The Czech Banking Association’s Open Banking response to the EU’s PSD2 directive.
Czech Standard for Open Banking – COBS
Czech Banking Association
Services defined within the standard:
Payment initiation: A service defined as PIS (Payment Initiation Service) by the PSD2 directive.
Account information: A service defined as AIS (Account Information Service) by the PSD2 directive.
Balance Check: A service defined by the PSD2 directive as information about sufficient funds provided for CISP providers (Card-based payment Instrument Issuer Service Providers).
AIS incorporates access to client payment accounts, account balances, account transactions and standing orders.
Budget Bakers has a budgeting app for businesses and individuals, combining multiple accounts.
Standard documentation is freely available, and financial providers must be given authorisation by the Czech National Bank.
The aim of the Czech Standard for Open Banking is to lay down rules for communication, mainly for services defined by the PSD2: Account Information Service Provider (AISP), Payment Initiation Service Provider (PISP) and Card Issuing Service Provider (PISP).
The standard is voluntary and since systems and their operations differ across all payment service providers, standard participants may deviate from the standard at certain points, within the scope of their specific information systems.
Since each payment service provider is obliged to document its solution according to PSD2, a large number of fields for optional information are defined.
The Czech Standard aims to allow easier integration of TPP into systems which banks are offering, including without any other intermediaries, ensuring a uniform interpretation of the PSD2 in the Czech market.
- Payment initiation
Wallets Or Prepaid
Consent is outlined in the standard document and includes the following:
User information scopes must be confirmed by the user on the so-called consent screen during authentication.
For a payment processed in the SEPA Direct Debit scheme, a mandate reference is mandatory in the field, through which the client gave consent to debit the account.
Consent flow has a recommendation for the inclusion of the accounts to be made available on the selection page in the authentication flow of the bank.
When loan offers from other banks are being called with an access token, that loan’s parameters can be personalized according to the end user’s creditworthiness. It is recommended to put clear information on the consent screen that the loan’s personalized parameters will be transferred to the TPP.
What COBS defines in the security area:
APIs for enrollment to COBS
API authorization for initiated payments
What COBS does not define in security:
User authentication flow
Processing of certificates in the ASPSP and TPP systems
Confirmation Of Funds
Future Dated Payments
Single Domestic Payments
Single International Payments
Customer Experience Guidelines
Includes some very basic Customer Experience and Operational Guidelines. The latter includes a ‘Planned Outages’ API and some guidance on Sandbox usage.
On 16 November 2015, the European Banking Authority issued the Revised Payment Service Directive (PSD2). As of 13th January 2018, PSD2 replaced former Directive on Payment Services in the Internal Market.
The PSD 2 was implemented into the Czech legislation by the brand new No 370/2018 Coll., Act on Payment Systems, which came into force on 13th January 2018.
Czech Banking Association is a voluntary association of banks and building societies operating on the Czech market. Currently, they associate 37 members representing more than 99 % of the Czech banking sector. They have been supporting the development of the Czech banking sector, the entire economy and the financial literacy of Czechs since 1990.
The standard will be changed maximum once a year, suggestions for change may be given by a new mandatory regulation by the bank, a third party through the ČBA or by the working group itself.
The suggestion for change must be approved within a proper amendment procedure 6 months before the due date of the changes in force. This implies that the suggestion for a major change must be submitted no later than 1 year before the planned implementation date.
There are resources outlining protocol for outages and ‘Health Check’.
Error codes are outlined.
The standard is voluntary, and it is up to each bank to consider joining the standard.
With respect to the fact that systems and their operations differ across all payment service providers, standard participants may deviate from the standard at certain points, within the scope of their specific information systems.
Since each payment service provider is obliged to document its solution according to PSD2, a large number of fields for optional information is defined in the Czech Open Banking Standard.