OB Standards

This Section applies to ASPSPs that have implemented OB Standards

-Have you Implemented OB Standards?	Yes No
Open Data - Which version have you Implemented?	None V2.2 V2.3 V2.4
Read/Write API Specification Implemented or planning to implement (Lowest version = Current, Highest version = Planned)	V3.0 V3.1 V3.1.1 V3.1.2 V3.1.3 V3.1.4 V3.1.5 V3.1.6 V3.1.7 V3.1.8
Read/Write API - Which date are you planning to implement your latest version?	V3.1.7 (MI changes only) - 30th June
Dynamic Client Registration - Which version have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned)	None V3.1 V3.2 V3.3	Dynamic registration implementation is in progress. Date TBC
DCR - Which date are you planning to implement your latest version?	TBC
Have you implemented Trusted beneficiaries, if not date planned to Implement?	Already Implemented Planning to implement Not planning to implement
Have you implemented Reverse Payments, if not date planned to Implement?	Already Implemented Planning to implement Not planning to implement
PISP - Single Payment Limit	£ Not disclosed
PISP - Daily Payment Limit	£ Not disclosed
How many months of transaction do you provide?	24 months

Security Profile

-Which Security profile have you Implemented or planning to implement? (Lowest version = Current, Highest version = Planned)	OB Security Profile (Legacy) FAPI Other (Please define)
Security Profile - Next Planned Version Implementation Date	FAPI - August 2021
CIBA Profile - Implemented or planning to implement (Lowest version = Current, Highest version = Planned)	None CIBA CIBA FAPI Profile
CIBA Profile - Next Planned Version Implementation Date	N/A
Security Profile Certification date?	N/A
Token Endpoint Authentication Methods Supported	client_secret_post client_secret_basic client_secret_jwt tls_client_auth Private_key_jwt	To support tls_client_auth when once FAPI compliant (August 2021).
Planned date to Cease support for client id and client secret token endpoint authentication	August 2021

Post Brexit Certificate Implementation

POST-BREXIT TRANSITION - Certificates Accepted (1st Jan 2021 - 30th Jun 2021)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)	eIDAS QWAC eIDAS QSealC OB legacy (obtransport, obsigning) OBWAC OBSeal Other (Please define)
Planned Implementation Date to Satisfy FCA's Post Transition	30 Jun 2021
TPP PSU Migration Outcomes Supported (see eIDAS Migration Playbook)	N/A - We support client_secret_post Certificate is not bound to consent so no migration is required other than to use a compliant certificate.	If a TPP needs any support in this process please contact us at openbankingAPI@santander.co.uk.
POST-BREXIT Certificate Implementation Status (updated by OBIE IES team)	Ready	Ready – ASPSP accept eIDAS certs and OB Certs(OBWAC/OBSeal)

Customer Journey

-What is your approach to Implementing OBIE Customer Experience Guidelines (CEG)? (tick all that apply)	Already Implemented Planning to implement or upgrade Not planning to implement CEG	Santander designs are looking to adhere to CEG but are also accounting for other regulatory commitments that fit outside of the CEG
Which version have you implemented or planning to implement? (Lowest version = Current, Highest version = Planned)	V3.1.2 V3.1.3 V3.1.4 V3.1.5 V3.1.6 V3.1.7 V3.1.8
Which date are you planning to implement your latest CEG version?	TBC
Redirection Model	App to App redirection Decoupled authentication Embedded Flow Bespoke User Journeys
Options on 90 day re-authentication?	90 day re-authentication not enforced but available. Re-authentication required before refresh token expiry date.

PSD2

-Which Directory are you using as your Trust Framework?	Open Banking
Are you caching the Directory?	Yes
Transaction IDs Supported	Option 1 Supported ALL Accounts (including Credit Cards) - Live	ASPSPs provide a Unique, Immutable TransactionID from their core system
Are you enrolled to Dispute Management System?	Yes No
Are you Seeking Fallback Exemption?	Yes No
Article 10 - Maximum time period after authentication	90 days
Article 10 - Endpoints exempt of SCA	Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, ~~Scheduled Payments~~, Statements	We are continuing to allow Customer non present access to these data endpoints as long as a valid consent token exists.
Major Milestones
Brand(s)	Santander Cahoot

ASPSP Dev Portal and Contact Details

Location of Well Known Endpoints	OB Technical Directory
Modified Customer Interface URL (if applicable)
Dev Portal URL	https://developer.santander.co.uk
Test Facility URL	https://sandbox-developer.santander.co.uk/sanuk/external-sandbox/
ASPSP Support Desk Email or Phone Number	Business/Technical: openbankingAPI@santander.co.uk

Key Implementations

High Cost Credit

Santander - HCC.xlsx

The customer balance including the overdraft will be sent in the JSON file as type 'InterimAvailable'.The remaining overdraft will be returned to TPPs in the JSON file as a creditline item and mapped as follows:

OBCreditLine1

OBReadBalance1/Data/Balance/CreditLine/Included - this item will be set to "false".

OBReadBalance1/Data/Balance/CreditLine/Type - set to "Available"

OBReadBalance1/Data/Balance/CreditLine/Amount/Amount - set to the amount of the Overdraft Remaining

OBReadBalance1/Data/Balance/CreditLine/Amount/Currency - set to the currency code of the account balance

The creditline items for Pre-Agreed will remain as is but the item OBReadBalance1/Data/Balance/CreditLine/Included will be set to "false"

Santander UK PLC