Open Finance Activity / Transaction taking place without relevant and valid consent having been issued by the LFI

User was not presented the consent as per guidelines or the User states that they did authenticate but not authorize the consent.

LFI

LFI

Direct Losses & Open Finance Compensation

Defined Below in specific cases

Failure to Revoke Consent – Requested via TPP Channel

User had revoked the consent through the TPP but this was not communicated to the LFI as a result erroneously keeps initiating payments.

TPP

TPP

Direct Losses & Open Finance Compensation

350

Failure to Revoke Consent – Requested via LFI Channel

User had revoked the consent through the LFI but this was not executed by the LFI leading to subsequent OF requests by the TPP unexpected by the User.

LFI

LFI

Direct Losses & Open Finance Compensation

350

Fraudulent or erroneous LFI authentication taking place via LFI direct channel or CAAP service

User states that they had not done the authentication for the OF service OR the LFI/CAAP authentication and authorization happened too quickly for them to comprehend.

LFI

LFI

Direct Losses & Open Finance Compensation

500

Inaccurate or Incomplete articulation of the extent of a consent to User

The details of the consent e.g permissions requested, fees and charges, onward sharing details were not unambiguously and accurately communicated to the User leading to misunderstandings about scope of data usage.  

TPP

TPP

Direct Losses & Open Finance Compensation

350

Failure to execute valid Open Finance request within SLA by TPP

The TPP did not initiate a payment as scheduled resulting in unintended consequences like penalties for the User.

TPP

TPP

Direct Losses & Open Finance Compensation

350 – 12 hrs +

250 – 6 hrs +

200 – 6 hrs or under

Failure to execute valid Open Finance request within SLA by LFI

The LFI did not execute a payment as scheduled by the TPP resulting in unintended consequences like penalties for the User.

LFI

LFI

Direct Losses & Open Finance Compensation

350 – 12 hrs +

250 – 6 hrs +

200 – 6 hrs or under

Failure to execute valid Open Finance request accurately by TPP

The TPP did not process account data using a long lived Data sharing consent as agreed with the User providing incorrect financial analysis influencing wrong financial decisions.

TPP

TPP

Direct Losses & Open Finance Compensation

250

Failure to execute valid Open Finance request accurately by LFI

The LFI incorrectly resolved the beneficiary proxy resulting in the payment sent to the wrong beneficiary.

LFI

LFI

Direct Losses & Open Finance Compensation

250

Open Finance activity pre or post notifications not taking place despite regulatory responsibility of / agreement with TPP

User is not sent mandated notifications by the TPP before executing a scheduled payment using a long lived consent resulting in the user account being overdrawn incurring a charge.

TPP

TPP

Direct Losses & Open Finance Compensation

150

Centralized API Hub and / or Trust Framework failure

The consent control mechanism of the Open Finance Platform fails to control the existence and /or validity of user’s consent resulting in executing an unauthorized data sharing or transaction

Nebras

Nebras

Maximum of 5 million of direct loses per claim

N/A

Inaccurate categorization of an API call causing invalid commercial model application due to incorrect details supplied by TPP

A collection transaction is incorrectly categorized as a large value transaction, leading to potential misclassification and causing incorrect pricing to be applied

TPP

TPP

Direct Losses & Open Finance Compensation

1000

Inaccurate categorization of a corporate customer causing invalid commercial model application due to incorrect details supplied by LFI

An entity is incorrectly categorized as a corporate entity, leading to potential misclassification and causing incorrect pricing to be applied

LFI

LFI

Direct Losses & Open Finance Compensation

1000

Security Breach of LFI – Cyber or Physical (Leading to Data Loss or Fraudulent Transactions)

The authentication mechanism of the LFI has been hacked or is not adequate as mandated leading to unauthorized access of the Users accounts through the OF services.

LFI

LFI

Direct Losses & Open Finance Compensation

750

Security Breach of TPP – Cyber or Physical (Leading to Data Loss or Fraudulent Transactions)

The authentication mechanism of the TPP has been hacked or is not adequate as result long lived consents previously authorized are being fraudulently used to access User’s account information or to initiate transactions.

TPP

TPP

Direct Losses & Open Finance Compensation

750

Open Finance Data Transmitted to a Party outside Open Finance Eco-system by LFI

There was a breach of security at the LFI that led to the API being mis-used internally at the LFI, and Open Finance data sets were extracted and then sent outside of the LFI’s architecture as part of unapproved, unregulated activity.

LFI

LFI

Direct Losses & Open Finance Compensation

750

Open Finance Data Transmitted to a Party outside Open Finance Eco-system by TPP

A TPP improperly shares data within the scope of open finance to external entities without consent of user thus jeopardising data privacy and security.

TPP

TPP

Direct Losses & Open Finance Compensation

750

TPP fails to ensure controlled access to TPP applications

TPP fails to enforce secure authentication mechanisms such as MFA, enabling unauthorized access and fraudulent initiation of payments, leading to financial loss for the user

TPP

TPP

Direct Losses & Open Finance Compensation

750

Misuse (outside of Consent or otherwise)  or Loss of Data by TPP

TPP had requested a one-off consent for a Loan application, but the data was then shared with marketers without User’s consent resulting in a breach of data privacy.

TPP

TPP

Direct Losses & Open Finance Compensation

750

Inaccurate data transmission, processing or analysis by TPP

The TPP is periodically accessing User account information and is erroneously processing the data to automate sweeping across multiple accounts resulting in financial losses.

TPP

TPP

Direct Losses & Open Finance Compensation

500

Data shared by LFI outside of Consent or without Valid Consent and Authentication

The TPP has requested only User information for Identity Verification use case but the LFI ends up sending transactional data as well.

LFI

LFI

Direct Losses & Open Finance Compensation

750

Data transmitted incorrectly by LFI leading to, inaccuracies, or is mis-mapped to Open Finance data model, in LFI mastered and stored Data

The LFI response to request by TPP has poor quality of data where information is either missing or incorrectly mapped to the OF data model adversely impacting the quality and reliability of the service offered by the TPP to the User.

LFI

LFI

Direct Losses & Open Finance Compensation

500

Data shared by LFI which contained inaccuracies from the LFI mastered and stored Data

The LFI response to request by TPP has poor quality of data where information is either missing or incorrectly mapped to the OF data model adversely impacting the quality and reliability of the service offered by the TPP to the User.

LFI

LFI

Direct Losses & Open Finance Compensation

500

Data Shared from an LFI containing inaccuracies in User contributed Data

An LFI disseminates data involving the user that contains errors or inaccuracies, which could potentially affect the user's financial interactions or status.  

LFI

User

Direct Losses

N/A

Misrepresentation of any Open Finance data or quotes by TPP to User or other Open Finance participants

TPP has knowingly used account information from only 2 out of 4 accounts held by the User across LFIs to assess their creditworthiness which is not a true reflection of the User’s financial position. The TPP has offered the User a more expensive product or inaccurate advice based on such assessment. 

TPP

TPP

Direct Losses & Open Finance Compensation

500

TPP fails to conduct Confirmation of Payee (CoP) when the user is setting up a new beneficiary

Where functionally possible, TPP is liable if it does not require the customer to attempt to verify the beneficiary’s account details through a Confirmation of Payee check, leading to an incorrect or fraudulent transfer.¹

TPP

TPP

Direct Losses & Open Finance Compensation

250

TPP fails to conduct Confirmation of Payee (CoP) during the onboarding process of a new merchant onto the TPP platform

Where functionally possible, TPP is liable if it does not require the customer to attempt to verify the merchant’s account details through a Confirmation of Payee check, resulting in misrepresentation or unauthorized access

TPP

TPP

Direct Losses & Open Finance Compensation

500

Inaccurate or inconsistent payment initiation / execution due to incorrect beneficiary details supplied and approved by User

The User has provided an incorrect beneficiary proxy and not verified the resolved beneficiary details resulting in an error.

User

User

N/A

N/A

Inaccurate or inconsistent payment initiation / execution  due to incorrect beneficiary details supplied by TPP

The TPP has incorrectly configured the receiving account of their onboarded merchant resulting in misdirected payments from users for purchase of goods eventually causing fulfillment issues.

TPP

TPP

Direct Losses & Open Finance Compensation

350

Inaccurate or

inconsistent  payment initiation / execution due to incorrect beneficiary details supplied by LFI (including via inaccurate proxy resolution)

The LFI has incorrectly resolved the beneficiary proxy provided by the User resulting the payment sent to the incorrect beneficiary.

LFI

LFI

Direct Losses & Open Finance Compensation

350

Payment

initiation by TPP request contains mismatch to User stated intention / awareness

The shipping and/or service charges were obfuscated while requesting authorization for an eCommerce purchase resulting in the User feeling overcharged.

TPP

TPP

Direct Losses & Open Finance Compensation

350

Fraudulent or erroneous payment initiation occurring using VRP or Delegated SCA payment consent by TPP

The User acknowledges that they authorized a Long-lived consent but is unable to recognize/reconcile transaction(s) for which they were not physically present Or they had not physically authorized the TPP to initiate the transaction(s).

TPP

TPP

Direct Losses & Open Finance Compensation

500

Fraud monitoring of all payment activity from LFI held accounts

The LFI was not able to flag alerts and protect the User from fraud in spite of sharp increase in the transaction frequency or value for payments initiated by TPP using VRP or delegated SCA.

LFI

LFI

Direct Losses & Open Finance Compensation

250

Payment initiated outside of VRP / future dated payment / bulk payment / part payment / refund consent

Processing errors possible by LFI where an LFI makes the incorrect copies of the consent from OFP and therefore add an inaccurate validation process.

TPP

TPP

Direct Losses & Open Finance Compensation

350

Fraudulent payment requests (including RTP and similar) issued via a TPP

Fraudulent Request to pay using OF wherein User ends up making payments to a fabricated bank account.

TPP

User (Requesting)

Direct Losses & Open Finance Compensation

500

Failure to

execute payment within SLA by LFI, following valid payment initiation

The User has lost out on favorable contracts which depend on time sensitive purchases like trading for stocks or buying forex because the LFI took too long to execute such payments.

LFI

LFI

Direct Losses & Open Finance Compensation

350

Inaccurate or Incomplete articulation of Payment Consent for VRP or Delegated SCA to User

User was not unambiguously presented the available controls in form of transaction limits for a VRP which resulted in payments being initiated which were not as expected by the User.

TPP

TPP

Direct Losses & Open Finance Compensation

350

Payment amount / date / currency / description / LFI / source account incorrect due to User Input

Payment details such as amount, date, currency, or account source are incorrect due to errors entered by the user, leading to failed or erroneous transactions. 

User

User

N/A

N/A

Payment amount / date / currency / description incorrect due to LFI processing error

The LFI system had addition or transposition errors or a glitch where mandatory payment references like those for Card/Bill payments were truncated. All of these could lead to erroneous execution of payment.

LFI

LFI

Direct Losses & Open Finance Compensation

350

Payment amount / date / currency / description incorrect due to TPP processing error

The TPP system had addition or transposition errors or a glitch where mandatory payment references like those for Card/Bill payments were truncated. All of these could lead to erroneous execution of payment by the LFI.

TPP

TPP

Direct Losses & Open Finance Compensation

350

AML / Financial Crime responsibilities for Payments including Transactional Monitoring and PEP / Sanction / Terrorism screening

The LFI must screen all payments required to be screened by AML regulation and legislation.

LFI

LFI

Direct Losses

N/A

Payment execution duplication by LFI

The Payment has been executed incorrectly by the LFI (e.g. taken twice due to technical glitch).

LFI

LFI

Direct Losses & Open Finance Compensation

350

Payment initiation duplication by TPP

The TPP system has a technical glitch where the Payment initiated as part of a VRP or delegated SCA is duplicated.

TPP

TPP

Direct Losses & Open Finance Compensation

350

Breach of contract or misrepresentation by Merchant

Failure to deliver complete, usable or functional goods / services , as they were described, despite valid and completed payment via Open Finance, including in the case of Merchant insolvency

Merchant³

Merchant³

Direct Losses & Open Finance Compensation

100

Merchant legitimacy and consistency of Entity Name / Account Name / KYC Status at LFI / Trading Name as presented to the User

The TPP must onboard the merchant via a KYB process which ensures that the trading name represented to their customers as part of payment collections processes are legitimate and are approved legally with relevant authorities.

TPP

TPP

Direct Losses & Open Finance Compensation

500

User legitimacy and consistency of Legal Name / Account Name / KYC Status at LFI as presented within Open Finance ecosystem

The TPP must onboard individual users via a process which utilizes their KYC-ed record at an LFI, which contains verified data and has not expired as a valid KYC record. The user must only represent themselves on the OF platform and in OF transactions with the same name to be held at the LFI.

TPP

LFI

Direct Losses & Open Finance Compensation

350

Inaccurate or invalid charging of customer for goods / services, when payment for those goods / services is settled via Open Finance payment initiation

The shipping and/or service charges were obfuscated while requesting authorization for an eCommerce payment resulting in the User feeling overcharged.

Merchant³

Merchant³

Direct Losses & Open Finance Compensation

100

Refund failed to be initiated and completed from Merchant, despite complete return of goods / inability to utilise services, as they were described or delivered

The refund was only partially paid, despite a full refund being agreed / an entitlement of the customer, given the circumstances.

Merchant³

Merchant³

Direct Losses & Open Finance Compensation

100

Payment funded from an incorrect account, caused by LFI error

The debited account for an OF initiated payment was one other than the one selected by the User with the TPP, due to a LFI processing error.

LFI

LFI

Direct Losses & Open Finance Compensation

150

Payment funded from an incorrect account, caused by TPP error

The debited account for an OF initiated payment was one other than the one selected by the User with the TPP, due to a TPP user interface error.

TPP

TPP

Direct Losses & Open Finance Compensation

150