View Source

Implement Open Data v2.2	September 2019
Implement Read/Write API Specification v3.1	September 2019
Implement Customer Experience Guidelines v1.1	September 2019
Implement App-to-App Redirection	N/A	N/A, as the mobile app is currently not in scope.
Implement OB Security Profile Implementer's Draft v1.1.2	September 2019
Implement FAPI Profile Implementers Draft 2	September 2019
Implement CIBA Profile Implementers Draft 1	N/A
Implement Dynamic Client Registration v1.1	14 Sep 2019
Implement Dynamic Client Registration v3.1	14 Sep 2019
Decommission Read/Write API Specification v1.x/2.x	01 Nov 2019
Decommission OB Security Profile Implementer's Draft v1.x	01 Nov 2019

Will be implemented in line with PSD2 deadline.

Commence support for eIDAS QWAC certificates	14 Sept 2019
Commence support for eIDAS QSEAL certificates	N/A
Commence support for OBIE QWAC-like certificates	14 Sept 2019
Commence support for OBIE QSEAL-like certificates	14 Sept 2019
Cease support for OBIE non eIDAS-like certificates for transport	N/A	Presently supported. Pending stabilisation of eIDAS and confirmation with TPPs in order to plan ceasing the support
Cease support for OBIE non eIDAS-like certificates for signing	N/A	Presently supported. Pending stabilisation of eIDAS and confirmation with TPPs in order to plan ceasing the support
Support for MTLS token endpoint authentication	03 Jun 2019
Support for private_key_jwt token endpoint authentication	03 Jun 2019
Cease support for client id and client secret token endpoint authentication	03 Jun 2019

PRE-BREXIT - Certificates Accepted (until 31st Dec 2020)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)	EIDAS certificates will be validated using the OBIE directory.
POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
Planned Implementation Date to Satisfy FCA's Post Transition	This info will be provided shortly
TPP PSU Migration Outcomes Supported	Dynamic certificate authentication process.	Outcome 4: You can continue to use your OBseal for client authentication Outcome 5: Continue using the key pair for client authentication Outcome 8: Switch to a new OBseal to use with private-key-jwt
POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)		Ready – ASPSP accept eIDAS certs and OB Certs(OBWAC/OBSeal)

Directory?	Open Banking
Location of Well Known Endpoints?	OB Technical Directory	The Well Known Endpoint for our Sandbox is: https://sandbox.caterallen.co.uk/.well-known/openid-configuration It is also indicated in the support section together with other relevant info: https://sandbox.caterallen.co.uk/store/site/pages/faq.jag The Production Well Known Endpoint is: https://developer.caterallen.co.uk/.well-known/openid-configuration It is also indicated in the support section together with other relevant info: https://developer.caterallen.co.uk/store/site/pages/faq.jag
API Standard Implemented?	Open Banking v3.1
Name of Account Holder Implementation Date?	TBC (see notes)	This optional field has not been implemented yet but is planned for some time in the future.
Date of Current eIDAS Implementation?	14/09/19
Current Certificates used for Identification?	MTLS available. eIDAS QWAC/QSEAL. EIDAS certificates will be validated using the OBIE directory
Current Certificates used for Transport?	OB Transport OBWAC QWAC	EIDAS certificates will be validated using the OBIE directory
Current Certificates used for Signing?	OB Signing OBSEAL	EIDAS certificates will be validated using the OBIE directory
Date of Future eIDAS Implementation?	No future update currently planned.
Future Certificates used for Identification?
Future Certificates used for Transport?
Future Certificates used for Signing?
Major Milestones	Version 3.1 was implemented in June 2019 and Security Conformance SUITE certification was achieved on August 2019	(Inc Other Products, API Updates, API Deprecations, etc)
Brand(s)
Security Profile?	FAPI Open ID
Security Profile Certification?	Yes
CIBA	No
Using Open Banking as your eIDAS Trust Framework?	Yes
Are you caching the Directory?	No
Transaction IDs	Yes	The TransactionID is retrieved from our core system

Implementing Customer Experience Guidelines?	Yes
Current CEG Version?	v. 3.1.3
Next CEG Version?	v 3.1.6
Next Version Implementation Date	TBC
Implementing Bespoke User Journeys?	Yes (see notes)	Our payment journeys currently follow the exact journey as customer would get in their online banking. The Customer Experience Guidelines says they payment journeys should be 2 step. We will not be introducing the 2 step journeys until October 2019.
Implementing App to App?	N/A
App to App Implementation Date?	N/A
Options on 90 day re-authentication?	90 Days	A TPP can re-authentication any time up until the expiry date. The customer will be made to re-authenticate every 90 days otherwise access to the data will be removed.
Support Embedded Flow?	No

Dispute Management System?	Yes	System implementation in line with OBIE implementation dates.
FCA Adjustment Period - Maintaining Screen Scraping?
Seeking Fallback Exemption?	Yes
Adjusted or Fallback Interface?	N/A
Adjusted or Fallback URL?	N/A
Contact Email or Phone Number?	07727855715 / caterallenopenbanking@santander.co.uk alessandro.greco@santander.co.uk
Dev Portal URL?	Sandbox: https://sandbox.caterallen.co.uk/store/ Prod: https://developer.caterallen.co.uk/store/	For Production URL we are live with AIS, PIS and CBPII. Full live proving has been provided for AIS and PIS. For CBPII endpoints we are in Managed Rollout phase testing. Please contact us for further information.
Test Facility Implementation Date?	14 Mar 2019
Production Interface Implementation Date?	24 Nov 2019- Currently Live AIS, PIS and CBPII	AIS: our APIs are live. PIS: APIs are live and presently in Managed Roll-out phase. CBPII: APIs are live and presently in Managed Roll-out phase. NOTE: *“Cater Allen is pleased to inform that the final migration of customers to the new banking platform planned for this weekend has successfully completed.* *As a consequence all customers will be able to use the OB services. Please contact us on caterallenopenbanking@santander.co.uk for further information”.*
Contingency Measures		Subject to FCA exemption decision
Article 10 - Maximum time period after authentication?	N/A	No SCA applied on AISP
Article 10 - Endpoints exempt of SCA	N/A	For article 10 we are only going with the 90 days re-authentication but not restrictions on payment types (DDs, SOs) or data for more than 90 days away. Please note: We do not display statements
Authentication Method - Open Banking Channel (Browser)?	Username, password and PAC (PAC is PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile.
Authentication Method - Open Banking Channel (APP)?	N/A	N/A, as the mobile app is currently not in scope.
Authentication Method - Private Channel (Browser)?	Username, password and PAC (PAC is a PIN code). The customer also has to do another factor using either a card & reader or a push notification to their mobile.
Authentication Method - Private Channel (APP)?	N/A	N/A, as the mobile app is currently not in scope.
Authentication Method Implementation Date (Open Banking Channel)?	14 Sept 2019
Authentication Method Implementation Date (Private Channel)?	14 Sept 2019
SCA Implementation Date?	13 Sep 2019
SCA Scope? (will it inhibit non PSD2 accounts)	No (see notes)	No. All Open Banking relevant accounts, e.g. private current accounts, commercial current accounts, debit and credit card accounts and currency accounts. Non PSD2 accounts are not exposed.

High Cost Credit	Cater Allen - HCC.xlsx

After Waiver 7 Expiry (16/06/20) option supported: Option 1 - The parameter b64 being set to FALSE OR Option 2 - The b64 claim not being in the header	-