Back to the Standards Library

UK Open Banking Standard

Owned by:

OBIE

The Open Banking Implementation Entity (OBIE) publishes and maintains the UK’s Open Banking standard, supervises the UK’s Open Banking ecosystem, and provides assistance in the form of information-sharing platforms, certification, as well as managing disputes and complaints. It is open to all account providers and covers all online payment accounts.

OBIE

United Kingdom

UK Open Banking API specifications consist of 5 distinct types of specifications: Read/Write API Specifications, Open Data API Specifications, Directory Specifications, Dynamic Client Registration Specifications and MI Reporting Specifications.

RESTful API concepts where possible. In instances where RESTful principles would be convoluted and complex, the principles have not been followed.

United Utilities uses Open Banking financial data as part of its income-verification tool to assess if customers qualify for an affordable tariff.

Tide and Coconut have reached a deal to aid efficiency for the self-employed and accountants. Small and medium businesses can connect their existing Tide bank accounts to the Coconut tax and accounting platform.

Open Banking provider Volt, created Transformer which encourages shoppers to switch to pay directly from their bank account after they’ve started entering their debit card details. This saves debit card fees for the merchant, and they can offer the customer reward points as an incentive.

JSON

RESTful

Active API

v3.1.11 / 30 May 2023

The API specifications are freely available as open source at API Specifications – Open Banking Standards.

Only companies that are authorised by the FCA can use Open Banking APIs to access financial information or initiate payments on behalf of a customer.

Regulated

Mandated

Premium

The APIs cover accounts and transactions (including account access consents, balances, direct debits and standing orders), payment initiations, confirmation of funds, variable recurring payments and event notifications.

The Open Banking developer resources outline all the data models, customer experience guidelines and operational guidelines.  

Banking

Open Banking

  • Payment Initiation
  • Variable Recurring Payments
  • Account Information

Credit Cards

Current Accounts

Wallets Or Prepaid

Certificates

DCR

Directory

Registry

App To App Redirect

Browser Redirect

Decoupled

For the account access consent, access tokens are issued. Account Access Consents – v3.1.10 (openbankinguk.github.io)

Prior to calling the API, the AISP must have an access token issued by the ASPSP using a client credentials grant.

FAPI1

FAPI2

OAuth

OIDC

The Open Banking Standard was updated in 2018 to cover both re-direct and decoupled flows, based on the Open ID Foundation’s Financial Grade API (FAPI) and Client Initiated Backchannel Authentication (CIBA) profiles.​

Webhook

Accounts

Balances

Beneficiaries

Confirmation Of Funds

Direct Debits

Parties Or Contacts

Standing Orders

Statements

Transactions

Bulk Payments

File Payments

Future Dated Payments

Single Domestic Payments

Single International Payments

Variable Recurring Payments

API Specifications

Customer Experience Guidelines

Other

Customer Experience

Functional

Other

Security Profile

In 2016, the Competition and Markets Authority (CMA) in the UK published a report on the UK’s retail banking market. The report found that older, larger banks were incentivised to compete to gain customers’ business, while newer banks found it difficult to access the market and grow. One of the CMA’s recommendations to tackle this problem was Open Banking. In August 2016, the CMA issued a ruling that required the nine biggest UK banks – HSBC, Barclays, RBS, Santander, Bank of Ireland, Allied Irish Bank, Danske Bank, Lloyds and Nationwide – to allow licensed startups direct access to their data down to the level of transaction-account transactions. Now all institutions that offer payment accounts must participate.

The Payment Services Regulations (PSRs) created the legal and regulatory framework for Open Banking in 2017. They brought PSD2 into UK law in 2018.

The Open Banking Implementation Entity (OBIE) is the company established by the CMA in 2018 as part of a competition initiative to develop an Open Banking standard for account access. The first of the CMA9 banks began opening up their account data as AISPs (Account Information Service Providers) in 2018. PISP (Payment Initiation Services) followed later in the same year. 

In the six months to March 2022, there were 21.1 million Open Banking payments, with month-on-month growth in the UK of 10%.

As of May 2022, there were 339 regulated providers, made up of 249 third-party providers and 90 account providers.

The governance process follows recognised industry good practices, such as that contemplated in the QCA Corporate Governance Code. The Board is composed of a Trustee and two independent non-executive directors (chair of OBIE). A chief executive officer (CEO) may be appointed who will also be a member of the Board. The CEO will be responsible for leading and managing the day-to-day running of the OBIE and any transition. One of the Non-executive Directors will have a particular focus on governance and compliance.

In March 2021, the CMA consulted on arrangements for the future oversight of Open Banking. In this consultation, CMA referred to a proposal by UK Finance (a trade association for the banking and finance industry), which had engaged with stakeholders to develop a blueprint for a new organisation (a ‘Future Entity’) to replace the OBIE in its current form which would serve the needs of the significantly larger number of financial institutions by enabling an Open Data and payments market. 

The Board of the Future Entity will be independent and accountable, and this should be reflected in the roles and composition of the Board. 

The Future Entity will adhere to high standards of corporate governance and transparency – including clarity on roles and responsibilities, a clear purpose, financial transparency, appropriate checks and balances and appropriate corporate governance policies, reflecting the recommendations set out in the Report.

After the implementation of the Future Entity, the CMA will retain some direct regulatory powers, including regarding the ongoing maintenance of Open Banking and monitoring and compliance.

The operational guidelines checklist allows self-attestation against key criteria. The checklist outlines mandatory and optional fields for both PSD2 and the OBIE requirements.

The Payment Services Regulations 2017

Data protection laws, such as Data Protection Act 2018 (DPA 2018) and GDPR (the General Data Protection Regulation) is essential when dealing with EU customers.