Other pages in this section
Sharing payment account transaction data empowers Third Party Providers (TPPs) to provide innovative new financial services products to their customers, and it is therefore vital that customers are given clarity, control and transparency over how their data will be used. This must be the cornerstone of the data-sharing economy of which open banking is a leading initiative.
These TPP Guidelines set out standards of good practice in relation to open banking-enabled propositions. These guidelines follow the typical life cycle of a product, from initial set up, through obtaining consent, consent management, consent revocation, complaint management and customer off-boarding. The document is structured around desired customer outcomes and enabling principles and aligns with the FCA’s outcomes-based approach to regulation.
This document does not create any new legal obligations on TPPs, but it does signpost relevant underlying regulations and links to additional detail in other parts of the Open Banking Customer Experience Guidelines or Operational Guidelines.
The open banking ecosystem is a complex one, with a number of actors other than TPPs handling or processing customer data. It is important that firms who adhere to the principles set out here should also ensure that any agent acting on their behalf, any firm who receives data from a TPP on an onward sharing basis, or any Technical Service Provider (TSP) who provides technical services to support the product or service, also adheres to these principles. In this way, we ensure the widest dissemination and adoption of these principles.
This is the first release of these guidelines. It is anticipated that this document will be refined and updated as part of the ongoing development of the Open Banking Standard.
Customers must be able to easily understand the terms of the open banking-enabled service they are signing up to, how their data will be used and the value they get in exchange for sharing their data.
Firms will ensure that:
Customers understand the terms of the consent which allows TPPs to access their data for the provision of their payment service, know if and with whom the data will be shared, and are given the information to make informed decisions about whether to proceed.
Customers find it easy to review, confirm and cancel the payment service and consequently they have with a TPP so that customers feel in control of their data.
These principles have not been updated to reflect either the changes proposed to the CEG by the Trustee and the changes the FCA is currently consulting on in regard to Article 10A, 90-day reauthentication. If this change goes ahead as envisaged this section will be updated.
Customers are confident that their data is kept safe and that their data will be used in a way that is in their best interests.
If they present financial data to customers, they clearly communicate how recent the data is, and if there is any risk that they are presenting out of date information to prevent customers from making wrong decisions or drawing incorrect inferences about their finances.
Customers can exit products easily and understand what happens to their data when they do so. Where a firm or product closes or goes out of business, customers are also clear about what happens to their data afterwards.
In cases where a product or firm closes or goes out of business, firms apply fair and transparent approaches to the handling of customers’ data.
Customers understand how to complain if something goes wrong and are clear on their rights to redress.
They keep information on the type and number of complaints and report them in line with FCA requirements [DISP] and the UK GDPR process if they relate to the handling of personal data [UK GDPR Article 77]
Vulnerable customers should experience outcomes that are as good as those for other customers [FCA FG21/1]
Implementation Guidelines Previous
VRPs for sweeping Next