UK Finance, FDATA and the Open Banking Implementation Entity (OBIE) are taking steps to improve the flow of information in the market between ASPSPs, AISPs and PISPs on approaches to secure communication under the PSD2 RTS – regardless of the API standard or approach to secure communication being used.

Completing the form will help demonstrate and enable engagement with newly regulated providers. It will also help smooth the transition for customers of third party providers who were in the market prior to 13^th January 2018.This Transparency Calendar has been set up to facilitate this voluntary flow of information.It is for each institution to determine whether they answer each question or provide the information in this way – although we would encourage them to do so.The Regulatory Technical Standards under PSD2 set out how the secure communication between newly regulated providers, including AISPs and PISPs, will take place with payment account providers.

To download the questionnaire and for instructions as to how to submit your completed questionnaire then please click here. To access the Q&A then please click here

Use dropdown link within sections below to display summary view of information recorded by all ASPSPs

Individual ASPSP's calendar can be accessed by selecting 'ASPSPs' at left page menu

Below are the calendar responses from ASPSP who are enrolled into Open Banking and are specific to the Open Banking Standards

List of ASPSPs certified for OB Standards Functional Conformance

Below are the calendar responses from ASPSP on their SCA-RTS implementation status

Below are the calendar responses from ASPSP who are enrolled into Open Banking and are specific to the method of identification that ASPSP will adopt within the OB Ecosystem

List of ASPSPs certified for Security Profile Conformance

Below are the calendar responses regarding Customer Journey

List of ASPSPs certified for OB Standards CEG Conformance

Below are the calendar responses regarding PSD2

There are two ways to complete the questionnaire:

If your firm is enrolled on the OBIE directory your OBIE testing representative will contact you directly in order to complete the questionnaire.
If your firm is not enrolled on the OBIE directory then the attached questionnaire should be completed and returned back to UK Finance or emailed to the Open Banking Service Desk : servicedesk@openbanking.org.uk

Your questionnaire response will then be populated into the Transparency Calendar. Your organisation will then be granted access to your organisations Transparency Calendar page in order for you to be able to update the page directly.

In order to facilitate this we will require the name of an individual or individuals within your organisation who will be maintaining the page on your organisation's behalf.

If you have any queries regarding any of the questions then please refer to the Q&A section of this page. If you have any further queries then please email: servicedesk@openbanking.org.uk

Below is a word version of the questionnaire communicated by UK Finance.

Q&A

This section provides clarification about exactly what information is required for the questions detailed in the questionnaire.

Are you going to implement the Open Banking Customer Experience Guidelines? Please response 'Yes' or 'No'

Enter the current version of the CEG implemented in Production

Enter the next version to be implemented

When will the next version of the CEG be implemented

Are you going to implement bespoke customer journeys? Please respond 'Yes' or 'No'

If you are implementing App to App for PSU authentication, please specify the implementation date, otherwise please respond 'N/A'

If you are implementing App to App then please specify the implementation date otherwise please respond 'N/A'

Please specify the customer journey for refreshing AISP access

Are you supporting embedded flow for authentication? Please respond 'Yes' or 'No'

Please specify the Directory your organisation is employing (OBIE, Preta, Other)

Please specify the location of your 'Well Known Endpoints'. These may be held on the Directory you are employing or or development portal. Please specific 'Directory', 'Dev Portal', 'Other' (specifying)

Please specify the API Standards your organisation has implemented. You may have implemented OBIE, Berlin Group, STET or your own bespoke standards. Please specify

Please specify the implementation date for Name of Account Holder

Enter the date the current eIDAS implementation was deployed into production.

Please specify the certificates or combination of certificates that are required during TPP identification. (OB Transport + ClientID + Secret / OB Transport/ OB Signing / OBWAC / OBSEAL / QWAC / QSEAL)

Please specify the certificates or combination of certificates that are required for Transport (OB Transport / OBWAC / QWAC)

Please specify the certificates or combination of certificates that are required for Signing (OB Signing / OBSEAL / QSEAL)

Enter the date the future eIDAS implementation will be deployed into production (Q2 2020). If you have no future eIDAS implementation planned over and above your current implementation then please enter 'No future update currently planned'

Please specify the certificates or combination of certificates that are required during TPP identification. (OB Transport + ClientID + Secret / OB Transport/ OB Signing / OBWAC / OBSEAL / QWAC / QSEAL)

Please specify the certificates or combination of certificates that are required for Transport (OB Transport / OBWAC / QWAC)

Please specify the certificates or combination of certificates that are required for Signing (OB Signing / OBSEAL / QSEAL)

Please specify an other major implementation milestones, version updates, version deprecation, new product releases, etc.

Please enter the Brand(s) covered by this Transparency Calendar. If your calendar supports multiple brands then please enter a 'comma' separated list.

Please specify whether you support the Open Banking Security Profile or OIDC. Please respond 'Open Banking', 'FAPI' or 'Other'.

Please specify whether you have achieved certification with the Security Profile authority. Please respond, 'Yes' or 'No'.

Please specify whether you are implementing CIBA for authentication. Please respond 'Yes', 'No' or N/A

If you are using Open Banking to validate third parties regulator status (eIDAS certificates, PSD2 roles and Passports) on your behalf then please respond 'Yes'.

Please specify whether you are caching the the Open Banking Directory. Please responds 'Yes' or 'No'

If you are supporting Transaction IDs then please specify 'Option 1', 'Option 2', 'Option 3', or 'Option 4'.

Transaction IDs are conditional in the OBIE Read/Write Specification v3.x. There are 4 options for how an ASPSP can treat this field in the API response:

ASPSPs provide a Unique, Immutable TransactionID from their core system
ASPSPs generate a Unique TransactionID from a set of Immutable fields
ASPSPs specify field(s) for TPP to generate a Unique Transaction Identifier
ASPSPs provide neither a TransactionID nor the method by which TPPs can generate one

Please specify whether you are a member of the UK Open Banking Dispute Management System. Please respond 'Yes' or 'No'

UK Dispute Management System

Please specify whether you are supporting screen scraping during the FCA Adjustment Period. Please respond 'Yes' or 'No'

Please specify whether you are a seeking exemption with National Competent Authority (NCA) from building a contingency mechanism / fall back. Please respond 'Yes' or 'No'

Please specify your plans for building the 'Adjusted Interface' or 'fallback interface' (approach to SCA, etc.). Answer N/A if you do not plan to build one.

Please specify your 'Adjusted Interface' or 'fallback interface' URL

Please specify your organisations Open Banking contact email or phone number.

Please provide or Dev Portal URL.

Please specify the implementation date of your Test Facility.

Please specify the location of the guidance that explains your strategy and plans for when your dedicated interface is unavailable. This should be a URL to your dev portal or artefact that provides TPPs with the information they require.

Please specify how long the AISP has from the time when they receive the access token (after PSU authentication). This is the period the AISP must submit their first request before SCA will be re-applied to endpoints NOT exempt of SCA under Article 10. ASPSPs should consider that this timeline is consistent with the time limit applied by the ASPSP in the existing online PSU interface (i.e. before the PSU is logged out)

Please specify the time period. (For example, 1 hour)

Please specify which AIS endpoints will be exempt from SCA under Article 10. (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements

Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inherence (e.g. fingerprint)

Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inheritance (e.g. fingerprint)

Please specify the Authentication Method implementation date for the Open Banking Channel (if applicable). Please specify date or 'N/A'

Please specify the Authentication Method implementation date for the Private Channel (if applicable). Please specify date or 'N/A'

Please specify the SCA implementation date

Please specify the scope of SCA (will it inhibit non PSD2 accounts, such as savings- or mortgage accounts?)

Version 1	Version 2	Version 3	Version 4
Version 5	Version 6	Version 6.1	Version 6.2
Version 6.3	Version 6.4	Version 6.5	Version 7
Version 7 .1	Version 7 .2	Version 7.3	Version 7.4
Version 7.5