Change Log

Change Log (Consultation Dec 2019)

This version is:

Published 5 years ago 20 Dec 2019
A detailed list of changes from V3.1.3 to V3.1.4 Changes are indicated as follows. Copy…

Other pages in this section

A detailed list of changes from V3.1.3 to V3.1.4

Changes are indicated as follows. Copy which has been removed is struck out and copy which has been added is in blue.

ItemSection ReferenceDescription of ChangeReason for Change
Section Introduction
1The Customer Experience Guidelines form part of the Open Banking Standard Implementation Requirements (SIRs)

The Customer Experience Guidelines (and associated Checklist) form part of the Standard Implementation Requirements, and set out the customer experience required to deliver a successful Open Banking ecosystem, alongside technical, performance, non-functional requirements and dispute resolution practices.

The CEG Checklist has been developed for ASPSPs and TPPs to assess compliance towith this aspect of the OBIE Standard Implementation Requirements.

The CEG and CEG Checklist are consistent with:

The Revised Payment Services Directive (PSD2) (Transposed in the UK by the Payment Services Regulations 2017 (PSRs))
The Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication (RTS))
The UK CMA Retail Banking Market Investigation Order which applies to the nine largest UK retail banks only (known as the CMA9)).
In developing its Standard Implementation Requirements, OBIE has undertaken extensive engagement with different market participants, and analysis to ensure that its standards have been designed in line with relevant regulatory and market requirements.

On this basis, where an ASPSP seeking an exemption notifies the relevant National Competent Authority (NCA) (e.g. the FCA in the UK) that its dedicated interface follows the OBIE Standard Implementation Requirements, we expect this will provide a level of assurance that the ASPSP meets the requirement of RTS Article 30(5). Conversely, when an ASPSP has deviated from the Standard Implementation Requirements, we expect that the NCA may require additional information to enable it to consider more closely whether the ASPSP’s implementation is compliant with the relevant regulatory requirements. This may include the NCA requesting additional details on how and why there has been a deviation.

For this purpose, we would expect an ASPSP to complete and submit the CEG Checklist, providing supporting evidence as appropriate, to OBIE. This can then be provided to the NCA in support of its application for an exemption.
Updated
2Added new pages to Menu - Introduction

Customer Journey
Setup
Consent - Codification of AIS Consent (PSD2)
Consent Management
Stop Sharing
(sub-menu)
Revocation
Offboarding & Data Erasure
Customer Communication
Improving Comprehension
Added more guidance to Customer Journey for TPPs on Customer Journey & Customer Communication
3Removed below pages from Menu - Introduction
OBIE SIR
Vulnerable Customers
CX Principles
The content is rolled up on About page
4Renamed below pages to Menu - Introduction
Design Principles to Customer Experience Principles
The menu item is renamed.
5Updated About page with Disclaimer

The contents of the CEG and CEG Checklist do not constitute legal advice. While the CEG and CEG Checklist have been drafted with regard to relevant regulatory provisions and best practice, they are not a complete list of the regulatory or legal obligations that apply to Participants. Although intended to be consistent with regulations and laws in the event of any conflict with such regulations and laws, those regulations and laws will take priority. Participants are responsible for their own compliance with all regulations and laws that apply to them, including without limitation, PSRs, PSD2, GDPR, Treating Customers Fairly,  consumer protection laws and anti-money laundering regulations


Updated About page with Disclaimer
6Moved below sections from old Design & Experience Principles page to Customer Journey page
Useful elements in the customer journey
Unhelpful elements in the customer journey
Moved content to relevant page
Section Account Information Services (AIS)
1Refreshing AISP access
Click for Related API specifications
  • Cosent Consent Re-authentication/General)


Typos
790-Days Re-authenticationNew Journey New change to reflect 90 days re-auth journey
8Permissions and Data Clusters for AIS journeysYour Account DetailsBalanceBalancesYour account balanceAmount, Currency, Credit/Debit, Type of Balance, Date/Time, Credit LineClarification to align to Decision 201
Section Payment Initiation Services
9Payment RefundsNew Journey New change to reflect Payment Refunds Journey
Section Card Based Payment Instrument Issuers (CBPIIs)
10Revocation of ConsentChange to process wireframe.
Confirm Account Access Revocation
Confirm Consent Revocation
Clarification
11Card-specific Permissions and Data Clusters for AIS journeyYour Card DetailsBalancesBalancesYour account balanceAmount, Currency, Credit/Debit, Type of Balance, Date/Time, Credit LineClarification to align to Decision 201
Section Appendices
12Standard Error CodesPlease refer to Specs Section : OBErrorResponseError1CodeTo remove duplicate content
13Refund Payment FullfillmentSupporting examples for Payment Refunds
Section The Customer Experience Checklist
14Explanation of the Customer Experience Guidelines ChecklistCustomer-Experience-Guidelines-Checklist-v3.1.4-Final.xlsx

The checklist is now called 3.1.4
158aConsentPISPDo you gather consent in a clear, specific and straightforward manner as per the principles described in Section - Payment Refunds of the Customer Experience Guidelines?Answer must be "Yes"Requiredn/aMandatoryPSRs Reg. 69(3)(g)
•FCA Approach Document 17.68
1617aAuthenticating to refresh accessAISPDo you allow the PSU to confirm their request to refresh access across multiple ASPSPs account(s)?
When refreshing access across multiple ASPSPs, do you enable the PSU to select and confirm the relevant accounts(s) for refreshing access?
Answer must be "Yes"Requiredn/an/a*FCA Approach Document 20.47
1717bAuthenticating to refresh accessAISPDo you apply SCA when the PSU confirms their selection of account(s) across the relevant ASPSPs account(s)?Answer must be "Yes"Requiredn/an/a*FCA Approach Document 20.24
•EBA opinion paper – 13th June 2018 38-39
1818aCompletionAISPUpon successful completion of SCA, do you confirm to the PSU that access has been refreshed?Answer must be "Yes"Requiredn/an/an/a