CEG Certificate: Example Bank 2019

Org NameExample Bank
Org TypeASPSP
Brand(s)Brand X
Product(s)Personal
API Versionv3.1
CEG Checklist Versionv2.0.6
Submitted By
Joe Bloggs
Date Submitted
 
AttestationDownload
CEG ChecklistDownload
Status
PARTIAL
Date Passedn/a
NotesLorem ipsum dolor sit amet, consectetur adipiscing elit. Donec cursus malesuada congue. Praesent ultrices enim sed malesuada lacinia. Morbi ac enim augue. Donec est leo, porta id turpis a, efficitur semper libero.
Signed By
Sam Bloggs

Customer Experience Guidelines

CEG Checklist Ref.TopicChecklist QuestionNotesScreenshot / video expectedEvidence description (to match the document attached)Completed (with correct answer from Column "Notes")Elements not completedMitigationImpactTimeframe for resolution
1.AuthenticationIs your Open Banking authentication journey equivalent to the journey experienced by a PSU when authenticating directly within your existing online channel(s) (e.g. browser and app)?Answer must be "Yes"Yes (comparison)





2.At any point during the Open Banking customer journey, do you ask the PSU for consent for the TPP to access account information or initiate a payment?Answer must be "No"Yes (by absence)





5a.Do you support app-to-app redirection?Answer must be "Yes"Yes





7.Error codesDo you provide error codes to the TPP as per the error codes specified in the Read/Write Data API Specification v3.1 for failed requests?Answer must be "Yes"No





10.Access dashboardsDo you make available an access dashboard which allows PSUs to view TPP access which has been previously granted (as per Section 3.1.4 of the Customer Experience Guidelines)?]Answer must be "Yes"Yes





11.ComplaintsDo you provide an easy way for the PSU to understand the complaints and dispute resolution process? Answer must be "Yes"Yes (show link/explanation)





13a.Data clusters (AIS)Do you use the OBIE language shown under the Customer Experience Guidelines Section 3.2.3 to describe the data clusters when communicating with the PSU?Answer must be "Yes"Yes





14.Functionality (AIS)Do you provide access to all account information made available to the PSU through your existing online channel(s), irrespective of the channel through which the TPP is presenting their service to the PSU?Answer must be "Yes"No





15.Do you apply the same access control rules to joint and multi-signatory accounts when accessed through a TPP as are applied when these accounts are accessed directly by the PSU?Answer must be "Yes"No





17.Authenticating to refresh access (AIS)When a PSU is authenticating to refresh AISP access without making any changes to the original consent request, does your journey include any steps or screens other than those required for authentication of the PSU, for example, re-selection of the account(s) to which access was originally granted?Answer must be "No"Yes (by absence)





19.Functionality (PIS)For payments that do not require the display of supplementary information (as defined in the Customer Experience Guidelines 4.1.2) does your journey involve any further steps (as defined in the Customer Experience Guidelines 4.1.1) or screens following authentication?Answer must be "No"Yes (by absence)





20.Do you provide supplementary information where it is required, in an equivalent way, to direct interactions with PSUs?Answer must be "Yes"Yes (comparison)





21.Can a PSU using a PISP utilise all PIS functionality offered by the ASPSP to the PSU in their online channel, irrespective of the channel or method used for authentication?Answer must be "Yes"No





23.In cases where the payment instruction is incomplete because the account details have not been provided by the PSU to the PISP, do you allow the PSU to select the account from which they wish to make the payment? Answer must be "Yes"Yes





25.Status of payment (PIS)Do you provide or make available all information regarding initiation and execution of the payment to the PISP immediately after receipt of the payment order?Answer must be "Yes"No





28.Display of payment details (PIS)Do you make the PSU aware of the amount/currency/payee as part of the authentication journey?Answer must be "Yes", unless an SCA exemption is being appliedYes





29a.Confirmation of funds ("yes/no" response) (PIS)Do you provide immediate confirmation of whether or not there are funds available at the PISP’s request, in a ‘yes or no’ format?Answer must be "Yes" [note - not required for March, agree date with Trustee]No





29b.If you cannot perform a funds check then do you provide PISPs the necessary data to allow them to make their own judgements on the sufficient availability of funds?Answer must be "Yes"No





31.Explicit consent (CBPII)Do you, prior to receiving the first request from each CBPII, obtain explicit consent from the PSU to provide confirmation of funds in response to CBPII requests (as shown under the Customer Experience Guidelines Section 5)?Answer must be "Yes"Yes





34.Confirmation of funds ("yes/no" response) (CBPII)Do you provide immediate confirmation of funds in the form of a ‘yes’ or ‘no’ answer to a CBPII request where the payment account is accessible online?Answer must be "Yes"No





Video evidence

AISP AuthVideoStatusIssuesMitigationPlanned Fix Date
WebView
CERTIFIED
n/an/an/a
iOSView
FAIL
Lorem ipsum dolor sit ametn/a 
AndroidView
PARTIAL
Lorem ipsum dolor sit ametLorem ipsum dolor sit amet 
AISP Re-authVideoStatusIssuesMitigation
Web




iOS




Android




PISP Auth (no a/c selection)VideoStatusIssuesMitigation
Web




iOS




Android




PISP Auth (a/c selection)VideoStatusIssuesMitigation
Web




iOS




Android




PISP Auth (supplementary info)VideoStatusIssuesMitigation
Web




iOS




Android




CBPII AuthVideoStatusIssuesMitigation
Web




iOS




Android




Decoupled VideoStatusIssuesMitigation
Model A




Model B




Model C




Model D