These voluntary TPP Operational Guidelines (“the OG”) for Third Party Providers have been designed to support TPPs with guidance on best practice in areas including operational practices, security, counter-fraud, issue resolution and testing.
Other pages in this section
These recommendations are designed to help TPPs deliver successful products and services in an innovative, competitive and secure Open Banking Ecosystem. We recognise however that every TPP will have requirements that are specific to its business needs and therefore should consider tailoring these recommendations to support their particular needs. Where appropriate, links to relevant published documents are provided.
The objectives of these voluntary TPP Operational Guidelines are to:
In this chapter
Information Security protects the confidentiality, integrity and availability of information through the application of physical, administrative and technical controls to manage and mitigate risks to acceptable levels.
This version was published 4 Years & 2 Months ago
20 Dec 2019
All Participants should ensure that counter fraud controls are given sufficient profile in their organisation to prevent financial loss to service users and participating organisations.
Maintaining the highest standards of service delivery, even when problems occur, is critical to provide a good customer experience and a well-functioning open banking ecosystem.
An essential part of successful product or feature delivery, testing is crucial to ensure that the overall customer experience meets expectations consistently.
Disclaimer: The contents of the Operational Guidelines for TPPs do not constitute legal advice. While drafted with regard to relevant regulatory provisions and best practice, they are not a complete list of the regulatory or legal obligations that apply to TPPs. Although intended to be consistent with regulations and laws, in the event of any conflict with such regulations and laws, those regulations and laws will take priority. Participants are responsible for their own compliance with all regulations and laws that apply to them, including without limitation, PSRs, PSD2, GDPR, PCI DSS, consumer protection laws and anti-money laundering regulations.