National Bank of Moldova issues draft national Open Banking API and security requirements for account servicing payment service providers

The National Bank of Moldova has published a draft Executive Committee decision that would approve functional and technical requirements for the interfaces used by account servicing payment service providers (ASPSPs) to implement Open Banking. The requirements are positioned as Moldova’s national Open Banking standard, based on Berlin Group specifications and aligned with the framework on strong customer authentication and secure communication. The draft sets the operating model for account information services (AIS) and payment initiation services (PIS) delivered by third-party providers (TPPs) through standardised APIs, with explicit user consent and strong customer authentication (SCA) implemented via a redirect approach. It limits AIS access without explicit user action to a maximum of four calls per 24 hours per AISP, requires ASPSPs to provide a consent management dashboard (web and mobile) with real-time updates and instant revocation, and specifies mandatory API endpoints for consents, accounts (including balances and transactions), and payments (including status checks). The framework also introduces a National Bank of Moldova-managed Open Banking Digital List, which ASPSPs must query every one to 10 minutes (with caching permitted between queries) to validate TPP status and certificates, alongside requirements to monitor and reject expired, compromised, or revoked certificates. Under the draft decision, the requirements would enter into force one month after publication in the Official Monitor.