Resources Insights News

The Essential Guide to OBL Version 4.0

In this essential guide to OBL version 4.0, we cover the key changes and enhancements being made to the UK open banking standard, key deadlines for compliance and implementation, technical specifications you need to be aware of, and how it’ll impact stakeholders. We also cover what support is available.

Once you’ve read this guide, you’ll feel empowered to react to OBL version 4.0 with confidence.

_

Why is the UK Open Banking Standards being Updated?

The changes within v4.0 have been triggered by several critical events:

  • The OpenID Foundation (OIDF) has confirmed that the FAPI 1 Implementers Draft 2 will be retired, and after 31 March 2025, no further certifications will be available for this version of the security profile. This means that continued use of this deprecated standard would lead to non-compliance with international security protocols.
  • The Bank of England has published mandatory changes to CHAPS payments that mandate the use of ISO 20022 message standards and the inclusion of enhanced and enriched data. These changes are crucial for ensuring that the UK banking ecosystem remains compliant with FCA regulations.

To elaborate on the regulatory requirements:

  • FCA SCA-RTS article 30(3): Account servicing payment service providers (ASPSPs) must ensure that their interfaces follow standards of communication issued by international standardisation organisations.
  • FCA SCA-RTS guidance paragraph 21: To ensure the interoperability of different technological communication solutions, the interface should use standards of communication developed by international standardisation organisations.

These updates are essential to maintain interoperability and compliance with international standards, thereby fostering a secure, efficient, and competitive banking environment in the UK.

_

Who are OBL?

Open Banking Limited (OBL), also known as the Open Banking Implementation Entity (OBIE), was set up by the UK’s Competition and Markets Authority (CMA) to implement the CMA Order—a remedy to drive competition, innovation, and transparency in UK retail banking.

What do OBL do?

  • Championing the Open Banking Ecosystem: They develop the Standard and promote the ecosystem.
  • Providing Critical Services and Infrastructure: They underpin the day-to-day running of open banking in the UK.
  • Supervisory Activities: They enable the Trustee, an independent figurehead, to oversee the implementation by the nine largest UK retail banks (CMA9) and ensure that the objectives of the CMA Order are met.

_

Key changes and Enhancements to UK Open Banking Standard

Overview of OBL version 4.0

The Open Banking Read-Write API Profile version 4.0 is the first major release of the UK standards since September 2018. This major release, requiring mandatory updates by the CMA9, has been published to ensure the UK Standards continue to align with international best practices in terms of electronic messaging standards, security, and reliability of APIs used in the financial industry.

Key features:

  • Migration to FAPI 1.0 Advanced: The uplift to FAPI 1.0 Advanced is necessary as FAPI 1 Implementers Draft 2 is being deprecated by the OpenID Foundation and will no longer be supported.
  • Alignment to ISO 20022 Code Values: This replaces the previously modified non-standard code names so that providers can meet the Bank of England deadlines for CHAPS payments while providing the required codes for all ISO 20022 payments like International SEPA and Swift payments.
  • Inclusion of Additional ISO 20022 Data Elements: Required for CHAPS payments to meet the Bank of England’s mandatory requirements.

Enhancements:

  • Enhanced data sharing protocols: Despite the TDA voting against implementing certain elements like Pushed Authorisation Requests (PAR) and Proof of Key Code Exchange (PKCE), the adoption of FAPI 1.0 Advanced will still bring significant benefits to the UK Open Banking ecosystem.
  • Security and privacy enhancements: The adoption of ISO 20022 code values and messaging rather than continuing to use non-standard code names for open banking initiated payments will provide harmonisation with payment systems worldwide. The enriched data provided by PISPs can also lead to fewer delays for the end customer and reduce manual interventions due to fraud ‘false positives’.

Technical specifications and API updates:

The v4.0 ISO 20022 changes impact all payment types as it is not possible to separate CHAPS and faster payments within the API specifications. The additional ISO 20022 data elements include:

  • Category purpose: Can be used to specify the high-level purpose of the transaction.
  • LEI: Ensures a unique and clear identification of all parties involved in the transaction, improving traceability and compliance.
  • Ultimate creditor and ultimate debtor: Provide clarity and transparency on the final recipient and origin of funds, enhancing auditing and compliance.
  • Proxy: Allows PISPs to provide an identifier that can be used as a substitute for a primary account number.

In addition to the above data elements, the v4.0 Payment APIs have been enhanced to enable PISPs to provide information for regulatory reporting and remittance information, aiding faster and more accurate reconciliation processes.

_

Compliance and Implementation Deadlines for OBL Version 4.0

For CMA9 institutions

The Competition and Markets Authority (CMA) have directed that the migration to FAPI 1.0 Advanced and the ISO 20022 changes constitute Standards maintenance under the CMA Order. The deadlines for CMA9 institutions are as follows:

  • Migration to FAPI 1.0 Advanced: Must be completed and implemented by 31 December 2024.
  • Implementation of Read-Write v4.0 Standards: Must be supported by the end of Q1 2025.
  • CHAPS Payments Compliance: Meet the Bank of England’s CHAPS deadline by 1 May 2025.

For non-CMA9 institutions

While non-CMA9 institutions are not mandated under the CMA Order, they should consider the following to stay competitive and compliant:

  • Support for CHAPS and international payments: Non-CMA9 ASPSPs supporting CHAPS and international payments via the Open Banking payment APIs must consider migrating to v4.0 to meet the Bank of England deadlines.
  • Future compliance: The FCA may provide future direction on the regulatory position and compliance with the Payment Services Regulations (PSR 2017) and SCA-RTS Article 30(3), which could apply to all ASPSPs.

_

OBL Version 4.0 impact on Stakeholders

Impact on CMA9 Banks

  • There is a transition period for the CMA9 adopting the new standard. The timelines for the CMA9 are:
  • Migration to FAPI 1.0 Advanced by 31 December 2024.
  • Providing 90 days notice via their Developer Portal when FAPI 1.0 Advanced will be supported.
  • Implementation and support of Read-Write v4.0 standards and alignment to ISO 20022 codes by the end of Q1 2025.
  • Meeting the Bank of England CHAPS deadline by 1 May 2025 for any non-CMA9 ASPSPs supporting CHAPS payments.

Impact on Tier 1 and 2 Banks

Non-CMA9 ASPSPs need to consider adopting v4.0 if they support CHAPS and international payments via their Open Banking solution. While not mandated, non-compliance risks being left behind. The upgrade offers:

  • Enhanced security: Compliance with PSD2 and ensuring the highest level of security by upgrading to the latest standards (FAPI 1 Advanced).
  • Future-proofed operations: Alignment with ISO 20022 message standards to meet upcoming regulatory requirements.
  • Staying competitive: Unlock new functionalities like Variable Recurring Payments (VRP) and tap into new revenue streams.

Impact on Third-Party Providers (TPPs)

TPPs will have to support both FAPI 1 Implementers Draft 2 and FAPI 1.0 Advanced security profiles, receiving different data enumeration values and error messages depending on the ASPSP’s supported version.

This will result in variations in payment consent and initiation resource payloads.

_

Future Considerations & Information

  • JROC Levelling Up and Long-Term Regulatory Framework: Ongoing JROC activities will see the CMA’s Retail Banking Order end and a new long-term regulatory framework established. This could result in secondary legislation empowering the FCA to oversee data-sharing requirements for all ASPSPs in the future.
  • Post 4 July 2024 – General Election: The Labour manifesto includes support for innovation and growth in the financial services sector through new technology, including Open Banking and Open Finance.
  • JROC Information Flows – Work stream 4: The report identified key gaps in payment status information, error messages, and consistency. Recommendations include updating the open banking standard to improve information on payment statuses, handling of error messages, and regulatory support to drive consistent implementation.
  • PSR VRP cp23/12 Expanding Variable Recurring Payments & JROC Pilot: The Payment Systems Regulator (PSR) seeks to extend VRPs to enable payments between accounts in different names, initially targeting regulated financial services, utilities sectors, and government payments. The JROC pilot for consumer-to-business VRPs under a commercial API model aims for a Phase 1 rollout by Q3 2024.

_

Support with OBL Version 4.0

How Can Ozone API Help?

Ozone API’s expert team and comprehensive platform can ensure a smooth transition to v4.0, providing tier 1 and 2 banks with tools to secure operations, align with future regulations, and tap into new revenue streams. Benefits of outsourcing to Ozone API include:

  • Digital bank launch expertise: Significant experience in launching digital banks, including large Tier 1 banks, with comprehensive digital propositions.
  • Multi-market compliance support: Integration work done once can be leveraged for compliance in multiple markets and supporting any global standard.
  • Hassle-free compliance: Outsource your OBL v4.0 regulatory compliance to our expert team for a smooth and efficient upgrade.
  • Advanced features: Enhance your open banking offerings with our platform’s advanced features and rich API catalogue to stay competitive.
  • Cost efficiency: Utilise our streamlined API integration to reduce operational costs and complexity.
  • Innovation and Growth: Focus on innovation and growth while we handle the regulatory demands and technical complexities.

Contact Information

Want to speak to our General Manager in the UK about how Ozone API can help with implementing the latest version of OBL? Book a call with James Bushby here.

Recommended articles

Insights

A recap on Open Banking Expo Canada 2024 with Eyal Sivan

Get the insiders scoop on what the hot topics were at Open Banking Expo Canada this year with Eyal Sivan, host of Mr. Open Banking and GM for North America at Ozone API.

Shannon Dudley
26, Jun 2024
Insights

Regulation in America: Checks and Balances

John Pitts and Eyal Sivan discuss a new era of open banking, taking open banking to the next level in the United States, and what’s in the open banking pipeline for the U.S.

Eyal Sivan
24, Jun 2024
Insights

Who Are in the CMA9 and Why They Matter

We do a dive into the CMA9, the UK's largest 9 banks who are vital in influencing UK banking and Open Banking.

Ozone API
14, Jun 2024