The Slovak Banking Association implementation of API focused on compliance with PSD2 guidelines and security. The Slovak Banking API Standard (SBAS) is an open standard that covers all banks operating in the country and defines secure communication between the banks and third-party providers based on PSD2 requirements.
Slovak Banking API Standard
The Slovak Banking Association in cooperation with the National Bank of Slovakia
The data model of the standard and all extended APIs should utilise data elements, terms, and semantics from ISO 20022 as much as reasonable. The Slovak Banking API Standard represents only minimum requirements for API implementation.
One of the fastest-growing retail financial institutions in Slovakia faced challenges complying with the Second Payment Services Directive (PSD2) and other Open Banking requirements driving the digital transformation. It needed the flexibility to add threat-detection capabilities to its anti-fraud transaction monitoring solution. HID Risk Management Solution (RMS) – Threat Detection solved the challenge.
v2.1 published in February 2022.
Third Party Providers (TPPs) must have relevent registrations for PSD2 for AISP and/or PISP roles and scopes.
TPPs must be checked and authenticated.
The TPP has presented relevent “OAuth2 Authorization Client Credential Grant” access tokens.
SBAS represents minimum requirements for API implementation.
The standard is voluntary for SBA members (banks or ASPSP). The Slovak Banking Association implements API focused on compliance with PSD2 guidelines and security.
SBAS is among the five European API standardisation initiatives which are evaluated by experts of API Evaluation Group (API EG). API EG is a market group and its creation was proposed by the European Commission. The API EG has the objective to evaluate standardised API specifications in order to help ensure that those standards are compliant with the requirements of the PSD2 and meet the needs of all market participants.
The data model of the standard and all extended APIs should utilise data elements, terms, and semantics from ISO 20022 as much as reasonable.
An authorisation request is created by the AISP for the PSU to consent to the AISP request.
Details are in the API Standard.
FAPI, OAuth 2.0 and OpenID Connect (OIDC).
The Slovak Banking API Standard was created by the Slovak Banking Association in collaboration with the National Bank of Slovakia as it was known that banks in Slovakia had to open for the Third Party Providers (TPPs) in 2018 and for security reasons. PSD2 was approved in late 2015, and the planning of the Slovak Banking API Standard (SBAS) was approved in mid-2017. The entry came into force on the 13th of January 2018 simultaneously with the Payments Act, which commenced the transition period lasting until September 2019. Version 1.0 was launched in December 2017, and the latest version 2.1 was launched in February 2022.
Governed by the Slovak Banking Association (SBA) in collaboration with the National Bank of Slovakia. All the financial institutions of Slovakia are members of the SBA, 23 of them are full members and have the right to vote in the bodies of the SBA, and four of them are associate members who have no right to vote, to elect the bodies of the SBA and to have an elected representative to those bodies; participate in the management and control of the activities of the SBA.
The bodies of the association ensuring the fulfilment of its tasks and goals are the assembly of members, the presidium, the president and vice-president, the executive director and the SBA commissions.
SBAS is based on PSD2 and follows the ISO20022 guidelines. It is part of the five European API standardisation initiatives (NextGen, OBIE, STET, PolishAPI and SBAS).
In general, the standard is voluntary for SBA members (banks or ASPSP).