Operational Guidelines

TPP Guidelines

This version is:

Published 3 years ago 25 Jun 2020

These Operational Guidelines (OGs) help TPPs deliver innovative, competitive and secure products and services within the evolving Open Banking Ecosystem.

Other pages in this section

They are designed to:

• Encourage excellence in TPPs operating in the Open Banking Ecosystem.
• Support the ecosystem with stable, trustworthy and reliable customer-focused services.
• Bring focus to critical operational factors around security, data custody and proposition testing.

We recognise that every TPP will have requirements that are specific to its business needs and should tailor these recommendations. Where appropriate, we have provided links to relevant regulatory publications.

In this chapter

Change Management

OBIE will continue to publish new versions of the Open Banking Standard to cater for regulatory changes / clarifications, Open Banking Roadmap requirements and other approved changes including new functionality, fixing defects, and erratas.

This version was published 3 Years & 9 Months ago 25 Jun 2020

Data Ethics

Open Banking enabled services facilitate the transfer of high-quality datasets from the consumer to the TPP. How you collect, collate, draw insight and inference from the data, and how you store it, use it and share it and for what purpose, all have ethical implications.   

This version was published 3 Years & 9 Months ago 25 Jun 2020

Data Privacy / GDPR

Compliance with data privacy laws and GDPR requires a risk based approach tailored to the nature of personal data and the type of processing employed. The checklist below provides signposts to the relevant sources.

This version was published 3 Years & 9 Months ago 25 Jun 2020

Testing

An overview of the Testing approach and act as a ‘hub’ from which participants can access relevant support documentation.

This version was published 3 Years & 9 Months ago 25 Jun 2020

Issues and Disputes

This section provides guidance on issues and disputes, including customer complaints and infrastructural failures. TPPs should incorporate these into their operational capability.

This version was published 3 Years & 9 Months ago 25 Jun 2020

Contract and Supplier Management

This section sets out the key considerations when you are procuring or contracting services. Taking a systematic approach will increase speed to contract, minimise risk and help drive more value from the supplier.

This version was published 3 Years & 9 Months ago 25 Jun 2020

Business Continuity and Disaster Recovery

Business Continuity and Disaster Recovery are processes that all firms should have but should never want to use. In the event of either being required, if a firm does not have them it could be catastrophic for the firm. There can be confusion between the two, but they are quite easy to distinguish: Business Continuity…

This version was published 3 Years & 9 Months ago 25 Jun 2020

Disclaimer: Nothing contained in these OGs amounts to, or constitutes, legal advice. It is the sole responsibility of TPPs to ensure they understand and meet their legal and regulatory obligations. While drafted with regard to relevant regulatory provisions including without limitation, PSRs, PSD2, GDPR, consumer protection laws, anti-money laundering regulation and applicable best practice(s), they are not a complete list of the regulatory or legal obligations that apply to TPPs. The OGs are intended to be consistent with regulations and laws, however, in the event of any conflict with such regulations and laws, those regulations and laws will take priority.