Open Banking Limited (hereafter known as OBIE) provide a suite of Conformance Tools to help Implementers (which includes Account Providers, Third-Party Providers, Vendors and Technical Service Providers) test that they have implemented each part of the OBIE Standard correctly.
OBIE offers a Conformance Certification Service to allow Implementers to use these tools to self-attest, so that OBIE can then validate and publish a Conformance Certificate. These Conformance Certificates can be used by Implementers as evidence to the ecosystem (including Regulators) that they have followed the OBIE Standard correctly.
Initially, the focus is to enable ASPSPs to use these Conformance Certificates as evidence that they have followed the OBIE Standard without deviation when applying to their National Competent Authority (NCA) for an exemption from a contingency mechanism.
...
Version | Date | Author | Comments |
---|---|---|---|
1.0 | OBIE | Initial baselined version | |
1.1 | OBIE | Minor update to include further clarity of difference between OBIE and OIDF security profile conformance | |
1.2 | OBIE | Update to the range of Conformance Tools and Certificates available | |
1.3 | OBIE | Update to the range of Conformance Tools and Certificates available (DCR) |
2. Overview
The following table shows the range of Conformance Tools and Conformance Certificates that are offered by OBIE.
...
Type | Conformance Certificates | Fee per Conformance Certificate | Number of Conformance Certificates needed |
---|---|---|---|
Security Profile Conformance | Financial Grade API (FAPI) Conformance Certificates * | See https://openid.net/certification/fees/ | One per base URL (e.g. api.bank.com). |
Client-Initiated Backchannel Authentication (CIBA) Conformance Certificates * | See https://openid.net/certification/fees/ | One per base URL (e.g. api.bank.com). | |
Functional Conformance | Functional Conformance Certificates: AIS | £1,000 | One per base URL (e.g. api.bank.com). |
Functional Conformance Certificates: PIS | £1,000 | One per base URL (e.g. api.bank.com). | |
Functional Conformance Certificates: CBPII | £1,000 | One per base URL (e.g. api.bank.com). | |
Dynamic Client Registration Conformance | Dynamic Client Registration Conformance Certificates | £1,000 | One per base URL (e.g. api.bank.com). |
Customer Experience Guidelines Conformance | Customer Experience Guidelines Conformance Certificates | Price on application | One per branded set of customer journeys. |
...
- Implementer downloads relevant Conformance Tool or Checklist and completes all required tests.
- Implementer signs relevant order form (including agreeing terms and conditions and payment terms) to order a Conformance Certificate.
Implementer purchases a Conformance Certification Service from OBIE via the Service Desk (servicedesk@openbanking.org.uk)
Once the Implementer has signed the relevant order form (including agreeing terms and conditions), OBIE sends Conformance Certificate Request link to Implementer.
- Implementer completes Conformance Certificate Request, including all required supporting evidence together with a signed Self Certification Form.
- OBIE validates Conformance Certificate Request.
- OBIE
- OBIE validates Conformance Certificate Request.
- Implementer uploads all required supporting evidence.
- OBIE will provide support to the Implementer during the validation period, as detailed above.
- OBIE publishes Conformance Certificate and notifies Implementer.
Once a Conformance Certificate has been published by OBIE, no further support will be provided to the Implementer and the Certificate Request will be marked as ‘Complete’‘Closed’.
To re-apply for the same Conformance Certificate, or to request a new Conformance Certificate, the Implementer will need to sign a new order form to re-start the above process.
...
For the CEG, video evidence and a completed CEG Checklist will be submitted by the applicant which will be reviewed and assessed by the Office of the Trustee. The cost of this service is more than for other Conformance Certificates as it requires more manual review given the subjective nature of applications. For CEG Conformance Certificates OBIE anticipate more dialogue during the review process, and will support this.For the OG, OBIE will review the completed OG Checklist and self-attestation submitted by Implementers, as well as any performance and availability metrics that are provided.
5. Publication of Conformance Certificates
...
Conformance Certificates will only be marked as ‘Certified’ if Implementers conform completely to all required or mandatory elements of the relevant OBIE Standard. If an Implementer also conforms to recommendations or optional elements of the relevant OBIE Standard, then these will also be marked on the relevant Conformance Certificate, e.g. meeting the OBIE recommended benchmarks for performance and availability.Status colour Green title Certified
If an Implementer only partially conforms, i.e. fails one or more test(s) or does not complete all required/mandatory elements, then they can still request OBIE to publish the results which will show where the Implementer has deviated from the relevant OBIE Standard. The Conformance Certificate will be published but with a status of ‘Partial’.Status colour Yellow title Partial
The issuance and publication of Conformance Certificates is are at the sole discretion of OBIE.
...