Operational Guidelines

TPP Guidelines

This version is:

Published 4 years ago 11 Feb 2020

These Operational Guidelines (OGs) help TPPs deliver innovative, competitive and secure products and services within the evolving Open Banking Ecosystem.

Other pages in this section

These recommendations are designed to help TPPs deliver successful products and services in an innovative, competitive and secure Open Banking Ecosystem. We recognise however that every TPP will have requirements that are specific to its business needs and therefore should consi

They are designed to:

• Encourage excellence in TPPs operating in the Open Banking Ecosystem.
• Support the ecosystem with stable, trustworthy and reliable customer-focused services.
• Bring focus to critical operational factors around security, data custody and proposition testing.

We recognise that every TPP will have requirements that are specific to its business needs and should tailor these recommendations. Where appropriate, we have provided links to relevant regulatory publications.

In this chapter

Change Management

OBIE will continue to publish new versions of the Open Banking Standard to cater for regulatory changes / clarifications, Open Banking Roadmap requirements and other approved changes including new functionality, fixing defects, and erratas. Publication will take place within appropriate timeframes to enable Participants to plan ahead and ensure the that they have adequate time to…

This version was published 4 Years & 3 Months ago 11 Feb 2020

Data Ethics

  Open Banking enabled services facilitate the transfer of high-quality datasets from the consumer to the TPP. How you collect, collate, draw insight and inference from the data, and how you store it, use it and share it and for what purpose, all have ethical implications.    Data is a company asset which requires proper and effective handling to create value. It also something which…

This version was published 4 Years & 3 Months ago 11 Feb 2020

Data Privacy / GDPR

Compliance with data privacy laws and GDPR requires a risk based approach tailored to the nature of personal data and the type of processing employed. The checklist below provides signposts to the relevant sources.

This version was published 4 Years & 3 Months ago 11 Feb 2020


OBIE would like to ensure all Participants looking to operate within the OBIE Ecosystems do so in a supported manner. This includes supporting TPPs with the ability to test their products and services (both at initial launch and also through subsequent changes) by providing a number of key tools and infrastructure to ensure that their products have…

This version was published 4 Years & 3 Months ago 12 Feb 2020

Issues and Disputes

This section provides guidance on issues and disputes, including customer complaints and infrastructural failures. TPPs should incorporate these into their operational capability. Maintaining the highest standards of service delivery, even when problems occur, is critical to provide a good customer experience and a well-functioning open banking ecosystem. Current Issues Status To share known issues with…

This version was published 4 Years & 3 Months ago 13 Feb 2020

Contract and Supplier Management

Buying Services – Supplier Contracts This section sets out the key considerations when you are procuring or contracting services. Taking a systematic approach will increase speed to contract, minimise risk and help drive more value from the supplier. Services you might want to buy include: technology (hardware, software, cloud), outsourcing, facilities and professional advice. In…

This version was published 4 Years & 3 Months ago 11 Feb 2020

Business Continuity and Disaster Recovery

Business Continuity and Disaster Recovery are processes that all firms should have but should never want to use. In the event of either being required, if a firm does not have them it could be catastrophic for the firm. There can be confusion between the two, but they are quite easy to distinguish: Business Continuity…

This version was published 4 Years & 3 Months ago 11 Feb 2020

Disclaimer: Nothing contained in these OGs amounts to, or constitutes, legal advice. It is the sole responsibility of TPPs to ensure they understand and meet their legal and regulatory obligations. While drafted with regard to relevant regulatory provisions including without limitation, PSRs, PSD2, GDPR, consumer protection laws, anti-money laundering regulation and applicable best practice(s), they are not a complete list of the regulatory or legal obligations that apply to TPPs. The OGs are intended to be consistent with regulations and laws, however, in the event of any conflict with such regulations and laws, those regulations and laws will take priority.

Main content image

The OG and OG Checklist will be revised in the event of changes to regulatory guidance and to support future releases of the OBIE Standard. While this document is focused on PSD2 in-scope accounts and functionality, all of the recommendations can still be applied by ASPSPs implementing account types and functionality which are outside the scope of PSD2