Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
borderWidth1
borderStyledashed

UK Finance, FDATA and the Open Banking Limited (OBL) are taking steps to improve the flow of information in the market between ASPSPs, AISPs and PISPs on approaches to secure communication under the PSD2 RTS – regardless of the API standard or approach to secure communication being used.

Completing the form will help demonstrate and enable engagement with newly regulated providers. It will also help smooth the transition for customers of third party providers who were in the market prior to 13th January 2018.This Transparency Calendar has been set up to facilitate this voluntary flow of information.It is for each institution to determine whether they answer each question or provide the information in this way – although we would encourage them to do so.The Regulatory Technical Standards under PSD2 set out how the secure communication between newly regulated providers, including AISPs and PISPs, will take place with payment account providers.



Panel
borderWidth1
borderStyledashed


Info
titleQuestionnaire and Q&A

To download the questionnaire and for instructions as to how to submit your completed questionnaire then please click here. To access the Q&A then please click here



Anchor
Full View
Full View

Panel
borderColor#6180c3
titleColorWhite
borderWidth1
titleBGColor#6180c3
borderStylesolid
titleFull View of ASPSP's Individual Calendars

Use dropdown link within sections below to display summary view of information recorded by all ASPSPs 

Individual ASPSP's calendar can be accessed by selecting 'ASPSPs' at left page menu 

Panel
titleColorBlack
borderWidth1
borderStyledashed
titleOB Standards

Below are the calendar responses from ASPSP who are enrolled into Open Banking and are specific to the Open Banking Standards

Expand
titleOB Standards

Page Properties Report
firstcolumnASPSP
pageSize50
sortByTitle
idTC-OB Standards
cqllabel = "trans-calender-new" and space = currentSpace ( )

List of ASPSPs certified for OB Standards Functional Conformance


Panel
titleColorBlack
borderWidth1
borderStyledashed
titleSCA-RTS 90-day reauth Implementation

Below are the calendar responses from ASPSP on their SCA-RTS implementation status

Expand
titleSCA-RTS

Page Properties Report
firstcolumnASPSP
pageSize50
sortByTitle
idSCA-RTS
cqllabel = "trans-calender-new" and space = currentSpace ( )



Panel
titleColorBlack
borderWidth1
borderStyledashed
titleSecurity Profile

Below are the calendar responses from ASPSP who are enrolled into Open Banking and are specific to the method of identification that ASPSP will adopt within the OB Ecosystem

Expand
titleSecurity Profile

Page Properties Report
firstcolumnASPSP
pageSize50
sortByTitle
idID-Production
reverseSorttrue
cqllabel = "trans-calender-new" and space = currentSpace ( )

List of ASPSPs certified for Security Profile Conformance


Panel
titleColorBlack
borderWidth1
borderStyledashed
titleCustomer Journey

Below are the calendar responses regarding Customer Journey

Expand
titleCustomer Journey

Page Properties Report
firstcolumnASPSP
pageSize50
sortByTitle
idTC-CJ
reverseSorttrue
cqllabel = "trans-calender-new" and space = currentSpace ( )

List of ASPSPs certified for  OB Standards CEG Conformance


Panel
titleColorBlack
borderWidth1
borderStyledashed
titlePSD2

Below are the calendar responses regarding PSD2

Expand
titlePSD2

Page Properties Report
firstcolumnASPSP
pageSize50
sortByTitle
idTC-PSD2
cqllabel = "trans-calender-new" and space = currentSpace ( )





Panel
borderColor#6180c3
borderWidth1
borderStylesolid


Expand
titleASPSP Dev Portal and Contact Details


Panel
titleColorWhite
borderWidth1
titleBGColorgreen
borderStyledashed
titleContact Details

Page Properties Report
firstcolumnASPSP
pageSize70
sortByTitle
idTC-C
cqllabel = "trans-calender-new" and space = "AD"






Panel
borderColor#6180c3
borderWidth1
borderStylesolid


Expand
titleCalendars Recently Updated

Recent updates
typespage
max10
spaces@self
labels-donotdisplay




Anchor
Submit
Submit

Panel
borderWidth1
borderStyledashed
titleSubmitting a Transparency Calendar Entry

There are two ways to complete the questionnaire:

  • If your firm is enrolled on the OBL directory your OBL testing representative will contact you directly in order to complete the questionnaire.
  • If your firm is not enrolled on the OBL directory then the attached questionnaire should be completed and returned back to UK Finance or emailed to the Open Banking Service Desk : servicedesk@openbanking.org.uk

Your questionnaire response will then be populated into the Transparency Calendar.  Your organisation will then be granted access to your organisations Transparency Calendar page in order for you to be able to update the page directly. 

In order to facilitate this we will require the name of an individual or individuals within your organisation who will be maintaining the page on your organisation's behalf.


Note
titleEnquiries

If you have any queries regarding any of the questions then please refer to the Q&A section of this page.  If you have any further queries then please email: servicedesk@openbanking.org.uk



Anchor
Questionnaire
Questionnaire

Panel
borderWidth1
borderStyledashed
titleQuestionnaire

Below is a word version of the questionnaire communicated by UK Finance.


View file
nameTransparency Questions v7.1.docx
height250

Anchor
QnA
QnA

Q&A

This section provides clarification about exactly what information is required for the questions detailed in the questionnaire.

Expand
titleQ&A


Expand
titleImplementing Customer Experience Guidelines?

Are you going to implement the Open Banking Customer Experience Guidelines?  Please response 'Yes' or 'No'


Expand
titleCurrent CEG Version?

Enter the current version of the CEG implemented in Production


Expand
titleNext CEG Version?

Enter the next version to be implemented


Expand
titleNext Version Implementation Date

When will the next version of the CEG be implemented


Expand
titleImplementing Bespoke User Journeys?

Are you going to implement bespoke  customer journeys?  Please respond 'Yes' or 'No'


Expand
titleImplementing App to App?

If you are implementing App to App for PSU authentication, please specify the implementation date, otherwise please respond 'N/A'


Expand
titleApp to App Implementation Date?

If you are implementing App to App then please specify the implementation date otherwise please respond 'N/A'


Expand
titleOptions on 90 day re-authentication?

Please specify the customer journey for refreshing AISP access


Expand
titleSupport Embedded Flow?

Are you supporting embedded flow for authentication? Please respond 'Yes' or 'No'


Expand
titleDirectory?

Please specify the Directory your organisation is employing (OBL, Preta, Other)


Expand
titleLocation of Well Known Endpoints?

Please specify the location of your 'Well Known Endpoints'.  These may be held on the Directory you are employing or or development portal.  Please specific 'Directory', 'Dev Portal', 'Other' (specifying)


Expand
titleAPI Standard Implemented

Please specify the API Standards your organisation has implemented.  You may have implemented OBL, Berlin Group, STET or your own bespoke standards.  Please specify


Expand
titleName of Account Holder Implementation Date

Please specify the implementation date for Name of Account Holder


Expand
titleDate of Current eIDAS Implementation?

Enter the date the current eIDAS implementation was deployed into production.


Expand
titleCurrent Certificates used for Identification?

Please specify the certificates or combination of certificates that are required during TPP identification. (OB Transport + ClientID + Secret / OB Transport/ OB Signing / OBWAC / OBSEAL / QWAC / QSEAL)


Expand
titleCurrent Certificates used for Transport?

Please specify the certificates or combination of certificates that are required for Transport (OB Transport  / OBWAC / QWAC)


Expand
titleCurrent Certificates used for Signing?

Please specify the certificates or combination of certificates that are required for Signing (OB Signing  / OBSEAL / QSEAL)


Expand
titleDate of Future eIDAS Implementation?

Enter the date the future eIDAS implementation will be deployed into production (Q2 2020). If you have no future eIDAS implementation planned over and above your current implementation then please enter 'No future update currently planned'


Expand
titleFuture Certificates used for Identification?

Please specify the certificates or combination of certificates that are required during TPP identification. (OB Transport + ClientID + Secret / OB Transport/ OB Signing / OBWAC / OBSEAL / QWAC / QSEAL)


Expand
titleFuture Certificates used for Transport?

Please specify the certificates or combination of certificates that are required for Transport (OB Transport  / OBWAC / QWAC)


Expand
titleFuture Certificates used for Signing?

Please specify the certificates or combination of certificates that are required for Signing (OB Signing  / OBSEAL / QSEAL)


Expand
titleMajor Milestones

Please specify an other major implementation milestones, version updates, version deprecation, new product releases, etc.


Expand
titleBrand(s)

Please enter the Brand(s) covered by this Transparency Calendar.  If your calendar supports multiple brands then please enter a 'comma' separated list.


Expand
titleSecurity Profile?

Please specify whether you support the Open Banking Security Profile or OIDC.  Please respond 'Open Banking', 'FAPI' or 'Other'.


Expand
titleSecurity Profile Certification?

Please specify whether you have achieved certification with the Security Profile authority.  Please respond, 'Yes' or 'No'.


Expand
titleCIBA

Please specify whether you are implementing CIBA for authentication.  Please respond 'Yes', 'No' or N/A


Expand
titleUsing Open Banking as your eIDAS Trust Framework?

If you are using Open Banking to validate third parties regulator status (eIDAS certificates, PSD2 roles and Passports) on your behalf then please respond 'Yes'. 


Expand
titleAre you caching the Directory?

Please specify whether you are caching the the Open Banking Directory.  Please responds 'Yes' or 'No'


Expand
titleTransaction IDs

If you are supporting Transaction IDs then please specify 'Option 1', 'Option 2', 'Option 3', or 'Option 4'.

Transaction IDs are conditional in the OBL Read/Write Specification v3.x. There are 4 options for how an ASPSP can treat this field in the API response:

  1. ASPSPs provide a Unique, Immutable TransactionID from their core system
  2. ASPSPs generate a Unique TransactionID from a set of Immutable fields
  3. ASPSPs specify field(s) for TPP to generate a Unique Transaction Identifier
  4. ASPSPs provide neither a TransactionID nor the method by which TPPs can generate one


Expand
titleFCA Adjustment Period - Maintaining Screen Scraping?

Please specify whether you are supporting screen scraping during the FCA Adjustment Period. Please respond 'Yes' or 'No'


Expand
titleSeeking Fallback Exemption

Please specify whether you are a seeking exemption with National Competent Authority (NCA) from building a contingency mechanism / fall back. Please respond 'Yes' or 'No'


Expand
titleAdjusted or Fallback Interface

Please specify your plans for building the 'Adjusted Interface' or 'fallback interface' (approach to SCA, etc.). Answer N/A if you do not plan to build one.


Expand
titleAdjusted or Fallback URL?

Please specify your 'Adjusted Interface' or 'fallback interface' URL


Expand
titleContact Email or Phone Number?

Please specify your organisations Open Banking contact email or phone number.


Expand
titleDev Portal URL?

Please provide or Dev Portal URL.


Expand
titleTest Facility Implementation Date

Please specify the implementation date of your Test Facility.


Expand
titleContingency Measures

Please specify the location of the guidance that explains your strategy and plans for when your dedicated interface is unavailable.  This should be a URL to your dev portal or artefact that provides TPPs with the information they require.


Expand
titleMaximum time period after authentication? (Article 10)

Please specify how long the AISP has from the time when they receive the access token (after PSU authentication).  This is the period the AISP must submit their first request before SCA will be re-applied to endpoints NOT exempt of SCA under Article 10.  ASPSPs should consider that this timeline is consistent with the time limit applied by the ASPSP in the existing online PSU interface (i.e. before the PSU is logged out)

Please specify the time period. (For example, 1 hour)


Expand
titleEndpoints exempt of SCA under Article 10

Please specify which AIS endpoints will be exempt from SCA under Article 10. (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements


Expand
titleAuthentication Method - Open Banking Channel (Browser)?

Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inherence (e.g. fingerprint)


Expand
titleAuthentication Method - Open Banking Channel (APP)?

Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inherence (e.g. fingerprint)


Expand
titleAuthentication Method - Private Channel (Browser)?

Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inherence (e.g. fingerprint)


Expand
titleAuthentication Method - Private Channel (APP)?

Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inheritance (e.g. fingerprint)


Expand
titleAuthentication Method Implementation Date (Open Banking Channel)

Please specify the Authentication Method implementation date for the Open Banking Channel (if applicable).  Please specify date or 'N/A'


Expand
titleAuthentication Method Implementation Date (Private Channel)

Please specify the Authentication Method implementation date for the Private Channel (if applicable).  Please specify date or 'N/A'


Expand
titleSCA Implementation Date ?

Please specify the SCA implementation date


Expand
titleSCA Scope?

Please specify the scope of SCA (will it inhibit non PSD2 accounts, such as savings- or mortgage accounts?)