Open Banking Limited (hereafter known as OBIE) provide a suite of Conformance Tools to help Implementers (which includes Account Providers, Third Party Providers, Vendors and Technical Service Providers) test that they have implemented each part of the OBIE Standard correctly.
OBIE offers a Conformance Certification Service to allow Implementers to use these tools to self-attest, so that OBIE can then validate and publish a Conformance Certificate. These Conformance Certificates can be used by Implementers as evidence to the ecosystem (including Regulators) that they have followed the OBIE Standard correctly.
Initially the focus is to enable ASPSPs to use these Conformance Certificates as evidence that they have followed the OBIE Standard without deviation when applying to their National Competent Authority (NCA) for an exemption from a contingency mechanism.
| Info |
|---|
The details of this service do not form part of any contract but explain the process and how OBIE expects Implementers to engage. Implementers should be aware that these details may be updated by OBIE from time to time. Details of any changes will be set out in the Version Control section below. |
Table of Contents
1. Version control
Version | Date | Author | Comments |
|---|---|---|---|
1.0 | OBIE | Initial baselined version | |
| 1.1 | OBIE | Minor update to include further clarity of difference between OBIE and OIDF security profile conformance | |
| 1.2 | OBIE | Update to the range of Conformance Tools and Certificates available |
2. Overview
The following table shows the range of Conformance Tools and Conformance Certificates that are offered by OBIE.
...
It is up to each Implementer to determine which endpoints, data fields, functionality, brands, products and unique tests need to be covered by each Conformance Certificate. OBIE will validate and publish Conformance Certificates based on the information provided by the Implementer. For example, each ASPSP will need to determine the number of dedicated interfaces that it has in consultation with the NCA. It is entirely between the NCA and each ASPSP as to what is considered a dedicated interface. It is then up to the ASPSP to decide which certificates Conformance Certificates it would like to support its application(s) to the NCA for an exemption.
| Type | Conformance CertificatesAvailability of Conformance Tool | Fee per Conformance Certificate | Number of Conformance Certificates needed | ||||
|---|---|---|---|---|---|---|---|
| Security Profile Conformance | Open Banking Security Profile Conformance Certificates | Till end Sep 2019 | £1,000 | Financial Grade API (FAPI) Conformance Certificates * | See https://openid.net/certification/fees/ | One per base URL (e.g. api.bank.com). | |
| Financial Grade API (FAPI) Conformance Certificates * | Now (via OpenID Foundation)Client Initiated Backchannel Authentication (CIBA) Conformance Certificates * | See https://openid.net/certification/fees/ | One per base URL (e.g. api.bank.com). | Client Initiated Backchannel Authentication (CIBA) Conformance Certificates * | From Sep 2019 (via OpenID Foundation) | TBC | |
| Functional Conformance | Functional Conformance Certificates: AIS | £1,000 | One per base URL (e.g. api.bank.com). | ||||
| Functional Conformance Certificates: PIS | £1,000 | One per base URL (e.g. api.bank.com). | |||||
| Functional Conformance Certificates | TBC: CBPII | £1,000 | One per base URL (e.g. api.bank.com). | ||||
| Functional Conformance | Functional Conformance Dynamic Client Registration Conformance Certificates | Now | £2£1,000 | One per base URL (e.g. api.bank.com). | |||
| Customer Experience Guidelines Conformance | Customer Experience Guidelines Conformance Certificates | Now | £3,000Price on application | One per branded set of customer journeys. | |||
| Operational Guidelines Conformance | Operational Guidelines Conformance Certificates | Now | £2,000 | One per dedicated interface. |
Included in the above fee for each Conformance Certificate, OBIE will provide a limited amount of support during UK office hours to help the Implementer use the Conformance Tool(s) and complete the submission process. This will not include detailed technical support in implementing any element of the OBIE Standard. This does not require, nor is not dependent on any other Support Service which may be purchased separately from OBIE.
...
- Implementer downloads relevant Conformance Tool or Checklist and completes all required tests.
- Implementer signs relevant order form (including agreeing terms and conditions and payment terms) to order a Conformance Certificate.
Implementer purchases a Conformance Certification Service from OBIE via the Service Desk (servicedesk@openbanking.org.uk)
Once the Implementer has signed the relevant order form (including agreeing terms and conditions), OBIE sends Conformance Certificate Request link to Implementer.
- Implementer completes Conformance Certificate Request, including all required supporting evidence together with a signed Self Certification Form.
- OBIE validates Conformance Certificate Request.
- OBIE will provide support to the Implementer during the validation period, as detailed above.
- OBIE publishes Conformance Certificate and notifies Implementer.
Once a Conformance Certificate has been published by OBIE, no further support will be provided to the Implementer and the Certificate Request will be marked as ‘Complete’.
...
Conformance Certificates will only be marked as ‘Certified’ if Implementers conform completely to all required or mandatory elements of the relevant OBIE Standard. If an Implementer also conforms to recommendations or optional elements of the relevant OBIE Standard, then these will also be marked on the relevant Conformance Certificate, e.g. meeting the OBIE recommended benchmarks for performance and availability.Status colour Green title Certified
If an Implementer only partially conforms, i.e. fails one or more test(s) or does not complete all required/mandatory elements, then they can still request OBIE to publish the results which will show where the Implementer has deviated from the relevant OBIE Standard. The Conformance Certificate will published but with a status of ‘Partial’.Status colour Yellow title Partial
...
- The Implementer must have followed the process as defined in section 4 3 above, including the purchase of a Conformance Certification Service and submission of a Conformance Certificate Request with all required evidence.
- As defined in section 6 5 above, OBIE will publish the Conformance Certificate with a status of ‘Certified’ (for 100% Conformance) or ‘Partial’ (if requested by the Implementer).
- The decision to grant a status of ‘Certified’ or ‘Partial’ will rest solely with OBIE.
- Where the Implementer does not agree with the status granted by OBIE, OBIE will provide support to discuss the results and help the Implementer with the submission process within the limits of the level of support offered for each type of Conformance Certificate as defined in section 3 2 above.
- If it can be demonstrated that the dispute is due to an error or omission in the relevant Conformance Tool or Checklist provided by OBIE, then OBIE will fix the error and allow the Implementer to re-test and re-submit the Conformance Certificate Request at no additional cost to the Implementer.
- If not, then OBIE’s decision will be final.
...
- The Participant must be enrolled with OBIE as either an ASPSP or TPP.
- The Participant must raise a ticket via the OBIE Service Desk and provide evidence to challenge the issuance.
- OBIE will make an assessment and, as defined in section 7 6 above, OBIE may ask the Implementer to revoke an existing Conformance Certificate and/or re-apply for a new Conformance Certificate. In extreme circumstances, OBIE may revoke the Conformance Certificate.
...