HSBC - Private Banking

OB Standards

This Section applies to ASPSPs that have implemented OB Standards

-Have you Implemented OB Standards?
  • Yes
  • No

Open Data - Which version have you Implemented?
  • None
  • V2.2
  • V2.3
  • V2.4
Not in scope of Open Data remedy

Read/Write API Specification Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  • V3.0
  • V3.1
  • V3.1.1
  • V3.1.2
  • V3.1.3
  • V3.1.4
  • V3.1.5
  • V3.1.6
  • V3.1.7
  • V3.1.8
  • V3.1.9
  • V3.1.10
  • V3.1.11
  • V4.0
Third Party Provider access for HSBC Private Banking is provided not through APIs, but through a Modified Customer Interface (MCI)
Read/Write API - Which date are you planning to implement your latest version?N/AThird Party Provider access for HSBC Private Banking is provided not through APIs, but through a Modified Customer Interface (MCI)

Have you implemented v4.0 information flows, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 

Dynamic Client Registration - Which version have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  • None
  • V3.1
  • V3.2
  • V3.3
No registration required to connect to the MCI
DCR - Which date are you planning to implement your latest version?

Have you implemented Trusted beneficiaries, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 
Trusted beneficiary exemption on the MCI is applied at parity with the direct channel

Have you implemented Reverse Payments, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 
Not applicable on the MCI

Have you implemented ECA Standard?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 

ECA Implementation details

N/A

Have you implemented Bulk/File Payments?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 
Not applicable

Have you implemented VRP – Sweeping, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 

Have you implemented VRP non-Sweeping, if not date planned to Implement?

  • Already Implemented
  • Planning to implement
  • Not planning to implement 

PISP - Single Payment Limit£Same as the customer's limit on the direct channel
PISP - Daily Payment LimitN/ASame as the customer's limit on the direct channel
How many months of transaction do you provide?N/ASame as the direct channel
Have you implemented TRIs (Transactional Risk Indicators), if not, date planned to Implement?No
What is your approach to Implementing TRIs?
  • Accept payload with TRI fields – Process all fields
  • Accept payload with TRI fields – Ignore all fields
  • Reject payload with TRI fields – Error back to TPP
  • Accept payload with TRI fields – Process few fields (Provide list of accepted fields)  
Not applicable to the MCI
SCA-RTS 90-day reauth Implementation

Which date are you planning on implementing the SCA reauthentication exemption?

N/ANot applicable to the MCI

What is your approach to token management to enable application of the reauthentication exemption? (see link to FCA guidance)

N/A

Not applicable to the MCI

Article 10A - Endpoints exempt of SCA-RTS
  • Accounts

  • Transactions (90days)

  • Balances

  • Standing orders

  • Direct debits

  • Beneficiaries

  • Products

  • Offers

  • Parties

  • Scheduled Payments

  • Statements

Not applicable to the MCI
Article 10A - Endpoints not exempt of SCA-RTS
  • Transactions (more than 90days)

  • Standing orders

  • Direct debits

  • Beneficiaries

  • Products

  • Offers

  • Parties

  • Scheduled Payments

  • Statements

Not applicable to the MCI
Article 10A - Maximum time period after authentication
Not applicable to the MCI
SCA-RTS implementation status (updated by OBL PS team only)


Not applicable to the MCI
Security Profile


-Which Security profile have you Implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  • OB Security Profile (Legacy)
  • FAPI (ID2)
  • FAPI 1 Advanced
  • Other (Please define) 
Not applicable to the MCI
Security Profile - Next Planned Version Implementation Date

CIBA Profile - Implemented or planning to implement

(Lowest version = Current, Highest version = Planned)

  • None
  • CIBA
  • CIBA FAPI Profile

CIBA Profile - Next Planned Version Implementation Date

Security Profile Certification date?
 

Token Endpoint Authentication Methods Supported
  • client_secret_post
  • client_secret_basic
  • client_secret_jwt
  • tls_client_auth
  • Private_key_jwt
Not applicable to the MCI
Planned date to Cease support for client id and client secret token endpoint authentication

N/A


POST-BREXIT POST TRANSITION - Certificates Accepted (from 1st Jul 2021)
  • eIDAS QWAC
  • eIDAS QSealC
  • OB legacy (obtransport, obsigning)
  • OBWAC
  • OBSeal
  • Other (Please define) 


Customer Journey

-What is your approach to Implementing OBL Customer Experience Guidelines (CEG)?

(tick all that apply)

  • Already Implemented
  • Planning to implement or upgrade
  • Not planning to implement CEG
Not applicable to the MCI

Which version have you implemented or planning to implement?

(Lowest version = Current, Highest version = Planned)

  • V3.1.2
  • V3.1.3
  • V3.1.4
  • V3.1.5
  • V3.1.6
  • V3.1.7
  • V3.1.8
  • V3.1.9
  • V3.1.10
  • V3.1.11
  • V4.0
Not applicable to the MCI
Which date are you planning to implement your latest CEG version?N/AN/A
Redirection Model
  • App to App redirection
  • Decoupled authentication
  • Embedded Flow
  • Bespoke User Journeys

PSD2
-Which Directory are you using as your Trust Framework?Open Banking
Are you caching the Directory?Yes
Transaction IDs SupportedN/A

Are you Seeking Fallback Exemption?

  • Yes
  • No


Article 10 - Maximum time period after authenticationNot applicable to the MCI
Article 10 - Endpoints exempt of SCANot applicable to the MCI
Major Milestones

Brand(s)

ASPSP Dev Portal and Contact Details

Location of Well Known Endpoints

N/A

Modified Customer Interface URL (if applicable)

https://develop.hsbc.com/index.php/ob-mci-overview/modified-customer-interface
Dev Portal URLhttps://develop.hsbc.com/
Test Facility URLhttps://develop.hsbc.com/
Brand Landing Pages URL
[You can use this space to explain your guidance on using Brand logos]

ASPSP Support Desk Email or Phone Number

(including queries about consent success rates) 

openbankingsupport@hsbc.com 
Key Implementations

High Cost Credit

N/A