JROC AND THE FUTURE ENTITY As we transition to a future entity, OBL now looks to the Joint Regulatory Oversight Committee (JROC) to build a sustainable and competitive ecosystem that will unlock the full potential of open banking and develop a scalable data-sharing model. Workstream documents JROC Non-Order Programme Scroll for more BACKGROUND In January 2023, the CMA announced the completion of the open banking Implementation Roadmap. This marked a pivotal milestone for open banking in the UK, and one that has delivered benefits to both businesses and consumers, as well as contributing more than £4bn to the wider UK economy. JROC – led jointly by the Financial Conduct Authority (FCA) and the Payment Systems Regulator (PSR) – has set out its recommendations on the design of the future entity and the vision for open banking. JROC identified three priorities to deliver the vision: to establish a sustainable and competitive footing for the ongoing development of the open banking ecosystem so that it can grow beyond the current functionalities and bring further benefits to end-users to unlock the potential for open banking payments to adopt a model that is scalable for future data sharing propositions. OBL-LED WORKSTREAMS The JROC Open Banking Roadmap assigned OBL responsibility for four themes: Levelling up availability and performance (‘Levelling up’) Mitigating the risks of financial crime (‘Financial crime’) Ensure effective consumer protection if something goes wrong (‘Consumer protection/disputes’) Improving information flows to TPPs and end-users (‘Information flows’). Scroll for more Documents Levelling up Financial crime Consumer protection/disputes Information flows Levelling up Workstream 1 The committee aims to develop an ecosystem where open banking API availability and performance is consistently high across all ASPSPs. This will allow consumers and businesses to benefit from high-performing, reliable services that enhance user experience and build trust in the ecosystem. It means open banking services will be able to scale and grow.Data submitted to OBL under workstream 1 is governed by the terms of the Data Sharing Agreement available here: Data-Sharing-Agreement.pdfDocument Library u003cpu003eu003c/pu003eu003cpu003eYou’ll need to demonstrate that you have a PSD2-compliant business model and appropriate data privacy and security measures in place. Get more information on u003ca href=u0022https://www.fca.org.uk/firms/applications-under-psd2u0022 target=u0022_blanku0022 rel=u0022noreferrer noopeneru0022u003ethe FCA websiteu003c/au003e. u003c/pu003eu003cpu003eThis checklist will help you make sure your application is as complete as possible. It can can take 3-12 months to secure FCA regulation, depending on the quality of your application. u003c/pu003eu003cpu003eu003cstrongu003eRead FCA guidanceu003c/strongu003e – chapter three of ‘Payment Services and Electronic Money’ explains authorisation and registration. u003c/pu003eu003cpu003eu003cstrongu003eKnow your definitionsu003c/strongu003e – are you offering an Account Information Service (AISP)? A Payment Initiation Service (PISP)? A Card-Based Payment Instruction Issuer service (CBPII)? It’s important to be clear about how your service fits the regulator’s definitions. u003c/pu003eu003cpu003eu003cstrongu003eShow a clear business modelu003c/strongu003e – give straightforward explanations of your business model and typical transactions. u003c/pu003eu003cpu003eu003cstrongu003eCheck policies and proceduresu003c/strongu003e – to get regulated you must have specific policies and procedures in place.u003c/pu003eu003cpu003eu003cstrongu003eDemonstrate complianceu003c/strongu003e – you’ll need to show how your security, data storage, IT and policies comply with the regulations. u003c/pu003eu003cpu003eu003cstrongu003eGet insuredu003c/strongu003e – you must have professional indemnity insurance that complies with the regulations. u003c/pu003e Download | ASPSP and TPP Brand IDs Download | Data collection framework for API availability and performance Download | ASPSP data metrics Download | ASPSP data dictionary Download | ASPSP data submission template Download | TPP data metrics Download | TPP data dictionary Download | TPP data submission template Download | Data Sharing Agreement Financial crime Workstream 2 All those involved in open banking need to effectively mitigate risks and ensure consumers are safe. When we better understand the level of financial crime in open banking, including fraud and money laundering, we can improve the tools used and information exchanged between open banking participants so that fraud and financial crime risks are mitigated. This will enable the ecosystem to scale and evolve safely.Data submitted to OBL under workstream 2 is governed by the terms of the Data Sharing Agreement available here: Data-Sharing-Agreement.pdf Document library u003cpu003eThe OBIE Directory enables FinTechs to securely identify themselves to the Banks and Building Societies who hold their customers’ financial information. To enrol, you’ll need to provide: u003c/pu003eu003cpu003eu003cstrongu003eContactsu003c/strongu003e – a primary business contact and a primary technical contact. They can be the same person, but you may find it helpful to nominate two dedicated people to manage your open banking activity. u003c/pu003eu003cpu003eu003cstrongu003eCompany name and numberu003c/strongu003e – the same as they appear on the Companies House register (or European equivalent). These should be the same details used when applying to be regulated. u003c/pu003eu003cpu003eSign up now u003c/pu003eu003cpu003eOnce you sign up we will… u003c/pu003eu003cpu003e✓ Verify your details u003c/pu003eu003cpu003e✓ Provide a case reference number to update you on the progress of your application u003c/pu003eu003cpu003e✓ Contact the Company Secretary or Director listed with Companies House to confirm that your contacts are authorised u003c/pu003eu003cpu003e✓ Check ID through our third-party agency. Your contacts will need to provide proof of identity before attending a face-to-face or Skype session to complete verification u003c/pu003eu003cpu003e✓ Tell you when we’ve completed the identity and verification checks u003c/pu003eu003cpu003eIf you’re already regulated, we’ll check the FCA register to make sure you have the permissions needed to complete your enrolment. u003c/pu003e Download | ASPSP and TPP Brand IDs Download | Framework for data collection on financial crime Download | Data dictionary Download | Data submission template Download | Data Sharing Agreement Consumer protection/disputes Workstream 3 Open banking needs to have processes in place that help guide consumers and other relevant actors if something goes wrong. Existing liabilities need to be applied effectively through a dispute resolution process (where needed) and any potential protection gaps identified and addressed. Document library u003cpu003eOur Sandbox Directory is a test environment where you can run your service with dummy data or with other firms who are also working towards full enrolment. Once we’ve completed our identity and verification checks, our onboarding team will help you get set up. u003c/pu003eu003cpu003eTry the Sandbox u003c/pu003e Information flows Workstream 4 It is important for ecosystem participants to have the right information in terms of errors and payment execution to support and build trust in the system and ensure that it continues to improve. This should lead to fewer initiation failures and errors and increased retailer knowledge on when a payment will be processed or not, as well as the reasons behind errors when they occur. Document library u003cpu003eThere are just three final steps to going live: u003c/pu003eu003cpu003eu003cstrongu003eOur Directoryu003c/strongu003e – we’ll complete your enrolment once your regulatory permissions are confirmed, u003c/pu003eu003cpu003eu003cstrongu003eSoftware statements and digital certificatesu003c/strongu003e – you can set up and manage these in the Directory, and start connecting with account providers to make sure your service works with them u003c/pu003eu003cpu003eu003cstrongu003eDeveloper Zoneu003c/strongu003e – use this to set up the technical configuration for your service u003c/pu003e Contact us For any specific questions or comments about the documents on this website, please contact openbankingengagement@openbanking.org.ukFor any general questions or comments about JROC’s work, please contact jroc@fca.org.uk
JROC AND THE FUTURE ENTITY As we transition to a future entity, OBL now looks to the Joint Regulatory Oversight Committee (JROC) to build a sustainable and competitive ecosystem that will unlock the full potential of open banking and develop a scalable data-sharing model. Workstream documents JROC Non-Order Programme Scroll for more
OBL-LED WORKSTREAMS The JROC Open Banking Roadmap assigned OBL responsibility for four themes: Levelling up availability and performance (‘Levelling up’) Mitigating the risks of financial crime (‘Financial crime’) Ensure effective consumer protection if something goes wrong (‘Consumer protection/disputes’) Improving information flows to TPPs and end-users (‘Information flows’). Scroll for more
Documents Levelling up Financial crime Consumer protection/disputes Information flows Levelling up Workstream 1 The committee aims to develop an ecosystem where open banking API availability and performance is consistently high across all ASPSPs. This will allow consumers and businesses to benefit from high-performing, reliable services that enhance user experience and build trust in the ecosystem. It means open banking services will be able to scale and grow.Data submitted to OBL under workstream 1 is governed by the terms of the Data Sharing Agreement available here: Data-Sharing-Agreement.pdfDocument Library u003cpu003eu003c/pu003eu003cpu003eYou’ll need to demonstrate that you have a PSD2-compliant business model and appropriate data privacy and security measures in place. Get more information on u003ca href=u0022https://www.fca.org.uk/firms/applications-under-psd2u0022 target=u0022_blanku0022 rel=u0022noreferrer noopeneru0022u003ethe FCA websiteu003c/au003e. u003c/pu003eu003cpu003eThis checklist will help you make sure your application is as complete as possible. It can can take 3-12 months to secure FCA regulation, depending on the quality of your application. u003c/pu003eu003cpu003eu003cstrongu003eRead FCA guidanceu003c/strongu003e – chapter three of ‘Payment Services and Electronic Money’ explains authorisation and registration. u003c/pu003eu003cpu003eu003cstrongu003eKnow your definitionsu003c/strongu003e – are you offering an Account Information Service (AISP)? A Payment Initiation Service (PISP)? A Card-Based Payment Instruction Issuer service (CBPII)? It’s important to be clear about how your service fits the regulator’s definitions. u003c/pu003eu003cpu003eu003cstrongu003eShow a clear business modelu003c/strongu003e – give straightforward explanations of your business model and typical transactions. u003c/pu003eu003cpu003eu003cstrongu003eCheck policies and proceduresu003c/strongu003e – to get regulated you must have specific policies and procedures in place.u003c/pu003eu003cpu003eu003cstrongu003eDemonstrate complianceu003c/strongu003e – you’ll need to show how your security, data storage, IT and policies comply with the regulations. u003c/pu003eu003cpu003eu003cstrongu003eGet insuredu003c/strongu003e – you must have professional indemnity insurance that complies with the regulations. u003c/pu003e Download | ASPSP and TPP Brand IDs Download | Data collection framework for API availability and performance Download | ASPSP data metrics Download | ASPSP data dictionary Download | ASPSP data submission template Download | TPP data metrics Download | TPP data dictionary Download | TPP data submission template Download | Data Sharing Agreement Financial crime Workstream 2 All those involved in open banking need to effectively mitigate risks and ensure consumers are safe. When we better understand the level of financial crime in open banking, including fraud and money laundering, we can improve the tools used and information exchanged between open banking participants so that fraud and financial crime risks are mitigated. This will enable the ecosystem to scale and evolve safely.Data submitted to OBL under workstream 2 is governed by the terms of the Data Sharing Agreement available here: Data-Sharing-Agreement.pdf Document library u003cpu003eThe OBIE Directory enables FinTechs to securely identify themselves to the Banks and Building Societies who hold their customers’ financial information. To enrol, you’ll need to provide: u003c/pu003eu003cpu003eu003cstrongu003eContactsu003c/strongu003e – a primary business contact and a primary technical contact. They can be the same person, but you may find it helpful to nominate two dedicated people to manage your open banking activity. u003c/pu003eu003cpu003eu003cstrongu003eCompany name and numberu003c/strongu003e – the same as they appear on the Companies House register (or European equivalent). These should be the same details used when applying to be regulated. u003c/pu003eu003cpu003eSign up now u003c/pu003eu003cpu003eOnce you sign up we will… u003c/pu003eu003cpu003e✓ Verify your details u003c/pu003eu003cpu003e✓ Provide a case reference number to update you on the progress of your application u003c/pu003eu003cpu003e✓ Contact the Company Secretary or Director listed with Companies House to confirm that your contacts are authorised u003c/pu003eu003cpu003e✓ Check ID through our third-party agency. Your contacts will need to provide proof of identity before attending a face-to-face or Skype session to complete verification u003c/pu003eu003cpu003e✓ Tell you when we’ve completed the identity and verification checks u003c/pu003eu003cpu003eIf you’re already regulated, we’ll check the FCA register to make sure you have the permissions needed to complete your enrolment. u003c/pu003e Download | ASPSP and TPP Brand IDs Download | Framework for data collection on financial crime Download | Data dictionary Download | Data submission template Download | Data Sharing Agreement Consumer protection/disputes Workstream 3 Open banking needs to have processes in place that help guide consumers and other relevant actors if something goes wrong. Existing liabilities need to be applied effectively through a dispute resolution process (where needed) and any potential protection gaps identified and addressed. Document library u003cpu003eOur Sandbox Directory is a test environment where you can run your service with dummy data or with other firms who are also working towards full enrolment. Once we’ve completed our identity and verification checks, our onboarding team will help you get set up. u003c/pu003eu003cpu003eTry the Sandbox u003c/pu003e Information flows Workstream 4 It is important for ecosystem participants to have the right information in terms of errors and payment execution to support and build trust in the system and ensure that it continues to improve. This should lead to fewer initiation failures and errors and increased retailer knowledge on when a payment will be processed or not, as well as the reasons behind errors when they occur. Document library u003cpu003eThere are just three final steps to going live: u003c/pu003eu003cpu003eu003cstrongu003eOur Directoryu003c/strongu003e – we’ll complete your enrolment once your regulatory permissions are confirmed, u003c/pu003eu003cpu003eu003cstrongu003eSoftware statements and digital certificatesu003c/strongu003e – you can set up and manage these in the Directory, and start connecting with account providers to make sure your service works with them u003c/pu003eu003cpu003eu003cstrongu003eDeveloper Zoneu003c/strongu003e – use this to set up the technical configuration for your service u003c/pu003e
Levelling up Workstream 1 The committee aims to develop an ecosystem where open banking API availability and performance is consistently high across all ASPSPs. This will allow consumers and businesses to benefit from high-performing, reliable services that enhance user experience and build trust in the ecosystem. It means open banking services will be able to scale and grow.Data submitted to OBL under workstream 1 is governed by the terms of the Data Sharing Agreement available here: Data-Sharing-Agreement.pdfDocument Library u003cpu003eu003c/pu003eu003cpu003eYou’ll need to demonstrate that you have a PSD2-compliant business model and appropriate data privacy and security measures in place. Get more information on u003ca href=u0022https://www.fca.org.uk/firms/applications-under-psd2u0022 target=u0022_blanku0022 rel=u0022noreferrer noopeneru0022u003ethe FCA websiteu003c/au003e. u003c/pu003eu003cpu003eThis checklist will help you make sure your application is as complete as possible. It can can take 3-12 months to secure FCA regulation, depending on the quality of your application. u003c/pu003eu003cpu003eu003cstrongu003eRead FCA guidanceu003c/strongu003e – chapter three of ‘Payment Services and Electronic Money’ explains authorisation and registration. u003c/pu003eu003cpu003eu003cstrongu003eKnow your definitionsu003c/strongu003e – are you offering an Account Information Service (AISP)? A Payment Initiation Service (PISP)? A Card-Based Payment Instruction Issuer service (CBPII)? It’s important to be clear about how your service fits the regulator’s definitions. u003c/pu003eu003cpu003eu003cstrongu003eShow a clear business modelu003c/strongu003e – give straightforward explanations of your business model and typical transactions. u003c/pu003eu003cpu003eu003cstrongu003eCheck policies and proceduresu003c/strongu003e – to get regulated you must have specific policies and procedures in place.u003c/pu003eu003cpu003eu003cstrongu003eDemonstrate complianceu003c/strongu003e – you’ll need to show how your security, data storage, IT and policies comply with the regulations. u003c/pu003eu003cpu003eu003cstrongu003eGet insuredu003c/strongu003e – you must have professional indemnity insurance that complies with the regulations. u003c/pu003e Download | ASPSP and TPP Brand IDs Download | Data collection framework for API availability and performance Download | ASPSP data metrics Download | ASPSP data dictionary Download | ASPSP data submission template Download | TPP data metrics Download | TPP data dictionary Download | TPP data submission template Download | Data Sharing Agreement
Download | ASPSP and TPP Brand IDs Download | Data collection framework for API availability and performance Download | ASPSP data metrics Download | ASPSP data dictionary Download | ASPSP data submission template Download | TPP data metrics Download | TPP data dictionary Download | TPP data submission template Download | Data Sharing Agreement
Financial crime Workstream 2 All those involved in open banking need to effectively mitigate risks and ensure consumers are safe. When we better understand the level of financial crime in open banking, including fraud and money laundering, we can improve the tools used and information exchanged between open banking participants so that fraud and financial crime risks are mitigated. This will enable the ecosystem to scale and evolve safely.Data submitted to OBL under workstream 2 is governed by the terms of the Data Sharing Agreement available here: Data-Sharing-Agreement.pdf Document library u003cpu003eThe OBIE Directory enables FinTechs to securely identify themselves to the Banks and Building Societies who hold their customers’ financial information. To enrol, you’ll need to provide: u003c/pu003eu003cpu003eu003cstrongu003eContactsu003c/strongu003e – a primary business contact and a primary technical contact. They can be the same person, but you may find it helpful to nominate two dedicated people to manage your open banking activity. u003c/pu003eu003cpu003eu003cstrongu003eCompany name and numberu003c/strongu003e – the same as they appear on the Companies House register (or European equivalent). These should be the same details used when applying to be regulated. u003c/pu003eu003cpu003eSign up now u003c/pu003eu003cpu003eOnce you sign up we will… u003c/pu003eu003cpu003e✓ Verify your details u003c/pu003eu003cpu003e✓ Provide a case reference number to update you on the progress of your application u003c/pu003eu003cpu003e✓ Contact the Company Secretary or Director listed with Companies House to confirm that your contacts are authorised u003c/pu003eu003cpu003e✓ Check ID through our third-party agency. Your contacts will need to provide proof of identity before attending a face-to-face or Skype session to complete verification u003c/pu003eu003cpu003e✓ Tell you when we’ve completed the identity and verification checks u003c/pu003eu003cpu003eIf you’re already regulated, we’ll check the FCA register to make sure you have the permissions needed to complete your enrolment. u003c/pu003e Download | ASPSP and TPP Brand IDs Download | Framework for data collection on financial crime Download | Data dictionary Download | Data submission template Download | Data Sharing Agreement
Download | ASPSP and TPP Brand IDs Download | Framework for data collection on financial crime Download | Data dictionary Download | Data submission template Download | Data Sharing Agreement
Consumer protection/disputes Workstream 3 Open banking needs to have processes in place that help guide consumers and other relevant actors if something goes wrong. Existing liabilities need to be applied effectively through a dispute resolution process (where needed) and any potential protection gaps identified and addressed. Document library u003cpu003eOur Sandbox Directory is a test environment where you can run your service with dummy data or with other firms who are also working towards full enrolment. Once we’ve completed our identity and verification checks, our onboarding team will help you get set up. u003c/pu003eu003cpu003eTry the Sandbox u003c/pu003e
Information flows Workstream 4 It is important for ecosystem participants to have the right information in terms of errors and payment execution to support and build trust in the system and ensure that it continues to improve. This should lead to fewer initiation failures and errors and increased retailer knowledge on when a payment will be processed or not, as well as the reasons behind errors when they occur. Document library u003cpu003eThere are just three final steps to going live: u003c/pu003eu003cpu003eu003cstrongu003eOur Directoryu003c/strongu003e – we’ll complete your enrolment once your regulatory permissions are confirmed, u003c/pu003eu003cpu003eu003cstrongu003eSoftware statements and digital certificatesu003c/strongu003e – you can set up and manage these in the Directory, and start connecting with account providers to make sure your service works with them u003c/pu003eu003cpu003eu003cstrongu003eDeveloper Zoneu003c/strongu003e – use this to set up the technical configuration for your service u003c/pu003e
Contact us For any specific questions or comments about the documents on this website, please contact openbankingengagement@openbanking.org.ukFor any general questions or comments about JROC’s work, please contact jroc@fca.org.uk