Regulations and Standards

Regulations and specifications are enforced by the authorities to standardise the open banking requirements and evaluate the open banking compliance in their region/country.

Open banking regulations

Open banking regulations provide a policy and legislative framework to help banks and API consumers deliver the benefits of open banking.

  • The first known open banking regulation is the Payment Service Directive in Europe. This is administered by the European Commission (Directorate General Internal Market) which regulates payment services and payment service providers throughout the European Union and European Economic Area (EEA). PSD1 came into force in 2007 followed by PSD2 in 2015. Listed below are some benefits of the PSD2:

    • The customers can manage their finances using third-party applications, For example, pay your bills using social media accounts.
    • More consumer choices and better online and mobile payment methods.
    • More opportunities for fintech companies to introduce new and innovative banking services.
    • Enhanced payment security.
    • Ability to standardize the payment systems and impose limits on transaction fees to ensure lower costs for the consumers.

  • The Competition and Market Authority formed the Open Banking Implementation Entity (OBIE) in the UK. The Open Banking Implementation Entity adopted the PSD2 and issued its first version of the open banking standard in 2017. It specified how banks should allow an API consumer to access customer information and request payments with the customer’s consent. OBIE drives competition and innovation in consumer banking and their responsibilities include the following:

    • Design the specifications for the APIs that banks and building societies use to securely provide Open Banking.
    • Support regulated third party providers and banks and building societies to use the Open Banking standards.
    • Create security and messaging standards.
    • Manage the Open Banking Directory which allows regulated participants like banks, building societies and TPPs to enrol in Open Banking.
    • Produce guidelines for participants in the Open Banking ecosystem.
    • Provide a process for managing disputes and complaints

Open banking standards

Alongside regulations introduced in different regions, there are specifications to describe the implementation guidelines for the open banking requirements. The Open Banking Implementation Entity in the UK issued the Open Banking Standard.

Note

WSO2 Open Banking UK Toolkit is compliant with the Open Banking Standard UK.

Other regulations and standards

  • The General Data Protection Regulation (GDPR) is a legal framework formalized in the European Union (EU) in 2016 and comes into effect from 28, May 2018. GDPR effectively replaces the previously used EU Data Protection Directive (DPD).

  • The European Banking Authority (EBA) published Regulatory Technical Standards (RTS). PSD2 refers to RTS for technical guidance on authentication, authorisation, and other security aspects. RTS also defines when and how to apply Strong Customer Authentication (SCA) considering the requirements of PSD2.

  • Financial-grade API (FAPI) is an industry-led specification of JSON data schemas, security and privacy protocols to support use cases in the financial industry and other industries that require higher security. FinTech developers can accelerate secure open banking with FAPI. It uses OAuth 2.0 and OpenID Connect (OIDC) as its base and defines additional technical requirements.

Top