O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Overview of the UK Open Banking Initiative

Paper presented at the PSD@ and GDPR Forum. Amsterdam, 19th Feb 2018.

  • Entre para ver os comentários

Overview of the UK Open Banking Initiative

  1. 1. UK Open Banking PSD2 and GDPR Forum Amsterdam 19 Feb 2018 Gary Farrow Head of Architecture Open Banking
  2. 2. 2 Start of the Open Banking Journey AUG 2016 CMA publishes report on its investigation into the UK’s retails Banking Market SEP 2016 Open Banking Implementation Entity formed to deliver Open Banking PSD2 and GDPR Forum To make Open Banking a reality in the UK OBIE defines Open Standards and Processes …making it possible to share information securely with third parties… …who will create information and value add services for consumers and small businesses Business Drivers • Increase competition • Enable new and smaller Banks to grow The OPEN BANKING Remedy • Enables retail customers and small businesses to share their account information securely
  3. 3. PISPOpen Data AISP 3 Regulatory Overview CMA Order • ATMs & Branch locations • Personal Current Accounts • Business Current Accounts • SME Lending • SME Credit Cards • Payment Initiation • Account Balance • Confirmation of Funds PSD2 • Strong Customer Authentication • Exemptions • eIDAS / Security Framework OPEN BANKING UK RTS • Account Information • Transaction History PSD2 and GDPR Forum
  4. 4. 4 Our Journey So Far MAR 2017 Open Data Launches JUL 2017 Account Information and Payment Initiation specifications issued PSD2 and GDPR Forum OCT 2017 Open Banking Directory live JAN 2018 Open Banking managed rollout begins for regulated participants. Release 1 Aligned to the CMA Order Aligned to the CMA Order & PSD2 Enrolment of future regulated participants begins To facilitate 3rd party enrolment and de-risk the introduction of Open Banking
  5. 5. ASPSP 5 PSD2 and GDPR Forum Open Banking Eco-System Open Banking Directory + Other NCAs Participants 1. Registration 2. Enrolment 3. Authorisation Status Digital Identities Digital Certificates 4. Self-Service PISP AISP Signed Identity Statements Open Data Payment Initiation Account Information
  6. 6. 6 Strong Customer Authentication Flow 2. API : Request PI or AI PSU 5. Authorise PI or AI 1. Consent to PI or AI ASPSP 1st and 2nd factors supplied to the ASPSP Transfer to / from the ASPSP PSD2 and GDPR Forum 3. Authenticate PSU 4. Select Payer Account(s) Key Concept • Consent takes place in the TPP Domain • Authorisation takes place in the ASPSP Domain PISP AISP
  7. 7. 7 PSD2 and GDPR Forum Consent and Authorisation Model Consent Authentication Account Selection Authorise PSD2 • PSD2 consent model • Given to the TPP • RTS Strong Customer Authentication • Data clusters concept ensures the AISP requests only the information they need to perform their service  Dynamic linking for PIS binding, Payer, Amount, TPP and Beneficiary GDPR • Lawful basis of processing is, for example, “Contract” • Lawful basis of processing is, for example , “Legal Obligation” under the CMA Order & PSD2 • Data minimisation through obfuscation of account details from the TPP  A helpful step for providing consumer clarity and ensuring transparency
  8. 8. 8 Our Future Journey DEC 2017 Amended CMA Order FEB 2018 Release 2 Specification PSD2 and GDPR Forum Amended Order Timetable PSD2 Items Items Governance and Funding Ongoing Standards Development • Extension for Open Data • Future Dated Payments and Standing Orders • Confirmation of Funds • PSD2 Accounts • RTS Exemptions • International payments • Multi-authorisation Evaluation • Reverse Payments • SCA Flows - redirection embedded / de- coupled • Bulk and batch payments Amended Order Timetable PSD2 Items Governance and Funding Items for longer term consideration
  9. 9. Thank you www.openbanking.org.uk