| Expand | ||||
|---|---|---|---|---|
| ||||
|
| Note |
|---|
This is a draft of the UAE Open Finance Standards. It is intended for review only, not for implementation. |
1. What's new?
New functionality and specifications have been added in relation to the following:
FAPI Certification page added, detailing the initial guidelines around the Ecosystem certification policy and process.
What’s changed ?
Security Profile and Client Registration Framework enhanced with the inclusion of tables and sequence diagrams to further exemplify the Registration and Authorisation Journey should be executed
All Excel spreadsheets exported from OpenAPI description updated to include unreferenced objects.
Changed Bank Data API - OpenAPI Documentation to include additional properties in Party responses.
Centralized Authentication and Authorization – UAE Pass. https://openfinanceuae.atlassian.net/wiki/x/KoSFBg
Operational Guidelines - Common Rules and Guidelines
2. What’s changed?
Updated Bank Service Initiation API - OpenAPI Documentation with:
Made
ConsentScheduleoptional inMultiPaymentconsent - to facilitate Payments with Delegated AuthorizationRemoved
UAEOF.Passportas an option forAERiskExternalAccountIdentificationCodeAdded
IsBeneficiaryConfirmed,AuthenticationChannelandMerchantCategoryCodeas fields in theRiskobjectAdded
ConfirmationOfPayeeResponseto PII data for Payments Rich Authorization Request as proofs that Confirmation of Payee has taken place
Updated Business Rules for COP in https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109413626/Single+Instant+Payment#3.4-Using-Confirmation-of-Payee-(COP) to align BRs with the new COP API Design
Updated the Common Rules and Guidelines page to include additional information in relation to the usage of the Risk Information Block in https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft5/pages/109415230/Common+Rules+and+Guidelines#9.-Risk-Information-Block.
Request to Pay. (NOTE: This page has been redacted from this draft as further work is required on this topic)
Proxy account identification. Specifying account identification using a proxy has been has been redacted from this draft.
3. What's to come?
Future drafts will include some/The next publication on will be a release candidate. It will include feedback from engagement cycle 3 & 4 as well as all of the following functionality and specifications:
Request to Pay ⚠️ (NOTE: This page has been redacted from this draft as further work is being done on this topic) Develop pay request functionality to replace RTP. A business rules update is required. The API specification will not change, as we will use a single immediate or instant payment.
Statement business rules:
Ingestion into a place that means the bank can create an aggregate statement amalgamating the past and present. This statement is presentable internally at the bank and to customers in a delineated fashion.
ingesting it into any credit risk assessment process, if own transactional data can be.
Ingestion of metadata like direct debits and beneficiaries.
Define the requirements for statement narratives for transactions initiated via open banking. Essentially, this is the information we need to include in statements. At a minimum, it needs to include an identification for a TPP, a Merchant ID in the case of collections, and a description of the details, maybe including the branch and location.