Download the UK open banking version 4.0 essential guide
In this essential guide to the Open Banking Read-Write API Profile version 4.0, we cover the key changes and enhancements being made to the UK open banking standard, key deadlines for compliance and implementation, technical specifications you need to be aware of, and how it’ll impact stakeholders. We also cover what support is available.
Once you’ve read this guide, you’ll feel empowered to react to version 4.0 with confidence.
_
Why is the UK Open Banking Standards being Updated?
The changes within v4.0 have been triggered by several critical events:
- The OpenID Foundation (OIDF) has confirmed that the FAPI 1 Implementers Draft 2 will be retired, and after 31 March 2025, no further certifications will be available for this version of the security profile. This means that continued use of this deprecated standard would lead to non-compliance with international security protocols.
- The Bank of England has published mandatory changes to CHAPS payments that mandate the use of ISO 20022 message standards and the inclusion of enhanced and enriched data. These changes are crucial for ensuring that the UK banking ecosystem remains compliant with FCA regulations.
To elaborate on the regulatory requirements:
- FCA SCA-RTS article 30(3): Account servicing payment service providers (ASPSPs) must ensure that their interfaces follow standards of communication issued by international standardisation organisations.
- FCA SCA-RTS guidance paragraph 21: To ensure the interoperability of different technological communication solutions, the interface should use standards of communication developed by international standardisation organisations.
These updates are essential to maintain interoperability and compliance with international standards, thereby fostering a secure, efficient, and competitive banking environment in the UK.
_
Who are OBL?
Open Banking Limited (OBL), also known as the Open Banking Implementation Entity (OBIE), was set up by the UK’s Competition and Markets Authority (CMA) to implement the CMA Order—a remedy to drive competition, innovation, and transparency in UK retail banking.
What do OBL do?
- Championing the Open Banking Ecosystem: They develop the Standard and promote the ecosystem.
- Providing Critical Services and Infrastructure: They underpin the day-to-day running of open banking in the UK.
- Supervisory Activities: They enable the Trustee, an independent figurehead, to oversee the implementation by the nine largest UK retail banks (CMA9) and ensure that the objectives of the CMA Order are met.
_
Key changes and Enhancements to the UK Open Banking Standard
Overview of version 4.0
The Open Banking Read-Write API Profile version 4.0 is the first major release of the UK standards since September 2018. This major release, requiring mandatory updates by the CMA9, has been published to ensure the UK Standards continue to align with international best practices in terms of electronic messaging standards, security, and reliability of APIs used in the financial industry.
Key features:
- Migration to FAPI 1.0 Advanced: The uplift to FAPI 1.0 Advanced is necessary as FAPI 1 Implementers Draft 2 is being deprecated by the OpenID Foundation and will no longer be supported.
- Alignment to ISO 20022 Code Values: This replaces the previously modified non-standard code names so that providers can meet the Bank of England deadlines for CHAPS payments while providing the required codes for all ISO 20022 payments like International SEPA and Swift payments.
- Inclusion of Additional ISO 20022 Data Elements: Required for CHAPS payments to meet the Bank of England’s mandatory requirements.
Enhancements:
- Enhanced data sharing protocols: Despite the TDA voting against implementing certain elements like Pushed Authorisation Requests (PAR) and Proof of Key Code Exchange (PKCE), the adoption of FAPI 1.0 Advanced will still bring significant benefits to the UK Open Banking ecosystem.
- Security and privacy enhancements: The adoption of ISO 20022 code values and messaging rather than continuing to use non-standard code names for open banking initiated payments will provide harmonisation with payment systems worldwide. The enriched data provided by PISPs can also lead to fewer delays for the end customer and reduce manual interventions due to fraud ‘false positives’.
Technical specifications and API updates:
The v4.0 ISO 20022 changes impact all payment types as it is not possible to separate CHAPS and faster payments within the API specifications. The additional ISO 20022 data elements include:
- Category purpose: Can be used to specify the high-level purpose of the transaction.
- LEI: Ensures a unique and clear identification of all parties involved in the transaction, improving traceability and compliance.
- Ultimate creditor and ultimate debtor: Provide clarity and transparency on the final recipient and origin of funds, enhancing auditing and compliance.
- Proxy: Allows PISPs to provide an identifier that can be used as a substitute for a primary account number.
In addition to the above data elements, the v4.0 Payment APIs have been enhanced to enable PISPs to provide information for regulatory reporting and remittance information, aiding faster and more accurate reconciliation processes.
_
Compliance and Implementation Deadlines for Version 4.0
For CMA9 institutions
The Competition and Markets Authority (CMA) have directed that the migration to FAPI 1.0 Advanced and the ISO 20022 changes constitute Standards maintenance under the CMA Order. The deadlines for CMA9 institutions are as follows:
- Migration to FAPI 1.0 Advanced: Must be completed and implemented by 31 December 2024.
- Implementation of Read-Write v4.0 Standards: Must be supported by the end of Q1 2025.
- CHAPS Payments Compliance: Meet the Bank of England’s CHAPS deadline by 1 May 2025.
For non-CMA9 institutions
While non-CMA9 institutions are not mandated under the CMA Order, they should consider the following to stay competitive and compliant:
- Support for CHAPS and international payments: Non-CMA9 ASPSPs supporting CHAPS and international payments via the Open Banking payment APIs must consider migrating to v4.0 to meet the Bank of England deadlines.
- Future compliance: The FCA may provide future direction on the regulatory position and compliance with the Payment Services Regulations (PSR 2017) and SCA-RTS Article 30(3), which could apply to all ASPSPs.
_
Impact on Stakeholders
Impact on CMA9 Banks
- There is a transition period for the CMA9 adopting the new standard. The timelines for the CMA9 are:
- Migration to FAPI 1.0 Advanced by 31 December 2024.
- Providing 90 days notice via their Developer Portal when FAPI 1.0 Advanced will be supported.
- Implementation and support of Read-Write v4.0 standards and alignment to ISO 20022 codes by the end of Q1 2025.
- Meeting the Bank of England CHAPS deadline by 1 May 2025 for any non-CMA9 ASPSPs supporting CHAPS payments.
Impact on Tier 1 and 2 Banks
Non-CMA9 ASPSPs need to consider adopting v4.0 if they support CHAPS and international payments via their Open Banking solution. While not mandated, non-compliance risks being left behind. The upgrade offers:
- Enhanced security: Compliance with PSD2 and ensuring the highest level of security by upgrading to the latest standards (FAPI 1 Advanced).
- Future-proofed operations: Alignment with ISO 20022 message standards to meet upcoming regulatory requirements.
- Staying competitive: Unlock new functionalities like Variable Recurring Payments (VRP) and tap into new revenue streams.
Impact on Third-Party Providers (TPPs)
TPPs will have to support both FAPI 1 Implementers Draft 2 and FAPI 1.0 Advanced security profiles, receiving different data enumeration values and error messages depending on the ASPSP’s supported version.
This will result in variations in payment consent and initiation resource payloads.
_
Future Considerations & Information
- JROC Levelling Up and Long-Term Regulatory Framework: Ongoing JROC (Joint Regulatory Oversight Committee) activities will see the CMA’s Retail Banking Order end and a new long-term regulatory framework established. This could result in secondary legislation empowering the FCA to oversee data-sharing requirements for all ASPSPs in the future.
- Post 4 July 2024 – General Election: The Labour manifesto includes support for innovation and growth in the financial services sector through new technology, including Open Banking and Open Finance.
- JROC Information Flows – Work stream 4: The report identified key gaps in payment status information, error messages, and consistency. Recommendations include updating the open banking standard to improve information on payment statuses, handling of error messages, and regulatory support to drive consistent implementation.
- PSR VRP cp23/12 Expanding Variable Recurring Payments & JROC Pilot: The Payment Systems Regulator (PSR) seeks to extend VRPs to enable payments between accounts in different names, initially targeting regulated financial services, utilities sectors, and government payments. The JROC pilot for consumer-to-business VRPs under a commercial API model aims for a Phase 1 rollout by Q3 2024.
_
Support with the UK Open Banking Standard Version 4.0
How Can Ozone API Help?
Ozone API’s expert team and comprehensive platform can ensure a smooth transition to v4.0, providing tier 1 and 2 banks with tools to secure operations, align with future regulations, and tap into new revenue streams. Benefits of outsourcing to Ozone API include:
- Proven technology and deep subject matter expertise – We have helped banks around the world, from Tier 1 banks to digital banks to wallets and everything in between.
- Compliance with any global standard – We support all global standards and a single integration can allow you to deliver open banking APIs in any market you operate.
- Hassle-free updates – We always stay up to date with the latest global versions, enabling a smooth transition to v4.0 as well as always keeping your API up to date with future versions.
- Advanced features – Enhance your open banking offerings with our platform’s advanced features and rich API catalogue to stay competitive.
- Cost efficiency: Utilise our streamlined API integration to reduce operational costs and complexity.
- Tapping into new revenue streams – We help you quickly deliver premium APIs like Variable Recurring Payments to create new avenues for commercial growth.
Contact Information
If you’re confused about what this update means for you, or you want to remove the complexity of upgrading to the new standard, we’re here to help. Speak to our General Manager in the UK about how Ozone API can help with implementing the latest version of the UK open banking standard? Book a call with James Bushby here.