Regulatory Compliance
R24 AMR | Min(s) read
Related topics:

Introduction to PSD2 Account Information

PSD2 Account Information module (PZ) provides functionality that assists the Account Information Service flows under the Berlin Group.

It consists of the following:

  • Parameter table
  • Account Consent Framework using AA
  • Account Information Service Provider (AISP) APIs and workflows

A high-level summary of the facilitated Berlin Group flow is shown below.

  1. A customer signs up to a Third Party Provider (TPP), which is an AISP that offers Account Aggregation services.
    The TPP outlines the terms and conditions of their service, including the details they will be requesting from the customer’s bank. The customer then accepts the T&Cs.
  2. In the TPP, the customer chooses the bank they want to aggregate their accounts from.
  3. The TPP sends a consent request to the customer’s chosen bank, which contains the details of the customer’s accounts and services that TPP requires access to.
  4. The bank receives the request and the following are validated:
    • eIDAS check by the API gateway
    • TPP role validation is performed at the bank’s API Gateway.
    The request is accepted only if all validations are successful.
  5. Based on a successful request, the bank creates a consent resource with an ID. The consent ID is used throughout the consent lifecycle.
  6. The bank provides a response to the TPP, including the consent ID and a redirect link. This is used to redirect the user to authenticate themselves.
  7. The TPP redirects the user to a bank landing page (user agent).
  8. The user performs Strong Customer Authentication (SCA) to prove the request is genuine (by authenticating the requesting user). The SCA process is handled by the bank’s own identity or authentication provider (IDP).
  9. After authentication, a check is done to identify whether the user has access to the requested accounts through an online channel and whether they are PSD2 eligible.
  10. After the list of eligible accounts is generated, the user reviews the request at the bank in the user agent screens, including the details of the TPP's access request access. The user can then authorise or cancel the request.
  11. Depending on the customer’s decision, a response is provided to the TPP.
    • If the customer authorises the request, the TPP can make subsequent requests for certain account information.
    • If the customer cancels the request, the TPP cannot access any customer data.
  12. The TPP uses the consent ID to request account information from the user’s accounts.
  13. The user can withdraw consent at any time at the TPP or their bank directly.
A housekeeping service can be configured to clear unauthenticated or unauthorised PSD2 consent records after a bank-defined time period. Read the Housekeeping Service section for more information.

Configuring PSD2 Account Information

This section helps the user configure the PZ module.

The PZ.PARAMETER application is used to configure the PZ module and can be used to:

  • Identify the types of accounts that are considered ‘payment’ accounts (and are eligible for PSD2 processing). This can be based on specific category codes or AA Products.
  • Identify where Consent Management is handled (internally or externally to Temenos Transact).
  • Identify where TPP Validation is handled (internally or externally to Temenos Transact).
  • Identify where user permissions are managed and checked (internally or externally to Temenos Transact).
  • Configure housekeeping service for consent requests.
  • Configure Tokenised Account IDs in the consent.

The record ID is the COMPANY of the bank the parameterisation is applicable for.

A record is needed for each company in which the configuration is required. If both PZ and PX modules are installed, it is recommended that the parameter table configurations for the Payment Account Definition are in sync.

A screenshot of the PZ.PARAMETER application with a description of each field’s intended use is shown below:

For all descriptions listed below, ‘Available’ accounts are payment accounts that are considered eligible for PSD2.

Only one of the following combinations is allowed for defining the Payment Account Definition:

  • Default Available field
  • Avail Categ field
  • Avail AA Prod field
Multiple combinations for defining the Payment Account Definition are not allowed.
Field Description
Default Available Used to flag all types of accounts offered by the bank that are ‘Available’.
  • If selected, all categories of accounts offered by the bank are considered as eligible for PSD2.
  • If not selected, accounts offered by the bank are not considered as eligible for PSD2 unless they are configured in the Avail Categ fields.

This value must be set only when all account types offered by the bank are payment accounts.

If the bank offer accounts types that are eligible for TPP access, this field is not set. Instead, the bank must configure the eligible account types using the CATEGORY or AA Product field-sets.
Avail Categ Start Holds the start number of the CATEGORY range for accounts that are considered ‘Available’ under PSD2.
It should be used in conjunction with Avail Categ End to allow the client to define a range of CATEGORYs that are eligible for PSD2 processing.

The bank has the below CATEGORYs available:

  • 1000 – Demand Account
  • 1001 – Current Account Standard
  • 1002 – Current Account with Overdraft
  • 1003 – Current Account Premium
  • 1004 – Current Account Student
  • 1005 - Junior Savings Account
  • 1006 – Teen Saver
  • 1007 – Instant Access Payment Account
  • 1008 – Long Term Savings Account
  • 1009 – Instant Access Savings Account
  • 1010 – Credit Card
  • 1011 – Fixed Term Deposit 2Y
  • 1012 – Fixed Term Deposit 3Y

The bank considers the accounts highlighted in blue as eligible accounts under PSD2.

The value of the Avail Categ Start field is 1001. The value of the Avail Categ End field is 1004. All CATEGORY codes between 1001 and 1004 are considered ‘Available’.

A customer need not enter every CATEGORY code manually and can instead enter a range.

Individual CATEGORY codes (not within a range) can be defined in the Avail Categ field.
Avail Categ End Holds the end number of the CATEGORY range for accounts that are considered ‘Available’ under PSD2.
It should be used in conjunction with Avail Categ Start to allow the client to define a range of CATEGORYs that are eligible for PSD2.

The bank has the below CATEGORYs available:

  • 1000 – Demand Account
  • 1001 – Current Account Standard
  • 1002 – Current Account with Overdraft
  • 1003 – Current Account Premium
  • 1004 – Current Account Student
  • 1005 – Junior Savings Account
  • 1006 – Teen Saver
  • 1007 – Instant Access Payment Account
  • 1008 – Long Term Savings Account
  • 1009 – Instant Access Savings Account
  • 1010 – Credit Card
  • 1011 – Fixed Term Deposit 2Y
  • 1012 – Fixed Term Deposit 3Y

The bank considers the accounts highlighted in blue as eligible accounts under PSD2.

The value of the Avail Categ Start field is 1001. The value of the Avail Categ End field is 1004. This means all CATEGORY codes between 1001 and 1004 are considered ‘Available’.

A customer need not enter every CATEGORY code manually and can instead enter a range.

Individual CATEGORY codes (not within a range) can be defined in the Avail Categ field.
Avail Categ Used in addition to or separately from the Avail Categ Start or Avail Categ End field.
It allows the user to enter each CATEGORY code one by one, which is considered available for PSD2.
  • The user can use the Avail Categ field to manually enter each CATEGORY code that is considered available.
  • The user can use the Avail Categ Start or Avail Categ End field to define a range and then use the Avail Categ field to define any additional singular CATEGORY codes not included within the range.

The bank has the below CATEGORYs available:

  • 1000 – Demand Account
  • 1001 – Current Account Standard
  • 1002 – Current Account with Overdraft
  • 1003 – Current Account Premium
  • 1004 – Current Account Student
  • 1005 – Junior Savings Account
  • 1006 – Teen Saver
  • 1007 – Instant Access Payment Account
  • 1008 – Long Term Savings Account
  • 1009 – Instant Access Savings Account
  • 1010 – Credit Card
  • 1011 – Fixed Term Deposit 2Y
  • 1012 – Fixed Term Deposit 3Y

The bank considers the accounts highlighted in blue as eligible accounts under PSD2.

The bank can manually enter ‘1007’ and ‘1009’ to mark these as PSD2 eligible accounts.
Consent Mgmt Allowed values are Internal or External.
  • If the value is Internal, the Consent Management is handled in Temenos Transact using the AA Account Consent Product and the Consent Validation process is performed internally.
  • If the value is External, the Consent Management and validation is handled in an external system.
A null value denotes as Internal.
Obd Provider

This field determines where TPP role validation occurs.

Allowed values are:

  • EXTERNAL – The Open Banking Directory is maintained outside of Temenos Transact. For example, when maintained by an API Gateway, validation in Temenos Transact is not required.

When this field is not set to External, the Open Banking Directory is populated with the data from an external source.

TPP role validation is one of the checks required to be performed on a TPP prior to accepting a TPP request. API Gateway performs required mandatory checks before the TPP role check.
Block Tpp Intended to be used only when the Obd Provider field is External.
  • If the Obd Provider field is set to External, the TPP Validation is handled externally. However, to block a certain TPP from making requests, the bank may enter the TPP’s Global URN number in this field. During the TPP Validation, if the TPP’s Global URN is present in this field, the validation fails as the TPP is considered ‘blocked’.
  • If the Obd Provider field is set to Internal (or another valid value), the user must enter a value in this field. Any blocking of the TPP must be handled in the relevant PZ.OPEN.BANKING.DIR record itself for the TPP.
Consent Level

Defines the level at which consent is managed within Temenos Transact.

Allowed values are:

  • Company – Set if the customer is not shared across the Temenos Transact instance. A parameter should be set for each COMPANY.
  • Global – Set if the CUSTOMER is shared across the Temenos Transact instance.
Avail AA Prod Mode

Allows the bank to define the payment account definition through AA Products. Allowed values are:

  • Null – Payment Account Definition not defined by AA Product.
  • Default – Payment Account Definition defined by AA Product Groups (excluding those marked as exceptions).
  • Specific – Payment Account Definition defined by AA Product (as defined as exceptions).

In the following screenshot, all AA Products in CURRENT.ACCOUNTS of the AA Product Group, except STUDENT.ACCOUNTs and STAFF.ACCOUNTs, are considered ‘available’ under PSD2.

In the following screenshot, only the AA Products that are STUDENT.ACCOUNTs or STAFF.ACCOUNTs are considered ‘available’ under PSD2.
Avail AA Prod Group

Defines the AA Product Group, which includes a payment account types that are eligible for sharing with TPPs. This field only allows a valid AA Product Group ID from the ACCOUNT product line.

  • Mandatory if the AA Avail Prod Mode is Default.
  • Must be blank if AA Avail Prod Mode is Specific.
This field allows multiple values.
Avail AA Prod Excpt

Defines the AA Products that are to be:

  • Excluded (where AA Avail Prod Mode is Default)
  • Included (where AA Avail Prod Mode is Specific)
This field allows multiple values.
Permissions Check

Defines if the user’s channels permission during PSD2 workflows will be checked within Temenos Transact or within an external system.

Allowed values are:

  • Null – Defaults channels permissions to be managed within Temenos Transact using EB External User and Online Channels Arrangement permissions.

  • External – Defines that channels permissions will be managed externally. The expectation is that an external system will check if a user has permission to perform a certain action.

Once this field is set as External, it cannot be changed to Null. The system displays an override message to warn the user, when this flag is set to External.
Retention Period Holds the time period for how long the unprocessed PSD2 consent requests are held in the system before they are deleted automatically.
  • The time period can be defined in minutes, hours, days, months and years.
  • When a value is set in this field, the housekeeping service is activated.
  • The minimum value allowed in this field is 10 minutes (10mm).
Tokenise Account ID

This field allows the bank to generate random account ID for each populated account within the Account Consent Arrangement.

If set to Yes, a unique ID will be populated for each account in the Account Consent Arrangement. The random value is used by the TPP to address the account in the AIS endpoints. Allowed values are:

  • Null - Tokenised values are not generated for the accounts within the consent.
  • No - Tokenised values are not generated for the accounts within the consent.
  • Yes - Tokenised values are generated for the accounts within the consent.

Validation:

When set to Yes, this value cannot be changed back to No or Null.

Illustrating Model Parameters

Covers the high-level specifications required for the PZ module.

Parameter Description
PZ.PARAMETER
  • This application captures the categories of the accounts that are considered as available for Payment Services Directive (PSD2).
  • Category range, that is, accounts that falls under a specific category range are considered as the available account for a specific customer. The category details are captured in the Avail Categ Start and Avail Categ End fields.
  • All the accounts can be considered as available accounts irrespective of the category and it can be defined in the Default Available field by marking as YES.
  • The Permissions.Check field manages the ‘channels permissions’ validations.
  • The Avail Aa Prod Mode field defines the rules for fields DEFAULT and SPECIFIC. These in-turn defines the list of products that are considered to be available for PSD2.
  • The Avail Aa Prod Grp field defines the Product Group to be considered as available under PSD2. Allows valid AA.PRODUCT.GROUP from the Account Product Line.
  • The Avail Aa Prod Ecxpt field allows valid AA.PRODUCT from the Account Product Line (and applicable to the AA.PRODUCT.GROUP). This field can be left null to identify that no exceptions are defined.
  • The Retention Period field allows banks to define time frequencies (minutes, hours, months and year) for holding unauthenticated or unapproved PSD2 consent requests.

  • The Tokenise Account Id field allows banks to tokenise the account IDs, if required.

Illustrating Model Products

PSD2 of the European Union and the Open Banking Implementation Entity (OBIE) have introduced the Third Party Provider services and as a result the customers can able to sign-up for account aggregation services from regulated TPPs. TPP can act as Account Information Service Provider (AISP), Payment Initiation Service Provider (PISP) and Payment Instrument Issuing Service Providers (PIISP).

Copyright © 2020- Temenos Headquarters SA

Contact Us

knowledge@temenos.com

Published on :
Monday, May 27, 2024 1:54:18 PM IST