sb-as logo
Story image

ForgeRock achieves open banking compliance certification

30 Apr 2019

Digital identity management solutions provider ForgeRock has announced it is the first Identity and Access Management vendor to achieve conformance with the OpenID Foundation’s FAPI (Financial-grade API) standard.

FAPI is a fully open standard designed for banks and fintechs in Europe and around the world to build Open Banking standards for the secure exchange of consumer financial information.

APIs are essential in making this a reality.

Synonymous with innovation and a commitment to open standards, ForgeRock is active in the certifications, regulations and standards that drive industries around the world, and the company has demonstrated consistent leadership in Open Banking.

For two years, ForgeRock has worked with the Open Banking Implementation Entity (OBIE), originally in delivering a reference implementation for the UK big banks (the CMA 9) to provide a Model Bank with APIs built to specification.

Most recently, ForgeRock delivered a Sandbox-as-a-Service to enable agile development teams to achieve compliance with Open Banking and the Revised Payment Service Directive (PSD2).

The OpenID Foundation (OIDF) promotes, protects and nurtures the OpenID community and technologies, and supported the working group responsible for delivering the FAPI certification.

The standard enables banks and fintechs to test and certify their implementations, which should accelerate development and testing, reduce support issues, and reduce costs.

FAPI aims to provide specific implementation guidelines for online financial services to adopt and can be applied in any market that requires higher levels of security.

OpenID Foundation executive director Don Thibeau says, “In working with the OBIE and industry leaders like ForgeRock, the OpenID Foundation is proud to build upon the Financial-grade API with an advanced approach that enables stronger security, openness, flexibility, easy-to-implement and delivers real customer value.”

Accelerating compliance with the ForgeRock Sandbox-as-a-Service

The primary goal of PSD2 and Open Banking is to encourage greater innovation and competition within financial services.

To facilitate this, ForgeRock delivered a Sandbox that is fully compliant and meets the agreed standard for testing the functionality of Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).

The cloud-based solution can be deployed rapidly and is already in production for several European banks that provide apps and services to more than 35 million consumers.

ForgeRock financial services and regulatory vice president Nick Caley says, “Everyone understands APIs will completely change the financial services landscape and other markets by driving new competition, collaboration and innovation.

“In support of the standard, along with our Sandbox for Open Banking, we continue to aim to provide financial institutions with compliance-ready solutions.”

Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Link image
Webinar: Securing privileged access to stop attackers in their tracks
Thycotic's immersive webinar will demonstrate how attackers acquire passwords on endpoints and access critical cloud applications — without being detected.More
Story image
Claroty and Yokogawa Engineering Asia extend partnership for SEA and A/NZ
Claroty and Yokogawa Engineering Asia have partnered to better serve organisations in Southeast Asia, Australia and New Zealand.More
Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More
Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More
Story image
Zscaler and CrowdStrike release integrations for end-to-end security
This collaboration between the two cloud-native security companies provides joint customers with adaptive, risk-based access control to private applications.More