Monzo Bank Limited

OB Standards

Implement Open Data v2.2
Implement Read/Write API Specification v3.1	✅Complete
Implement Customer Experience Guidelines v1.1
Implement App-to-App Redirection	✅Complete
Implement OB Security Profile Implementer's Draft v1.1.2	✅Complete
Implement FAPI Profile Implementers Draft 2	✅Complete
Implement CIBA Profile Implementers Draft 1
Implement Dynamic Client Registration v1.1	Currently Unsupported
Implement Dynamic Client Registration v3.1	Currently Unsupported
Decommission Read/Write API Specification v1.x/2.x	✅
Decommission OB Security Profile Implementer's Draft v1.x	✅
Article 10 SCA Exemption (for 90 days)	Accounts, Balances, Transactions (last 90 days), Pots (non-standard endpoint), Direct Debits (executed within the last 90 days), Standing Orders (executed within the last 90 days), Scheduled Payments

Method of Identification

Commence support for eIDAS QWAC certificates	TBC
Commence support for eIDAS QSEAL certificates	TBC
Commence support for OBIE QWAC-like certificates	TBC
Commence support for OBIE QSEAL-like certificates	TBC
Cease support for OBIE non eIDAS-like certificates for transport	No plans
Cease support for OBIE non eIDAS-like certificates for signing	No plans
Support for MTLS token endpoint authentication	✅Yes
Support for private_key_jwt token endpoint authentication	No
Cease support for client id and client secret token endpoint authentication	✅Unsupported

Implementation

Directory?	Open Banking
Location of Well Known Endpoints?	Dev Portal (see Notes)	https://api.monzo.com/open-banking/.well-known/openid-configuration https://docs.monzo.com/
API Standard Implemented?	Open Banking v3.1.2 AIS, PIS, CBPII
Name of Account Holder Implementation Date?	✅Legal and preferred names of authenticated user available through the Parties endpoint
Supported identification method?	Mutual TLS
Major Milestones	Version 3.1.2 AISP, PISP, CBPII
Security Profile?		✅Yes (certification pending)
Security Profile Certification?
CIBA	TBC
Using Open Banking as your eIDAS Trust Framework?
Are you caching the Directory?	No
Transaction IDs

Customer Journey

Implementing Customer Experience Guidelines?	Partial and Equivalent friction journeys due to Monzo customers having different authentication factors.
Implementing Bespoke User Journeys?	✅Yes
Implementing App to App?	✅Yes
App to App Implementation Date?	01 Sep 2019
Options on 90 day re-authentication?	No
Support Embedded Flow?	No

PSD2

Dispute Management System?	TBC
FCA Adjustment Period - Maintaining Screen Scraping?	Maintaining legacy AIS API (for existing AISPs) without SCA for the adjustment period. New AISPs will onboard directly onto the Monzo Open Banking API
Seeking Fallback Exemption?	Exemption Granted - 09 Sep 2019
Adjusted or Fallback Interface?	No
Adjusted or Fallback URL?	N/A
Contact Email or Phone Number?	Email : openbanking@monzo.com Website : https://docs.monzo.com
Dev Portal URL?	https://docs.monzo.com
Test Facility Implementation Date?	13 Mar 2019
Production Interface Implementation Date?	10 Aug 2019
Contingency Measures
Article 10 - Maximum time period after authentication?
Article 10 - Endpoints exempt of SCA
Authentication Method - Open Banking Channel (Browser)?	Hybrid redirect with authentication happening on customers device.
Authentication Method - Open Banking Channel (APP)?	App to App available in Monzo v2.63
Authentication Method - Private Channel (Browser)?	None
Authentication Method - Private Channel (APP)?	None
Authentication Method Implementation Date (Open Banking Channel)?
Authentication Method Implementation Date (Private Channel)?
SCA Implementation Date?	14 Sep 2019
SCA Scope? (will it inhibit non PSD2 accounts)