Santander UK PLC

• Yes
• No

• None
• V2.2
• V2.3
• V2.4

• V3.0
• V3.1
• V3.1.1
• V3.1.2
• V3.1.3
• V3.1.4
• V3.1.5
• V3.1.6
• V3.1.7
• V3.1.8
• V3.1.9
• V3.1.10
• V3.1.11
• V4.0

Plans to deploy v4 mandatory changes in a phased approach from July 2025 through to March 2026 on a new cloud platform.  Existing versions & the existing platform will be deprecated at the end of Q1 2026. 

AIS v4.0 - End July (Soft Launch) through to March 2026

PIS incl. Sweeping, Standing Order, Scheduled Payments & Chaps - v4.0 - Mid Sept (Soft Launch) through to March 2026

PIS File Based v4.0 - October to March 2026

PIS International v4.0 - December to March 2026

Event Notification v4.0 - September to March 2026

v4.0

Phased from July 2025 to March 2026

• Already Implemented
• Planning to implement
• Not planning to implement 

Not planning to implement optional items in V4 currently.

• None
• V3.1
• V3.2
• V3.3

Dynamic registration implementation is in progress. Date July 2025 to March 2026 alongside V4 delivery and our new cloud solution

TBC

• Already Implemented
• Planning to implement
• Not planning to implement 

• Already Implemented
• Planning to implement
• Not planning to implement 

• Already Implemented
• Planning to implement
• Not planning to implement 

N/A

Contact: [enter contact details for the relevant person(s) at your organisation]

[You can use this space to provide your status with respect to the Standard]

• Already Implemented
• Planning to implement
• Not planning to implement 

• Already Implemented
• Planning to implement
• Not planning to implement 

Sweeping MRO now complete and exit criteria met. PIS v3.1.9 which includes Sweeping now open to all TPPs to subscribe

• Already Implemented
• Planning to implement
• Not planning to implement 

Dates TBC

£25,000 Retail

£100,000 Business

£250,000 Corporate

Standard FP limits can be found here - https://www.fasterpayments.org.uk/about-us/personal-transaction

£100,000 Retail

Business & Corp - No Limit

Standard FP limits can be found here - https://www.fasterpayments.org.uk/about-us/personal-transaction

24 months

Yes - 23rd March 2023

Now Live

• Accept payload with TRI fields – Process all fields
• Accept payload with TRI fields – Ignore all fields
• Reject payload with TRI fields – Error back to TPP
• Accept payload with TRI fields – Process few fields (Provide list of accepted fields)  

As of 23/06 our refresh token will have a 2 year expiry and we will not enforce re-auth from this point.

We have recently published our approach to supporting the 90 day Re-auth RTS Changes and FAQ's to guide TPP's preparations

Santander| Approach to 90 Day Re-auth realignment under 3.1.10

The following briefing outlines the approach that Santander UK is taking to assist in the changes to Open Banking Re-Authorisations as a result of the OBIE 3.1.10 Instructions. We have also created some FAQ’s to answer different user cases and situations TPP’s may find themselves, depending on their own preparations for the changed processes. We hope we have been able to come up with a flexible approach which put the TPP in control of the transition, and we will be able to support you if you are ready straight away, or if you need more time to complete your changes ahead of the 30th September cut-off date.

Currently Santander UK issues AIS Refresh tokens to TPP’s which come with a 1 Year expiry date, from the point of creation of the initial consent, and have previously carried out an annual refresh to extend these tokens for an additional year. (Last refresh exercise was completed in July 2021).

We are proposing to complete another annual refresh of these tokens from 13th – 23rd June. This means that any TPP that calls for data with a current refresh token during that time period, will be given a new refresh token to use. We have extended the length of this token to 2 years. For example, a token that is refreshed on 20th June 2022, will have an expiry date of 19th June 2024. We therefore strongly recommend that you call for data at least once during the refresh period, to extend the life of all of your refresh tokens.

Question – Why are Santander not issuing unlimited Refresh Tokens at this time?
Answer – Santander is currently in the process of planning a re-platforming of our Open Banking solution from On-Prem to a Cloud based solution, this is expected to take 6-12 months to plan and implement, at that time existing consents and tokens will need to be re-issued. Current tokens will therefore last for the remaining expected life of our On-Prem solution.

Question – If as a TPP I call for data multiple times during the refresh window (13th to 23rd June 2022) what happens?
Answer – Each time you call during this refresh window, a new token will be issued, and replace the old refresh token – the last call you make during that window will therefore be the last token you should use going forward.

Question – What happens if I do not call for data during the refresh window (13th to 23rd June 2022)?
Answer – Your existing refresh token will not be updated and will therefore expire based on its current expiry date. After expiry, you will receive error messages 401 and data will not be shared for that customer. We therefore recommend that you ensure all Refresh tokens that are active during the Refresh Window to give you the maximum length of life.

Question – What happens for a new Token associated to a new Customer Consent?
Answer – From 13th June, for any new consent set up, you will be issued with a new refresh token valid for 2 years from date of issue.

Question – What happens if we set an expiry date within a Consent?
Answer – Your RT will expire on the date set within the Consent as it would today and subsequently would require a brand new Consent. To take advantage of the extended RT you will need to set up a Consent without an expiry date.

90 Day Re-Authorisation

From 13th June, you will now effectively be in charge of Re-authorisations for Santander customers, and whether you need to redirect customers to Santander for an SCA or not. Santander will not enforce the Re-auth journey from this point onwards and we are extending the application of the re-auth exemption for an extended period up to 30th September to allow you time to make your changes. (In the cases where a customer has revoked consent via our consent dashboard and wishes to re-authorise the original consent – that journey will remain unchanged.)

Question – I am a TPP and we are not yet ready to support the 90-day re-auth changes by 13th June?
Answer – If you are not ready, please continue to use your current 90-day re-auth journey process with the SCA handoff to Santander, which will still be available for you to use. Santander will not force the re-auth journey during this time.

Question – I am a TPP and we are ready to support the 90-day re-auth changes by 13th June?
Answer – If you are ready, please follow your revised process for TPP only Re-auth, and there is no need from this point to handoff to Santander or inform us of the Re-Auth switch. Santander will not reinforce the re-auth journey as the new rules effectively apply.

Question – Are Santander planning to communicate these changes to Customers?
Answer – No, with 150+ TPP’s connected to us for AIS services we have seen that there are various states of readiness across the TPP community, and we have decided to let each TPP control the messages/narrative and timelines in these changes, and with the above arrangements tried to give you the widest possible amount of time, and flexibility to complete the transition.

Question – Will I be able to test with the Sandbox environment?
Answer – No, the sandbox issues a new consent with each test/visit and will not support this one-off transition as outlined above.

Question – If I have questions or need support with the Santander solution where can I go?
Answer – If we haven’t answered your questions with the above, please feel free to contact Santander via a Salesforce ticket, and we will be happy to support you with any queries you may have.

• Accounts
• Transactions (90days)
• Balances
• Standing orders
• Direct debits
• Beneficiaries
• Products
• Offers
• Parties
• Scheduled Payments
• Statements

• Transactions (more than 90days)
• Standing orders
• Direct debits
• Beneficiaries
• Products
• Offers
• Parties
• Scheduled Payments
• Statements

Access Token - 10 mins

Refresh Token - 2 years currently, will move to long-lived once platform transition complete in 2023

Please specify the time period in minutes

IMPLEMENTED

• OB Security Profile (Legacy)
• FAPI (ID2)
• FAPI 1 Advanced
• Other (Please define) 

FAPI 1 advanced live from 11th December 24.

FAPI - December 2024

• None
• CIBA
• CIBA FAPI Profile

 N/A

 N/A

• client_secret_post
• client_secret_basic
• client_secret_jwt
• tls_client_auth
• Private_key_jwt

To support tls_client_auth when once FAPI compliant (August 2021).

August 2021

• eIDAS QWAC
• eIDAS QSealC
• OB legacy (obtransport, obsigning)
• OBWAC
• OBSeal
• Other (Please define) 

• Already Implemented
• Planning to implement or upgrade
• Not planning to implement CEG

Santander designs are looking to adhere to CEG but are also accounting for other regulatory commitments that fit outside of the CEG

• V3.1.2
• V3.1.3
• V3.1.4
• V3.1.5
• V3.1.6
• V3.1.7
• V3.1.8
• V3.1.9
• V3.1.10
• V3.1.11
• V4.0

Plan to deploy v4 mandatory changes from July 2025 through to March 2026.

TBC

• App to App redirection
• Decoupled authentication
• Embedded Flow
• Bespoke User Journeys

Open Banking

Yes

Option 1 Supported

ALL Accounts (including Credit Cards) - Live

ASPSPs provide a Unique, Immutable TransactionID from their core system

• Yes
• No

90 days

See above for details of the transition plans for the recent FCA changes to the RTS/Article10 and what TPP's need to do to prepare.

Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements

We are continuing to allow Customer non present access to these data endpoints as long as a valid consent token exists.

Santander

Cahoot

OB Technical Directory

https://developer.santander.co.uk

https://sandbox-developer.santander.co.uk/sanuk/external-sandbox/

https://www.figma.com/proto/UvZ9dvaT4mwDHAwfLcAkOB/Master?type=design&node-id=83-6389&t=wNbTE64aS8soLWdA-1&scaling=scale-down&page-id=0%3A1&starting-point-node-id=83%3A6389&mode=design

• The Santander logo can be used solely for the purposes of identifying and distinguishing, within AIS and/or PIS (and in relation to UK accounts), Santander as the source of your Read-only Data and Read/Write Data

• There should be no suggestion that Santander in any way endorses or is partnered with your solution

• Use of the Santander logo is not permitted for marketing or promotional purposes

Business/Technical: openbankingAPI@santander.co.uk

Error Codes

Santander - HCC.xlsx

The customer balance including the overdraft will be sent in the JSON file as type 'InterimAvailable'.The remaining overdraft will be returned to TPPs in the JSON file as a creditline item and mapped as follows:

OBCreditLine1

OBReadBalance1/Data/Balance/CreditLine/Included - this item will be set to "false".

OBReadBalance1/Data/Balance/CreditLine/Type - set to "Available"

OBReadBalance1/Data/Balance/CreditLine/Amount/Amount - set to the amount of the Overdraft Remaining

OBReadBalance1/Data/Balance/CreditLine/Amount/Currency - set to the currency code of the account balance

The creditline items for Pre-Agreed will remain as is but the item OBReadBalance1/Data/Balance/CreditLine/Included will be set to "false"