Dedicated Interface Requirements
The Open Banking Standard was developed by Open Banking Ltd (OBL), the Implementation Entity described in the CMA Order, over a period of 18 months in collaboration with nine of Europe’s largest financial institutions as well as 500+ representatives from other ASPSPs, TPP communities, PSD2 and consumer stakeholder groups, and prominent fintech leaders.
Other pages in this section
The collaborative and transparent development process has involved over 50 workshops and an online feedback process, giving stakeholders the opportunity to contribute to ensure that their regulatory requirements have been considered for the widest possible coverage of business models. As such, when ASPSPs adopt the Open Banking Standard without deviation, they can refer to the fact that there was extensive consultation during the development of the Open Banking Standard as an additional tool to support the design and testing requirement.
In the UK, the FCA will base its assessment of whether the exemption criteria are met on a completed contingency exemption form. FCA-regulated ASPSPs are required to complete this (in particular the second half Form B1) by providing the details of functional and technical specifications that they have implemented for each relevant regulatory requirement and a corresponding summary describing how their implementation satisfies the requirement, as well as any deviations, where applicable.
We note that it is ultimately in the discretion of each NCA to determine whether or not exemption criteria are met when assessing applications for an exemption.
Open Banking Limited (OBL), the Implementation Entity described in the CMA Order, provides a suite of testing tools which are designed to help ASPSPs test whether or not their API interface meets the Open Banking Standard. ASPSPs who use these tools will be in a good position to able to demonstrate to NCAs that they have correctly followed and implemented the Open Banking Standard2.
Functional Conformance: This suite contains a large number of test cases, which cover all functional API request, response and error codes, to ensure that the API interface is conformant to the Open Banking Limited (OBL) specifications for AISP, PISP and CBPII use cases. This tool also provides a mechanism by which ASPSPs can publish details of the specification of their dedicated interface.
Customer Experience Guidelines Checklist: This tool allows ASPSPs to provide evidence of conformance to the Customer Experience Guidelines.
Security Profile Conformance: This suite includes test cases for the Open Banking Security Profile and the following Open ID Foundation profiles: redirect (FAPI profile), decoupled (CIBA profile), and TPP on-boarding (Dynamic Client Registration).
Operational Guidelines Checklist: In combination with the NCA submission, ASPSPs should use this checklist to provide the NCA with a summary of the results of the testing, including the identification of weaknesses and a description of how these weaknesses have been addressed.
Open Banking Limited (OBL) will also provide a certification service for each of the four areas above. This service will include Open Banking Limited (OBL)’s validation that the conformance tools/checklists have been run/completed satisfactorily to indicate conformance to the Open Banking Standard. While the tools can be run in a test/pre-production environment, certification will be against production environments unless otherwise agreed by Open Banking Limited (OBL).
ASPSPs who run these tools and obtain certification against their production environment will mitigate against scenarios where the dedicated interface returns 2x HTTP status codes, but the responses contain missing, badly formed or incorrect data.
1Cf. https://standards.openbanking.org.uk/wp-content/uploads/2022/04/contingency-exemption-request-form-2018.pdf 2While running the tools successfully will produce useful evidence, an NCA may still require further evidence to ascertain whether or not an ASPSP has correctly implemented the Open Banking Standard
Dedicated Interface Requirements Previous
Testing Facility Next