD2 Compliance product and platform enabling any financial institution holding payment accounts to meet PSD2 technical requirements quickly and easily. PSD2 Compliance for Banks, its processes and flows have been designed and developed accordingly to match PSD2, RTS and related provisions and obligations. Finologee’s product encompasses the security layer and access to account rules relying and fully compliant with the EBA guidelines and the PSD2 directive (based on audit trails, statistics on TPP access).
Finologee has set up partnerships with consultancy firms to provide high quality and fully customisable regulatory reporting services tailored to its clients’ particular setups and requirements. PSD2 reporting requirements are indeed multi-dimensional, multi-context and need to tap into various sources and channels. Thus, adequate aggregation and customisation become a requirement. Both Finologee’s product and projects management plans take into account this specific need.