Obligations on the Proxy Directory Operator

When the PDO is enabled through Nexus, the PDO needs to fulfil the following obligations:

Availability

The PDO should have the ability to process proxy resolution requests, with the required availability (in principle 24/7/365), and with business continuity arrangements.
The PDO should maintain availability of at least 99.5%.

Accuracy

The PDO verifies, before a proxy can be shared through Nexus, that the proxy is in control of the account holder (i.e. payee), or otherwise authorized by the possessor of the proxy to link it to the Recipient’s account. The PDO guarantees that the proxy database will be kept current and changes made by proxy holders will be processed immediately.
The PDO is obligated to verify that the account holder name provided by the service is accurate (for example, by only allowing changes to the name associated to the proxy to be made by the PSP providing that account, rather than by the person controlling the proxy itself).

Data privacy and consent

The PDO needs to ensure that all required consents have been collected for any information disclosed to and via Nexus. The method to do this should be compliant with local standards where the information is collected.
The PDO will ensure that (contractual and implicit) privacy expectations of end users (both on the sending and receiving end of transactions) are met.

Compliance

The PDO will keep track of queries processed for the purpose of providing an audit trail to relevant parties involved.
The PDO establishes a secure channel with the Nexus Gateway for the protection of sensitive data.

Last updated 25 days ago