United Arab Emirates
Bahrain
BulgariaUAE
Bahrain
Bulgaria
To stimulate innovation across the UAE’s financial sector by encouraging more consent-driven, data-rich, collaborative, secure and customer-centric digital business and service models. Achieving this vision will deliver greater clarity and control to customers, so that they can manage their finances better.
The API specifications are designed to be extensible, allowing for updates to capabilities and functionality.
The Bahrain OBF follows the PSD2‘s guidance. In addition, the Bahrain OBF API specifications have drawn references from the UK OBIE API specification guidelines, the intellectual property rights for which belong to OBIE, UK and are subject to usage limitations as specified by OBIE, the UK.
As the standard is modelled on the Berlin Group’s standard, the XS2A interface is mandatory in the gaining of consent to access account information. Such information may include a transaction history, or a list of accounts.
The TPP must clearly inform the PSU about the rights they are consenting for. The PSU must be strongly authenticated, and then once the TPP has acquired the right for further account information, they must give the PSU information about the result.
If the TPP cannot be identified at the XS2A interface, then the transaction will be rejected.
Buy now, Pay later (BNPL) offers customers a flexible range of instalment options to choose from while shopping. First introduced and revolutionised by Klarna, a Swedish financial firm, in 2005. Recently Taly launched the first Sharia-compliant BNPL service in the Kingdom of Bahrain, which is free for customers.
API Marketplace (rbinternational.com)
Raiffeisen Bank International has included BISTRA standard APIs alongside other European standards in its API Marketplace, a portal for certified Third Parties to use to retrieve key information about Raiffeisen customers’ payment accounts, such as account balance and transaction data, including amounts, dates and counterparties.
Sofia-based Borica Bank has, through its use of the BISTRA standard, built a hub connecting with all Account Servicing Payment Service Providers (ASPSP) on the territory of Bulgaria that have published specialized interface to access their customers’ accounts as required by the PSD2. Upon the customer’s request, the hub may be integrated with other banks outside the territory of Bulgaria.
Open Finance Standards v1.2-final – 20/12/2024
v1.0.0 / 28 Oct 2020
BISTRA v4.3.0 based on the BISTRA API v1.3 (28.04.2020) and Berlin Group NextGen PSD2 v1.3.12 (01.07.2020)
The API specifications and business rules are publicly available.
All licensed financial institutions (LFIs) are required to adhere to the open finance standard.
Accredited TPPs may access LFI APIs within the ecosystem.
Access to account information and payment initiation services requires access to customer accounts through APIs with licensees maintaining customer accounts.
The Bahrain OBF API specifications have drawn references from the UK OBIE API specification guidelines, the intellectual property rights for which belong to OBIE, and are subject to usage limitations as specified by OBIE.
To access the interface, a Third Party Provider (TPP) has to meet the following requirements:
-
Authorization to provide services by by a National Competent Authority under PSD2;
-
Valid PSD2-compliant Qualified Web Authentication Certificate (QWAC) according to (ETSI TS 119 495.2). The certificate must be issued by one of the EU list of trusted providers and must specify the roles for which the provider is authorized:
-
Payment initiation (PSP_PI);
-
Account information (PSP_AI);
-
Issuing of card-based payment instruments (PSP_IC).
-
-
Access to the development or production environment is done by sending an e-mail to support@ccbank.bg with the attached public part of the QWAC. If you would like to have access to the development environment with a test certificate, you also need to provide the certificate chain.
Regulated
Regulated
Regulated
Key elements of the Open Finance Framework:
1. Roadmap: Access the detailed open finance roadmap, ensuring clarity and ease of updates.
2. Approved Use Cases: Review the approved use cases demonstrating the practical applications and benefits of open finance.
3. Catalogue of Standards: Browse through the comprehensive catalogue of all Open Finance standards relevant to LFIs and TPPs.
4. Testing and Certification Framework: Requirement and process for LFIs and TPPs for testing and certifications.
5. Open Finance Platform: User guides and other essential documentation for the Open Finance Platform (OFP).
6. Limitation of Liability Model: Address various dispute scenarios, identify the liable and responsible parties, and estimate the extent of redress.
7. Commercial and Pricing Model: Sets out the fee structure for access to and usage of the Open Finance Platform.
8. AML and Fraud Guidelines: Cover Anti Money Laundering and Fraud Management Guidelines across components
The first in the world to include Islamic banking licenses.
The framework is principally based on global ISO standards, specifications and guidelines as published by the Open Banking Implementation Entity (OBIE) in the U.K, the Open Banking standards in Australia, and the Payment Services Directive (PSD2). These have been customized for implementation in Bahrain based on existing practices and terminology used by the Bahrain ecosystem.
Banks must share generic product information relevant to all the principal retail banking products and services, free of any fees or charges.
In addition to these basic services, AISPs/PISPs are free to provide other value-added services for which they may bilaterally agree with the customer. Thus, some accredited third-party providers may decide to charge for some of their products/solutions/services customised for customers’ needs.
As it is formed majorly from the Berlin Group’s standard to conform to the PSD2 regulation, the standard contains stipulations for balance information and creating payments, combined with consent management.
Finance
Open Finance
– Bank Service Initiation
– Bank Data sharing
– Insurance Data Sharing
Banking
Open Banking
-
Account information
-
Payment Initiation
Banking
- Account information
-
Payment initiation
Current Accounts
Savings
Current Accounts
Credit Cards
Current Accounts
Wallets Or Prepaid
Certificates
Registry
Certificates
Registry
Certificates
FAPI 2.0
OAuth
OIDF
CIBA
FAPI1
OAuth
OIDC
Access to the Open Banking API is secured using the Open ID Foundation’s Financial Grade API (FAPI) Profile.
Access also requires customers (Payment Service Users or PSUs) to undergo Strong Customer Authentication (SCA) as part of OpenID Connect authorisation flows.
The API currently supports app->web, mobile-web->web, web->web authentication flows.
More about security.
OAuth
Accounts
Balances
Beneficiaries
Direct Debits
Parties Or Contacts
Standing Orders
Transactions
Accounts
Balances
Direct Debits
Other
Parties Or Contacts
Standing Orders
Statements
Transactions
Accounts
Balances
Cards
Confirmation Of Funds
Transactions
Bulk & Batch
Fixed Recurring
Future Dated
International Payments
Refunds
Single Instant
Variable Recurring Payments
Bulk Payments
Future Dated Payments
Single Domestic Payments
Single International Payments
Bulk Payments
Other
Single Domestic Payments
Single International Payments
Standing Orders
PIS includes a ‘signature basket’ to allow a single authorization for multiple different payments.
API Specifications
Customer Experience Guidelines
Operational Guidelines
API Specifications
Operational Guidelines
The following resources are available to all registered developers:
– Open Finance Framework (including Use Cases, Business Rules and Standards)
Developer portal Swagger developer sandbox.
Customer Experience
Functional
Operational
Security Profile
Operational
Security Profile
Open finance in the UAE is a relatively new concept, however the region has moved quickly and offers one of the most comprehensive sets of open finance functionality. The first version of the Standard was published in August 2024, with an updated version released in December 2024.
The Central Bank of Bahrain’s (CBB) rules relating to Open Banking were introduced in December 2018, when the CBB mandated the adoption of Open Banking for all retail banks in the Kingdom. While a majority of the banks and the third parties have progressed on implementation of Open Banking to meet the prescribed deadline of June 2019, in order to accelerate adoption, the CBB felt the need to ensure that there is a high degree of consistency in the implementation of Open Banking. Towards this objective, the CBB, in consultation with industry participants, has developed the Bahrain Open Banking framework of standards and guidelines.
In October 2020, the Kingdom launched the Bahrain Open Banking Framework (Bahrain OBF) and the framework is holistic in defining the Open Banking Regulation, guidelines, technical standards for Open API platforms, security standards (including data privacy), and overall governance.
The Second Payment Services Directive (PSD2) was a European legislation that came in to force in January 2016 to regulate electronic payment services and payment service providers throughout the EU. This followed on from the original PSD which was adopted by the EU in 2007.
The PSD2 legislation was to bring APIs into line with the diversity of the banking payment services, online banking functionalities, local regulatory requirements and authentication methods.
The governance of Open Finance in the UAE is overseen by the Central Bank of the UAE (CBUAE). CBUAE sets the regulations, with AlTareq setting the guidelines, and standards for open finance implementation, monitors compliance, and ensures the security, privacy, and protection of customer data within the framework.
Governed by the CBB (Central Bank of Bahrain). The board of CBB compromises of seven Directors, appointed by Royal Decree for a renewable term of four years.
The Governor, with a ministerial rank, is in charge of the day-to-day management and is directly accountable to the Board. This position is appointed by Royal Decree for a renewable 5-year term, and it might be supported by Deputy Governors.
The responsibilities of the Governor include presenting a report to the Board within 3 months after the end of the fiscal year regarding operations, audited accounts and external auditor’s opinion on said accounts.
CBB is also required to present financial and operational reports to the Board and the Ministry of Finance.
Internal governance is maintained effectively through a system of internal committees, documented policies, procedures, internal audits and quality assurance functions.
Read more about governance.
The framework will continue to be revised and updated periodically, based on inputs from the industry and changing global trends.
– Security Certification (to the OpenID FAPI 2.0 profile)
– Functional Certification
– Customer Experience Certification
The list of CBB licensees who have provided self-declarations to CBB stating that they have completed their implementation tasks and are fully compliant with Bahrain OBF v.1.0.0 (Phase 1).
Only accredited TPPs are able to access the Open Finance ecosystem.
Users must obtain a license through the CBB.
Law on Payment Services and Payment Systems (LPSPS) and Directive (EU) 2015/2366 (PSD2).
