...
The requirements below set out what each LFI and TPP must do in order to test and apply for certifications in order to prove their conformance.
2. LFI Certification
Wherever possible, the Open Finance Platform (OFP) will enforce conformance and reduce the ‘burden’ of certification activity, especially for LFIs.
Please note, this Certification Framework does not cover any operational or general cyber security requirements for LFIs or TPPs as part of their licensing process.
2. LFI Certification
Subject to the requirements below, LFIs will be:
be required to obtain the relevant certifications (as set out below) prior to Go Live ‘go live’ for each version of the Standardsstandards;
be required to obtain a separate certification for each separate set of infrastructure (e.g. in cases where the LFI has different a number of brands and/or customer segments, each with separate core systems, web and or mobile apps for different brands and/or customer segments);
be required to renew their certification every time they introduce any new version of the Standards standards and/or every time they make any major material changes to their infrastructure;
Be required to renew their certification from time to time at the discretion of the CBUAE; and
Be subject to ongoing monitoring and enforcement action by the CBUAE in case of where they introduce any changes which would render a previously obtained certification invalid and where they fail to renew their certification.
2.1 LFI FAPI Certification
...
As and when this is made available, the OFP itself will be certified by the OIDF as an OpenID Provider (OP) in accordance with the UAE FAPI 2.0 profile. The OFP will renew this certification during the implementation of each major new version of the standards.
Because the OFP strictly enforces the security profile on behalf of LFIs, there is no need for LFIs to apply for and obtain FAPI certifications directly themselves.
2.2 LFI Functional Certification
...
The OFP will include a test suite which will enable LFIs to test their integration with the OFP during development and prior to any Go Live.
Because the OFP will also strictly enforce the API specifications for each LFI, there is no need for LFIs to apply for and obtain a functional certification directly themselves.
However, LFIs will be subject to ongoing monitoring and supervision by CBUAE to address and remediate any data quality issues.
2.3 LFI Customer Experience Certification
TBC
2.4 LFI Operational Certification
...
Each LFI will be required to submit screen grabs to the CBUAE for:
each screen in their Open Finance authentication and authorization flow; and
each screen of their Open Finance consent dashboard.
3. TPP Certification
3.1 TPP FAPI Certification
...
3.3 TPP Customer Experience Certification
TBC
3.4 TPP Operational Certification
TBC
4. Summary
...
4. Summary
The following table summarises each certification component for LFIs and TPP, and sets out the responsibilities, certifying body and process in each case.
Component | Responsibility | Certifying Body | Process |
|---|---|---|---|
LFI FAPI Certification | OFP | OIDF | The OFP will obtain a single certification from the OIDF and will renew this during the implementation of any major new version of the standards. |
LFI Functional Certification | OFP | n/a | n/a |
LFI CX Certification | LFI | CBUAE | Each LFI will be required to submit screen grabs to the CBUAE prior to go live for any version of the standards. |
TPP FAPI Certification | TPP | OIDF | |
TPP Functional Certification | TPP | CBUAE | |
TPP CX Certification | TPP | CBUAE |