Operational Guidelines

TPP Guidelines

This version is:

Published 4 years ago 20 Dec 2019

These voluntary TPP Operational Guidelines  (“the OG”) for Third Party Providers have been designed to support TPPs with guidance on best practice in areas including operational practices, security, counter-fraud, issue resolution and testing.

Other pages in this section

These recommendations are designed to help TPPs deliver successful products and services in an innovative, competitive and secure Open Banking Ecosystem. We recognise however that every TPP will have requirements that are specific to its business needs and therefore should consider tailoring these recommendations to support their particular needs. Where appropriate, links to relevant published documents are provided.

The objectives of these  voluntary TPP Operational Guidelines are to:

  • Support a well functioning ecosystem with a solid foundation for stable, trustworthy and reliable customer-focused services.
  • Encourage best practice by TPPs operating in the Open Banking Ecosystem.
  • Bring focus to critical operational factors around security, data custody and proposition testing.

Disclaimer: The contents of the Operational Guidelines for TPPs do not constitute legal advice. While drafted with regard to relevant regulatory provisions and best practice, they are not a complete list of the regulatory or legal obligations that apply to TPPs. Although intended to be consistent with regulations and laws, in the event of any conflict with such regulations and laws, those regulations and laws will take priority. Participants are responsible for their own compliance with all regulations and laws that apply to them, including without limitation, PSRs, PSD2, GDPR, PCI DSS, consumer protection laws and anti-money laundering regulations.