Operational standards ensure a common, best-practice operating environment for all banks and tech companies utilising open banking.
Available Operational Standards
There are six operational standards (including the API Security Profile) that must be used when providing or accessing standardised Open Banking APIs. There is one operational standard that applies to all registered Standards Users when from the time they join the API Centre.
|
Standard |
Description |
|---|---|
| Customer | Specifies the customer’s rights to receive clear and transparent disclosures, be provided with self-service access to view or revoke a consent and receive support for dispute resolution. |
| Data Security | Minimum requirements for protecting information and data provided to, or obtained by, an API Standards User and the processes for managing unauthorised use or disclosure (data breach). |
| Register | Obligations on the API Centre to provide and maintain the API Centre Register and minimum requirements for API Standards Users who use it. |
| Reporting | Sets out an obligation for API Standards Users to report open banking uptake (usage) to the API Centre monthly. |
| Performance | Minimum requirements for API Standards Users to manage planned or unplanned outages, report monthly on performance and availability of open banking API Services and meet certain minimum thresholds for performance and availability of open banking APIs. |
| Security Profile | Based on the Financial-grade API specification, the open banking Security Profile provides specific implementation guidelines for security and interoperability of open banking APIs. The standard ensures a higher level of security than provided by OAuth or OpenID Connect alone. |
| Compliance | Applicable to all registered API Standards Users, key compliance requirements as set out in the API Centre Terms and Conditions. |
You can view our available Operational Standards using the link below.