Transparency Calendar

UK Finance, FDATA and the Open Banking Limited (OBL) are taking steps to improve the flow of information in the market between ASPSPs, AISPs and PISPs on approaches to secure communication under the PSD2 RTS – regardless of the API standard or approach to secure communication being used.

Completing the form will help demonstrate and enable engagement with newly regulated providers. It will also help smooth the transition for customers of third party providers who were in the market prior to 13th January 2018.This Transparency Calendar has been set up to facilitate this voluntary flow of information.It is for each institution to determine whether they answer each question or provide the information in this way – although we would encourage them to do so.The Regulatory Technical Standards under PSD2 set out how the secure communication between newly regulated providers, including AISPs and PISPs, will take place with payment account providers.

Questionnaire and Q&A

To download the questionnaire and for instructions as to how to submit your completed questionnaire then please click here. To access the Q&A then please click here

Full View of ASPSP's Individual Calendars

Use dropdown link within sections below to display summary view of information recorded by all ASPSPs 

Individual ASPSP's calendar can be accessed by selecting 'ASPSPs' at left page menu 

OB Standards

Below are the calendar responses from ASPSP who are enrolled into Open Banking and are specific to the Open Banking Standards

 OB Standards

List of ASPSPs certified for OB Standards Functional Conformance

SCA-RTS 90-day reauth Implementation

Below are the calendar responses from ASPSP on their SCA-RTS implementation status

 SCA-RTS

Security Profile

Below are the calendar responses from ASPSP who are enrolled into Open Banking and are specific to the method of identification that ASPSP will adopt within the OB Ecosystem

 Security Profile

List of ASPSPs certified for Security Profile Conformance

Customer Journey

Below are the calendar responses regarding Customer Journey

 Customer Journey

List of ASPSPs certified for  OB Standards CEG Conformance

PSD2

Below are the calendar responses regarding PSD2

 PSD2

 ASPSP Dev Portal and Contact Details
Contact Details

 Calendars Recently Updated

Recent updates


Submitting a Transparency Calendar Entry

There are two ways to complete the questionnaire:

  • If your firm is enrolled on the OBL directory your OBL testing representative will contact you directly in order to complete the questionnaire.
  • If your firm is not enrolled on the OBL directory then the attached questionnaire should be completed and returned back to UK Finance or emailed to the Open Banking Service Desk : servicedesk@openbanking.org.uk

Your questionnaire response will then be populated into the Transparency Calendar.  Your organisation will then be granted access to your organisations Transparency Calendar page in order for you to be able to update the page directly. 

In order to facilitate this we will require the name of an individual or individuals within your organisation who will be maintaining the page on your organisation's behalf.


Enquiries

If you have any queries regarding any of the questions then please refer to the Q&A section of this page.  If you have any further queries then please email: servicedesk@openbanking.org.uk

Questionnaire

Below is a word version of the questionnaire.


Q&A

This section provides clarification about exactly what information is required for the questions detailed in the questionnaire.

 Q&A
 Implementing Customer Experience Guidelines?

Are you going to implement the Open Banking Customer Experience Guidelines?  Please response 'Yes' or 'No'

 Current CEG Version?

Enter the current version of the CEG implemented in Production

 Next CEG Version?

Enter the next version to be implemented

 Next Version Implementation Date

When will the next version of the CEG be implemented

 Implementing Bespoke User Journeys?

Are you going to implement bespoke  customer journeys?  Please respond 'Yes' or 'No'

 Implementing App to App?

If you are implementing App to App for PSU authentication, please specify the implementation date, otherwise please respond 'N/A'

 App to App Implementation Date?

If you are implementing App to App then please specify the implementation date otherwise please respond 'N/A'

 Options on 90 day re-authentication?

Please specify the customer journey for refreshing AISP access

 Support Embedded Flow?

Are you supporting embedded flow for authentication? Please respond 'Yes' or 'No'

 Directory?

Please specify the Directory your organisation is employing (OBL, Preta, Other)

 Location of Well Known Endpoints?

Please specify the location of your 'Well Known Endpoints'.  These may be held on the Directory you are employing or or development portal.  Please specific 'Directory', 'Dev Portal', 'Other' (specifying)

 API Standard Implemented

Please specify the API Standards your organisation has implemented.  You may have implemented OBL, Berlin Group, STET or your own bespoke standards.  Please specify

 Name of Account Holder Implementation Date

Please specify the implementation date for Name of Account Holder

 Date of Current eIDAS Implementation?

Enter the date the current eIDAS implementation was deployed into production.

 Current Certificates used for Identification?

Please specify the certificates or combination of certificates that are required during TPP identification. (OB Transport + ClientID + Secret / OB Transport/ OB Signing / OBWAC / OBSEAL / QWAC / QSEAL)

 Current Certificates used for Transport?

Please specify the certificates or combination of certificates that are required for Transport (OB Transport  / OBWAC / QWAC)

 Current Certificates used for Signing?

Please specify the certificates or combination of certificates that are required for Signing (OB Signing  / OBSEAL / QSEAL)

 Date of Future eIDAS Implementation?

Enter the date the future eIDAS implementation will be deployed into production (Q2 2020). If you have no future eIDAS implementation planned over and above your current implementation then please enter 'No future update currently planned'

 Future Certificates used for Identification?

Please specify the certificates or combination of certificates that are required during TPP identification. (OB Transport + ClientID + Secret / OB Transport/ OB Signing / OBWAC / OBSEAL / QWAC / QSEAL)

 Future Certificates used for Transport?

Please specify the certificates or combination of certificates that are required for Transport (OB Transport  / OBWAC / QWAC)

 Future Certificates used for Signing?

Please specify the certificates or combination of certificates that are required for Signing (OB Signing  / OBSEAL / QSEAL)

 Major Milestones

Please specify an other major implementation milestones, version updates, version deprecation, new product releases, etc.

 Brand(s)

Please enter the Brand(s) covered by this Transparency Calendar.  If your calendar supports multiple brands then please enter a 'comma' separated list.

 Security Profile?

Please specify whether you support the Open Banking Security Profile or OIDC.  Please respond 'Open Banking', 'FAPI' or 'Other'.

 Security Profile Certification?

Please specify whether you have achieved certification with the Security Profile authority.  Please respond, 'Yes' or 'No'.

 CIBA

Please specify whether you are implementing CIBA for authentication.  Please respond 'Yes', 'No' or N/A

 Using Open Banking as your eIDAS Trust Framework?

If you are using Open Banking to validate third parties regulator status (eIDAS certificates, PSD2 roles and Passports) on your behalf then please respond 'Yes'. 

 Are you caching the Directory?

Please specify whether you are caching the the Open Banking Directory.  Please responds 'Yes' or 'No'

 Transaction IDs

If you are supporting Transaction IDs then please specify 'Option 1', 'Option 2', 'Option 3', or 'Option 4'.

Transaction IDs are conditional in the OBL Read/Write Specification v3.x. There are 4 options for how an ASPSP can treat this field in the API response:

  1. ASPSPs provide a Unique, Immutable TransactionID from their core system
  2. ASPSPs generate a Unique TransactionID from a set of Immutable fields
  3. ASPSPs specify field(s) for TPP to generate a Unique Transaction Identifier
  4. ASPSPs provide neither a TransactionID nor the method by which TPPs can generate one
 FCA Adjustment Period - Maintaining Screen Scraping?

Please specify whether you are supporting screen scraping during the FCA Adjustment Period. Please respond 'Yes' or 'No'

 Seeking Fallback Exemption

Please specify whether you are a seeking exemption with National Competent Authority (NCA) from building a contingency mechanism / fall back. Please respond 'Yes' or 'No'

 Adjusted or Fallback Interface

Please specify your plans for building the 'Adjusted Interface' or 'fallback interface' (approach to SCA, etc.). Answer N/A if you do not plan to build one.

 Adjusted or Fallback URL?

Please specify your 'Adjusted Interface' or 'fallback interface' URL

 Contact Email or Phone Number?

Please specify your organisations Open Banking contact email or phone number.

 Dev Portal URL?

Please provide or Dev Portal URL.

 Test Facility Implementation Date

Please specify the implementation date of your Test Facility.

 Contingency Measures

Please specify the location of the guidance that explains your strategy and plans for when your dedicated interface is unavailable.  This should be a URL to your dev portal or artefact that provides TPPs with the information they require.

 Maximum time period after authentication? (Article 10)

Please specify how long the AISP has from the time when they receive the access token (after PSU authentication).  This is the period the AISP must submit their first request before SCA will be re-applied to endpoints NOT exempt of SCA under Article 10.  ASPSPs should consider that this timeline is consistent with the time limit applied by the ASPSP in the existing online PSU interface (i.e. before the PSU is logged out)

Please specify the time period. (For example, 1 hour)

 Endpoints exempt of SCA under Article 10

Please specify which AIS endpoints will be exempt from SCA under Article 10. (delete as appropriate): Accounts, Balances, Transactions, Beneficiaries, Direct Debits, Standing Orders, Products, Offers, Parties, Scheduled Payments, Statements

 Authentication Method - Open Banking Channel (Browser)?

Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inherence (e.g. fingerprint)

 Authentication Method - Open Banking Channel (APP)?

Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inherence (e.g. fingerprint)

 Authentication Method - Private Channel (Browser)?

Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inherence (e.g. fingerprint)

 Authentication Method - Private Channel (APP)?

Please specify the chosen methods of PSU authentication for knowledge (e.g. password), possession (e.g. OTP) and inheritance (e.g. fingerprint)

 Authentication Method Implementation Date (Open Banking Channel)

Please specify the Authentication Method implementation date for the Open Banking Channel (if applicable).  Please specify date or 'N/A'

 Authentication Method Implementation Date (Private Channel)

Please specify the Authentication Method implementation date for the Private Channel (if applicable).  Please specify date or 'N/A'

 SCA Implementation Date ?

Please specify the SCA implementation date

 SCA Scope?

Please specify the scope of SCA (will it inhibit non PSD2 accounts, such as savings- or mortgage accounts?)