SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
ForgeRock achieves open banking compliance certification
Tue, 30th Apr 2019
FYI, this story is more than a year old

Digital identity management solutions provider ForgeRock has announced it is the first Identity and Access Management vendor to achieve conformance with the OpenID Foundation's FAPI (Financial-grade API) standard.

FAPI is a fully open standard designed for banks and fintechs in Europe and around the world to build Open Banking standards for the secure exchange of consumer financial information.

APIs are essential in making this a reality.

Synonymous with innovation and a commitment to open standards, ForgeRock is active in the certifications, regulations and standards that drive industries around the world, and the company has demonstrated consistent leadership in Open Banking.

For two years, ForgeRock has worked with the Open Banking Implementation Entity (OBIE), originally in delivering a reference implementation for the UK big banks (the CMA 9) to provide a Model Bank with APIs built to specification.

Most recently, ForgeRock delivered a Sandbox-as-a-Service to enable agile development teams to achieve compliance with Open Banking and the Revised Payment Service Directive (PSD2).

The OpenID Foundation (OIDF) promotes, protects and nurtures the OpenID community and technologies, and supported the working group responsible for delivering the FAPI certification.

The standard enables banks and fintechs to test and certify their implementations, which should accelerate development and testing, reduce support issues, and reduce costs.

FAPI aims to provide specific implementation guidelines for online financial services to adopt and can be applied in any market that requires higher levels of security.

OpenID Foundation executive director Don Thibeau says, “In working with the OBIE and industry leaders like ForgeRock, the OpenID Foundation is proud to build upon the Financial-grade API with an advanced approach that enables stronger security, openness, flexibility, easy-to-implement and delivers real customer value.

Accelerating compliance with the ForgeRock Sandbox-as-a-Service

The primary goal of PSD2 and Open Banking is to encourage greater innovation and competition within financial services.

To facilitate this, ForgeRock delivered a Sandbox that is fully compliant and meets the agreed standard for testing the functionality of Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).

The cloud-based solution can be deployed rapidly and is already in production for several European banks that provide apps and services to more than 35 million consumers.

ForgeRock financial services and regulatory vice president Nick Caley says, “Everyone understands APIs will completely change the financial services landscape and other markets by driving new competition, collaboration and innovation.

“In support of the standard, along with our Sandbox for Open Banking, we continue to aim to provide financial institutions with compliance-ready solutions.