Open Banking Limited (hereafter known as OBIE) provide a suite of Conformance Tools to help Implementers (which includes Account Providers, Third-Party Providers, Vendors and Technical Service Providers) test that they have implemented each part of the OBIE Standard correctly.
OBIE offers a Conformance Certification Service to allow Implementers to use these tools to self-attest, so that OBIE can then validate and publish a Conformance Certificate. These Conformance Certificates can be used by Implementers as evidence to the ecosystem (including Regulators) that they have followed the OBIE Standard correctly.
Initially, the focus is to enable ASPSPs to use these Conformance Certificates as evidence that they have followed the OBIE Standard without deviation when applying to their National Competent Authority (NCA) for an exemption from a contingency mechanism.
The details of this service do not form part of any contract but explain the process and how OBIE expects Implementers to engage. Implementers should be aware that these details may be updated by OBIE from time to time. Details of any changes will be set out in the Version Control section below.
Initial baselined version
|1.1||OBIE||Minor update to include further clarity of difference between OBIE and OIDF security profile conformance|
|1.2||OBIE||Update to the range of Conformance Tools and Certificates available|
|1.3||OBIE||Update to the range of Conformance Tools and Certificates available (DCR)|
The following table shows the range of Conformance Tools and Conformance Certificates that are offered by OBIE.
The Conformance Tools are all available under the MIT Open Licence without charge. Implementers can purchase any of the Certification Services listed below.
It is up to each Implementer to determine which endpoints, data fields, functionality, brands, products and unique tests need to be covered by each Conformance Certificate. OBIE will validate and publish Conformance Certificates based on the information provided by the Implementer. For example, each ASPSP will need to determine the number of dedicated interfaces that it has in consultation with the NCA. It is entirely between the NCA and each ASPSP as to what is considered a dedicated interface. It is then up to the ASPSP to decide which Conformance Certificates it would like to support its application(s) to the NCA for an exemption.
|Type||Conformance Certificates||Fee per Conformance Certificate||Number of Conformance Certificates needed|
|Security Profile Conformance||Financial Grade API (FAPI) Conformance Certificates *||See https://openid.net/certification/fees/||One per base URL (e.g. api.bank.com).|
|Client-Initiated Backchannel Authentication (CIBA) Conformance Certificates *||See https://openid.net/certification/fees/||One per base URL (e.g. api.bank.com).|
|Functional Conformance||Functional Conformance Certificates: AIS||£1,000||One per base URL (e.g. api.bank.com).|
|Functional Conformance Certificates: PIS||£1,000||One per base URL (e.g. api.bank.com).|
|Functional Conformance Certificates: CBPII||£1,000||One per base URL (e.g. api.bank.com).|
|Dynamic Client Registration Conformance||Dynamic Client Registration Conformance Certificates||£1,000||One per base URL (e.g. api.bank.com).|
|Customer Experience Guidelines Conformance||Customer Experience Guidelines Conformance Certificates||Price on application||One per branded set of customer journeys.|
Included in the above fee for each Conformance Certificate, OBIE will provide a limited amount of support during UK office hours to help the Implementer use the Conformance Tool(s) and complete the submission process. This will not include detailed technical support in implementing any element of the OBIE Standard. This does not require, nor is not dependent on any other Support Service which may be purchased separately from OBIE.
*Please visit the Open ID Foundation for Financial Grade API (FAPI) and Client Initiated Backchannel Authentication (CIBA) Certificates.
Though the process differs slightly by Conformance Certificate type, the general process is as follows:
Implementer purchases a Conformance Certification Service from OBIE via the Service Desk Conformance Certification Order Form
Once a Conformance Certificate has been published by OBIE, no further support will be provided to the Implementer and the Certificate Request will be marked as ‘Closed’.
To re-apply for the same Conformance Certificate, or to request a new Conformance Certificate, the Implementer will need to sign a new order form to re-start the above process.
Conformance Certificates for ASPSP implementations will only be published based on production (“live”) environments. The Conformance Tools can be run against pre-production environments and if an Implementer wishes to purchase a Conformance Certificate for pre-production or testing/sandbox environments this can be discussed bilaterally with OBIE, based on the costs and service levels as stated above.
Each Conformance Certificate requires different evidence to be submitted to OBIE, the detail of which is provided in the relevant pages accessible from the table above.
For the Functional and Security Profile Conformance Certificates, the Conformance Tools run automated tests once the tools are configured by the relevant Implementer, producing a set of binary results (pass/fail). OBIE will review both the results of the tests, and also the tests run by the Implementer. OBIE will not provide support to resolve failures in any of these tests as part of the Conformance Certification Service.
For the CEG, video evidence and a completed CEG Checklist will be submitted by the applicant which will be reviewed and assessed by the Office of the Trustee. The cost of this service is more than for other Conformance Certificates as it requires more manual review given the subjective nature of applications. For CEG Conformance Certificates OBIE anticipate more dialogue during the review process, and will support this.
OBIE provides an online platform where these Conformance Certificates and supporting material are published and can be viewed and/or downloaded by other Participants and Regulators (including NCAs). This service can thus be used by ASPSPs as supporting evidence in their application to their NCA for an exemption from the provision of a contingency mechanism.
OBIE will publish Conformance Certificates marked with one of the following two statuses:
The issuance and publication of Conformance Certificates are at the sole discretion of OBIE.
Conformance Certificates published by OBIE will have no fixed expiry date, however, they will be clearly marked as to which version of the relevant OBIE Standard they apply to.
If the Implementer makes any changes to their API interface which would cause a change in the Conformance Certificate status, for example introducing a new version of the OBIE Standard which includes a breaking change for TPPs, the Implementer should re-apply for a new Conformance Certificate, and, if so, will need to sign a new order form and pay the relevant fee to purchase this.
If any information provided by the Implementer changes, or is discovered to be inaccurate, the Implementer must immediately notify OBIE to request that the Conformance Certificate is revoked.
OBIE may also revoke a Conformance Certificate at any time at its absolute discretion.
Once a Conformance Certificate is revoked, it cannot be re-instated.
OBIE will maintain a publicly available online record of all revoked Conformance Certificates.
Disputes or complaints raised by the Implementer will be subject to the following conditions:
Disputes or complaints from other Participants who disagree with the issuance of a particular Conformance Certificate will be subject to the following conditions:
OBIE will not respond to disputes or complaints relating to Conformance Certificates issued/published by any other entity (e.g. the Open ID Foundation), and these must be raised with the relevant entity directly.
Implementers who have purchased a Certification Service can get support relating to this Service via the OBIE Service Desk. All Participants who have Support Services included as part of their Services with OBIE can also get general support via the OBIE Service Desk.