JROC NON-ORDER PROGRAMME

In the 2023 Roadmap recommendations, JROC identified the five key themes required to develop the next phase of open banking. JROC asked OBL, together with Pay.UK, to drive forward the following activities, building on previous work.

Levelling up availability and performance (OBL-led)
Mitigating the risks of financial crime (OBL-led)
Ensuring effective consumer protection if something goes wrong (OBL-led)
Improving information flows to TPPs and end-users (OBL-led)
Promotion of additional services, using non-sweeping variable recurring payments (VRPs) as a pilot (Pay.UK and OBL).

Governance documents

JROC and the Future Entity

LEVELLING UP

Workstream 1

OBJECTIVES

To ensure there is consistently high performance and availability across all APIs so open banking services are available to consumers when they want to use them, and that those APIs operate smoothly, efficiently and reliably.

SCOPE

Collecting Phase 1 /Phase 2 data on API performance and availability, direct channel performance and availability, authentication efficacy and conversion rates, providing MI to JROC and to participants submitting data.

Workstream 2A Fraud Data

Mitigating the risks of financial crime

OBJECTIVES

To reduce the risk that open banking is used to facilitate financial crime, we need to understand existing levels of financial crime in open banking.

Through this sub-stream, OBL is conducting a voluntary fraud data collection exercise, which aims to build a clearer understanding of financial crime in open banking payments and to identify emerging trends and areas of concern.

SCOPE

– Voluntary fraud data collection exercise, which aims to build a clearer understanding of financial crime in open banking payments and to identify emerging trends and areas of concern.

– To identify if the Open Banking Standard needs to be updated in order to reduce fraud.

Workstream 2B Fraud Tools

Mitigating the risks of financial crime

OBJECTIVES

To implement tools to effectively mitigate the impacts of financial crime in open banking (transaction risk indicators (TRIs)) and develop a longer-term roadmap for how tools could evolve in the future, balancing fraud control with the need to reduce friction.

This objective will be delivered through a pilot of the existing financial crime tools included in the Open Banking Standard, the gathering of efficacy data and the development of a roadmap for tools to address financial crime in open banking payments.

SCOPE

Phase 1 Pilot
Evaluate current TRIs in a test environment to test efficacy and identify qualitative outcomes for TPPs and ASPSPs.

Phase 2 Pilot
Evaluate current TRIs to confirm accuracy and relevance, making changes, deletions, or additions as necessary.

Longer-term Roadmap
To go beyond TRIs as they currently exist and explore additional crime prevention tools to detect and reduce fraud for TPPs and ASPSPs.

Workstream 3

Ensuring effective consumer protection if something goes wrong

OBJECTIVES

To ensure consumers have the appropriate degree of protection if something goes wrong with their open banking transaction.

SCOPE

– Building on the previous report prepared by OBL, which identified specific gaps in consumer protections, to further understand each gap and to develop a recommended approach.

– To evaluate the level of consumer protections that are necessary to maximise take-up of open banking payments in retail transactions for both consumers and merchants.

– To evaluate the level of consumer and data protections that are necessary to maximise greater adoption of account information services.

– To recommend changes that could be made within the limits of the existing regulatory framework, and what potential changes to the framework might be required in future.

Workstream 4

Improving information flows to TPPs and end-users

OBJECTIVES

That TPPs and end-users receive appropriate, timely and consistent information regarding the provision of open banking payments and error messaging more generally. This will give certainty as to the status of open banking payments, and clarity as to why an unexpected event has occurred during an open banking journey.

SCOPE

– OBL to gather implementation plans from the CMA9, non-CMA9 ASPSPs and some of the largest TPPs in the market. This will enable OBL to produce the desired artefact.

– OBL to also get updates from Pay.UK on Recommendation 3 related changes (payment system changes to support clarity of payment status) to add to the report.

Workstream 5

Promotion of additional services, using non-sweeping VRPs as a pilot

Workstream 5.1 – Technical

OBJECTIVES

To ensure that all necessary technical and functional requirements are in place and implemented to support successful delivery of Wave 1 of the rollout, including giving consideration to Waves 2+ and the longer-term roadmap.

Aim to satisfy all technical recommendations and requirements identified by the blueprint and identified by OBL/Pay.UK as necessary.

SCOPE

All technical and functional elements of preparation for Wave 1.

A longer term technical/functional roadmap, to identify technical and functional gaps to be considered for Waves 2 and beyond.

Workstream 5.2 – Disputes

OBJECTIVES

– To create an effective and fit-for-purpose disputes management system for Wave 1, and review whether it can be leveraged for Wave 2 cVRP transactions.

– Leverage existing technologies and solutions for Waves 1 and 2 to ensure timelines are met and costs are controlled, subject to the evaluation of technical disputes system requirements.

SCOPE

Waves 1 and 2

– A disputes system for low-risk cVRP transactions and an arbitration solution for issues between TPP and ASPSP where the outcome cannot be resolved between the parties that can potentially scale to handle a high volume of disputes across multiple sectors.

Workstream 5.3 – Industry Coordination

OBJECTIVES

– Engage with ecosystem participants to identify candidate ASPSPs and TPPs interested in participating in the different waves of the rollout and to ensure the broader ecosystem is involved and kept informed of cVRP developments.

– Support ASPSPs and TPPs in their implementation of cVRP functionality through the rollout. Provide MI on rollout performance.

– Track and report on the participants’ readiness to ensure a successful rollout pre- and post go-live.

SCOPE

– End-to-end project engagement with ecosystem participants (ASPSPs and TPPs) in the rollout of the different waves.

– Collecting potential Wave 1 use cases to inform policy work on sector definitions.

Workstream 5.4 – Multilateral Agreement (MLA) Development

OBJECTIVES

– Deliver the clauses required for a Wave 1 cVRP Multilateral Agreement (MLA) through key deliverables (e.g., MLA template and guidance notes, advice on competition etc).

– Where applicable, procure and work with legal resource to codify the MLA clauses into a final MLA legal contract and associated schedules and guidance that is the basis for the first wave of cVRPs.

– Ultimately delivering the cVRPs ecosystem that PISPs and ASPSPs can deliver to.

– Continue to develop clauses for later waves to be implemented in the MLA to build out to an MLA 2.0 and MLA 3.0.

SCOPE

Wave 1
Government, utilities and non-sweeping financial services

Wave 2
Low-risk e-commerce

Wave 3
Medium-risk e-commerce

GOVERNANCE

DOCUMENTS

JROC Non-Order Programme Workplan Implementation Group (JWIG)

Terms of reference
Meeting papers:

Document Library

u003cpu003eu003c/pu003eu003cpu003eYou’ll need to demonstrate that you have a PSD2-compliant business model and appropriate data privacy and security measures in place. Get more information on u003ca href=u0022https://www.fca.org.uk/firms/applications-under-psd2u0022 target=u0022_blanku0022 rel=u0022noreferrer noopeneru0022u003ethe FCA websiteu003c/au003e. u003c/pu003eu003cpu003eThis checklist will help you make sure your application is as complete as possible. It can can take 3-12 months to secure FCA regulation, depending on the quality of your application. u003c/pu003eu003cpu003eu003cstrongu003eRead FCA guidanceu003c/strongu003e – chapter three of ‘Payment Services and Electronic Money’ explains authorisation and registration. u003c/pu003eu003cpu003eu003cstrongu003eKnow your definitionsu003c/strongu003e – are you offering an Account Information Service (AISP)? A Payment Initiation Service (PISP)? A Card-Based Payment Instruction Issuer service (CBPII)? It’s important to be clear about how your service fits the regulator’s definitions. u003c/pu003eu003cpu003eu003cstrongu003eShow a clear business modelu003c/strongu003e – give straightforward explanations of your business model and typical transactions. u003c/pu003eu003cpu003eu003cstrongu003eCheck policies and proceduresu003c/strongu003e – to get regulated you must have specific policies and procedures in place.u003c/pu003eu003cpu003eu003cstrongu003eDemonstrate complianceu003c/strongu003e – you’ll need to show how your security, data storage, IT and policies comply with the regulations. u003c/pu003eu003cpu003eu003cstrongu003eGet insuredu003c/strongu003e – you must have professional indemnity insurance that complies with the regulations. u003c/pu003e

Download | 07 Oct 24 – meeting and minutes JWIG
Download | 09 Sep 24 – meeting and minutes JWIG
Download | 05 Aug 24 – meeting and minutes JWIG
Download | ToR – JROC Non-Order Programme Workplan Implementation Group (JWIG)

VRP Working Group (VRP WG)

Terms of reference
Meeting papers:

Download | 17 Oct 24 – meeting and minutes VRP WG
Download | 03 Oct 24 – meeting and minutes VRP WG
Download | 19 Sep 24 – meeting and minutes VRP WG
Download | 05 Sep 24 – meeting and minutes VRP WG
Download | 22 Aug 24 – meeting and minutes VRP WG
Download | 08 Aug 24 – meeting and minutes VRP WG
Download | ToR – VRP Working Group (VRP WG)

Funders Advisory Panel (FAP)

Terms of reference
Meeting papers:

Download | 04 Oct 24 – meeting and minutes FAP
Download | 06 Sep 24 – meeting and minutes FAP
Download | 01 Aug 24 – meeting and minutes FAP
Download | ToR – Funders Advisory Panel (FAP)

Financial Crime Data

JROC Workstream 2a – Financial Crime Data

No Documents found

Contact us

For any specific questions or comments about the documents on this website, please contact openbankingengagement@openbanking.org.uk

For any general questions or comments about JROC’s work, please contact jroc@fca.org.uk

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
pardot	past	The cookie is set when the visitor is logged in as a Pardot user.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
lpv840283	30 minutes	No description
visitor_id840283	10 years	No description
visitor_id840283-hash	10 years	No description