ASPSPs must provide PSUs with a facility to view and manage CoF access that they have given to any CBPII. This page describes how the customer journey to revoke CoF access should be constructed.
Other pages in this section Dashboards Overview AIS Consent Dashboard AIS Access Dashboard PIS VRP Consent Dashboard PIS VRP Access Dashboard CBPII Consent Dashboard CBPII Revocation of Consent CBPII Access Dashboard CBPII Access Revocation PSU Notifications
This content is best viewed on a desktop browser. 1 CEG Checklist Requirements 1Access Dashboard ASPSPs must provide PSUs with Access Dashboard. The ASPSP Access Dashboard must display all Confirmation of Funds access authorisations provided to each CBPII. Thus, for each PSU account there must be a corresponding explicit consent entry for each CBPII that has been granted CoF access to the account by the PSU. The Access Dashboard must also describe for each authorisation: The status of the authorisation e.g. Active/Inactive. The ongoing nature of the access or when the CBPII access to the account will expire. The date the CoF access was granted by the PSU. 2 CX Considerations 2CoF Access History For each CBPII having CoF access, ASPSPs should display the PSUs account details including account name, sort code, account number and expiration date and time. ASPSPs must also provide PSUs with the ability to request all the CoF access history (CoF requests and responses) under a specific CBPII. This must include the identity of the CBPII who made the request, and the response (Y/N) given. ASPSPs should provide this functionality via the Access Dashboard. Note: While OBL recommends the use of the Access Dashboard for provision of CoF Access History to the PSU, it is in the domain of each ASPSP to consider alternative options to meet their regulatory requirements for the provision of the COF access history. The COF history could also include the following: The date the Confirmation of Funds request has been received by the ASPSP. The unique reference of the CoF request. The amount in relation on the CoF request. Please note that in case ASPSPs are unable to provide a response to a CoF request to the CBPII, a reason should be provided in the history entry for this CoF request. 3 CEG Checklist Requirements 3ASPSPS must allow PSUs to revoke the CoF access for each CBPII to a specific PSU account. ASPSPs must advise PSUs that they should contact the associated CBPII to fully understand the potential implications of doing so. 4 CEG Checklist Requirements 4Revocation Request ASPSPs must allow PSUs to confirm that they want to revoke CoF access of their account to a specific CBPII. ASPSPs should inform PSUs that once CoF access is revoked, the CBPII will no longer be able to check the availability of funds in their account. This may cause their CBPII transactions to be declined. ASPSPs must advise PSUs that they should contact the associated CBPII to inform them of the cancellation of CoF access to their account and/or fully understand the potential implications of doing so. ASPSPs must give equal prominence to the choices of continuing or cancelling the CBPII CoF access. 5 CEG Checklist Requirement 5 ASPSPs must update the status of the consent with appropriate reasons. ASPSP could allow the PSU to capture a reason and provide it to the PISP when queried using the relevant GET consent endpoint. 6 CX Considerations 6ASPSPs should confirm to PSUs that CoF access to their account has been cancelled. Select to scroll left Select to scroll right
CEG Checklist Requirements & Customer Experience Considerations CEG Checklist Reference 1 Access Dashboard ASPSPs must provide PSUs with Access Dashboard. The ASPSP Access Dashboard must display all Confirmation of Funds access authorisations provided to each CBPII. Thus, for each PSU account there must be a corresponding explicit consent entry for each CBPII that has been granted CoF access to the account by the PSU. The Access Dashboard must also describe for each authorisation: •The status of the authorisation e.g. Active/Inactive. •The ongoing nature of the access or when the CBPII access to the account will expire. The date the CoF access was granted by the PSU 10 2 CoF Access History For each CBPII having CoF access, ASPSPs should display the PSUs account details including account name, sort code, account number and expiration date and time. ASPSPs must also provide PSUs with the ability to request all the CoF access history (CoF requests and responses) under a specific CBPII. This must include the identity of the CBPII who made the request, and the response (Y/N) given. ASPSPs should provide this functionality via the Access Dashboard. Note: While OBL recommends the use of the Access Dashboard for provision of CoF Access History to the PSU, it is in the domain of each ASPSP to consider alternative options to meet their regulatory requirements for the provision of the COF access history. The COF history could also include the following: •The date the Confirmation of Funds request has been received by the ASPSP. •The unique reference of the CoF request. •The amount in relation on the CoF request. Please note that in case ASPSPs are unable to provide a response to a CoF request to the CBPII, a reason should be provided in the history entry for this CoF request. 3 ASPSPS must allow PSUs to revoke the CoF access for each CBPII to a specific PSU account. ASPSPs must advise PSUs that they should contact the associated CBPII to fully understand the potential implications of doing so. 10 4 Revocation Request ASPSPs must allow PSUs to confirm that they want to revoke CoF access of their account to a specific CBPII. ASPSPs should inform PSUs that once CoF access is revoked, the CBPII will no longer be able to check the availability of funds in their account. This may cause their CBPII transactions to be declined. ASPSPs must advise PSUs that they should contact the associated CBPII to inform them of the cancellation of CoF access to their account and/or fully understand the potential implications of doing so. ASPSPs must give equal prominence to the choices of continuing or cancelling the CBPII CoF access. 10 5 ASPSP should update the status of the consent. If the status of the consent is updated then they must provide appropriate reasons. ASPSP could allow the PSU to capture a reason and provide it to the CBPII when queried using the relevant GET consent endpoint. 10g 6 ASPSPs should confirm to PSUs that CoF access to their account has been cancelled.
CBPII Access Dashboard Previous Related articles Please select API specifications Changes to an Intent's Authorized State Consent Revocation PSU Notifications Next