1. Overview
This section covers a critical step of the customer journey where Users grant consent to TPPs to allow them access their accounts for the provision of Data Sharing or Service Initiation. It is essential that Users are clearly informed about the consent they are providing and the service they are receiving.
2. Consent Codification
Consent codification refers to creating a specific structure for Data Sharing or Service Initiation Consents so that they are standardized when presented to Users by TPPs. This enforces consistency in the information required to be presented to Users and ensures an increased level of understanding of the Consent details by Users.
2.1 Data Sharing Consent
When obtaining consent from Users for the provision of a Data Sharing services, TPPs MUST make it very clear why it’s needed, what’s being shared and for how long.
Agreement Parameter | Description | |
---|---|---|
1 | Purpose Statement | Why we need you to share your data with us |
2 | Direct Benefit Statement | What you will get from us in return |
3 | Data Request Statement | What we need you to share with us |
4 | Duration Period Statement | How long we will need access to your data (unless you revoke access) |
5 | Agreement | Do you agree to share your data with us on the terms above? |
2.2 Service Initiation Consent
When obtaining consent from Users for performing Service Initiations (e.g. payment initiations) TPPs MUST make it very clear why it’s needed, what type of service is being initiated, and for how long.
Agreement Parameter | Description | |
---|---|---|
1 | Purpose Statement | Why we need to perform a Service Initiation for you |
2 | Direct Benefit Statement | What will you get from us in return |
3 | Service Initiation Request Statement | What Service Initiation specifically we are going to perform with your agreement |
4 | Duration Period Statement | How long we will need access to your account for Service Initiation (unless you revoke access) |
5 | Agreement | Do you agree to give us access to your account for performing Service Initiation on the terms above? |
3. Consent types
There are 2 different types of consent that Users will be requested to agree to:
A. Single-Use Consent
A one-off consent that a User provides to a TPP which MUST be used for a single Data Sharing or Service Initiation, which will take place immediately after User Authorization at the LFI.
This consent supports the following functionality:
Customer Data(one-off requests)
B. Long-Lived Consent
Consent that a User provides to a TPP for an ongoing Data Sharing access or for (one or more) Service Initiations in the future.
This consent supports the following functionality:
Customer Data(ongoing requests)
4. Consent States
During its lifecycle, each Consent moves between a finite number of Consent states. At high-level, these are the following:
Awaiting Authorization: This is the first possible state for each consent. The TPP requests the LFI to create a Consent object and set it to this initial state. The Consent is in a pending state waiting for the User to authenticate with the LFI and authorize the Consent. If multiple authorizers are required, the Consent MUST be authorized by all authorizers (one or more) as per the standard account authorization matrix of the LFI. The Consent will remain in this state until all required authorizations are completed. Only after authorizing the Consent, requests from TPPs for Data Sharing or Service Initiation can be granted.
Authorized: In this state, the Consent has been fully authorized and it is now ready to use or it is in use. The TPP can initiate requests to the LFI referencing this Consent. The Consent will remain in this state until:
a) it has been fully used (consumed)
b) it reached the end of its lifecycle and its validity has expired
c) it was been revoked by the User or
d) the User updated its parameters.
Finished: This is a terminal state. The Consent has expired its time duration or all its authorized requests (for example payments) have now been used. Moreover, the Consent may also get to the terminal state if the User requested it to be revoked or decided to update its parameters. A Consent in the terminal state cannot be used for initiating any further requests by the TPP. Further requests from the TPP will require a new Consent to be created. The TPP MUST be able to still make inquiries in relation to the Consent or any of its related requests (for example payments) until the Consent is defined to be closed for any activity.
Rejected: Consents can move from the Awaiting Authorization to the Rejected state, which is also a terminal state. This is due to either the User deciding not to authorize the Consent or due to erroneous circumstances in the processing and validation of the Consent parameters by the LFI. A Consent in the terminal state of Rejected cannot be used by the TPP for initiating any Data Sharing or Service Initiation requests. Also, Consents in this state cannot be updated. The TPP MUST generate a new Consent as this is a terminal state and the Consents cannot move to another state.
4.1 Consent Suspension
A Consent may be suspended by the LFI in case that fraudulent activities are suspected in relation to the User account associated with the Consent.
LFIs MUST:
4.1.1 Request OFP to set a Suspension flag in relation to the Consent, when potential fraudulent activities or other threats are identified by LFIs for a User account.
4.1.2 Contact Users and follow any existing BAU processes for confirming with Users that there are no fraudulent activities in relation to the Consent. Only then the LFIs can request the OFP to remove the Suspension flag from the Consent and restore any Data S haring or Service Initiation capabilities in relation to the Consent.
OFP MUST:
4.1.3 Flag the Consent as Suspended when requested by the LFIs.
4.1.4 NOT allow any requests (Data Sharing or Service Initiation) to take place in relation to a Consent flagged as Suspended.
4.1.5 Clear the suspension flag from the Consent when requested by the LFIs.
TPPs MUST:
4.1.6 Be able to request the OFP to revoke the Consent in case it is suspended.
5. General Consent Rules
TPPs MUST:
5.1 Provide to Users, OFP and LFIs their trading/brand name clearly and the name of the User-facing entity, if the TPP is not the User facing entity. It is the responsibility of TPPs to ensure that User-facing entities are identified and included in the Consent and the Consent Management Interface (CMI) information available to Users.
5.2 Ensure that Users clearly understand the different elements of the Consent requested to provide.
5.3 Check the Consent state at the OFP and keep in sync their systems and Consent Management Interfaces (CMIs).
5.4 Request OFP to make changes to the Consent state or any other Consent parameters and cannot change the Consent directly.
OFP MUST:
5.5 Manage the state of the Consent and be responsible for any changes to the Consent state required through the Consent lifecycle.
5.5.1 Check the current date against the Consent Expiration Date. In case of expiration, OFP MUST set the Consent state to the Finished terminal state, keeping a record of the consent expiration.
5.5.2 Check the time elapsed from the Consent creation time against the Consent Authorization Time Window as defined in https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2/pages/52528830/Common+Rules+and+Guidelines#8.-Authorization-Time-Window. In case of expiration, if the Consent is still in Awaiting Authorization state, OFP MUST set the Consent state to the Rejected terminal state, setting the appropriate error code for the TPP.
5.5.3 Check the time elapsed from the Consent creation time against the https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2/pages/52528887/Limits+and+Constants#Max-Submitter-Authorization-Time-Window. In case of expiration, if the Consent is still in Awaiting Authorization state, OFP MUST set the Consent state to the Rejected terminal state, setting the appropriate error code for the TPP.
5.5.4 Mark a Consent in terminal state as fully closed with no further inquiries possible to be made in relation to it. OFP MUST mark the Consent as closed after a period of https://openfinanceuae.atlassian.net/wiki/spaces/standardsv1draft2/pages/52528887/Limits+and+Constants#Max-Consent-Inquiry-Period.
5.6 Enable TPPs to have the ability to check the status of the Consent and keep in sync of any changes in state that occurred.
5.7 Enable LFIs to have the ability to check all the information related to the Consent and keep in sync a copy, if deemed necessary for compliance and audit purposes.
5.8 Reject any Data Sharing or Service Initiation requests in relation to a Consent that is not in the Authorized state.
5.9 NOT allow Users during the Authorization process to change any of the Consent parameters of a Consent staged by a TPP.
LFIs MUST:
5.10 NOT allow Users via the Consent Management Interface (CMIs) to change any of the Consent parameters of a Consent in any state.