Please try out our
Advanced Search
function.
Overview
Spaces
Apps
Templates
Create
Knowledge Base
All content
Space settings
Content
Results will update as you type.
Frequently Asked Questions
Engagement Round 1
•
Will the content that was shown in the engagement sessions be shared?
•
What is the Open Finance Hub's status and its release timeline?
•
What is the timeline for the commencement of testing by participants?
•
What is the timeline for releasing the mandate for LFIs?
•
Who is entitled to be recognised as a TPP?
•
What are the measures against fraudulent transactions?
•
Is it required for any parties to sign an indemnity form to help in case of disputes?
•
Does ‘Consent’ assume the TPP has already registered/identified itself?
•
How long can the consent request be in the 'awaiting authorization' state?
•
Is there an expiration date for Long-Lived Consent, and who set it?
•
Can the LFI or TPP revoke the consent on the user's behalf?
•
Can consent be modified via a TPP request after consent is created?
•
What is the maximum validity of long-term consent?
•
As a user, do I have to provide separate consent for every LFI I deal with?
•
Is the customer's consent a blanket consent, or would they be in a position to choose a variance of that consent? What would the personal data protection position of this data be?
•
Is it left to the LFIs to do the necessary mapping of an event 'consent' for the authority matrix in line with the bank mandate?
•
How will the authorization matrix for a corporate payment be embedded within this process? How will the TPP validate what is maintained at the LFI before sharing it with the LFI?
•
Are there any language requirements for consent to be in Arabic /English?
•
Could there be a scenario where the TPP is not a user-facing entity?
•
Will the Open Finance Hub pass the Consent ID to the LFI in the header?
•
Will there be a mechanism to help TPPs differentiate abandoned consents ("Awaiting Authorization") from ones that are still "Awaiting Authorization" while waiting for a second authorization?
•
Does the LFI own the consent?
•
How will the consent be stored?
•
What parameters and data points are included in a consent?
•
Can the user link consents with specific service initiations or data access through the dashboards, and can they dispute consents?
•
How does multi-authorization work?
•
With the API hub, does this mean that LFI has to design APIs in the format given by CBUAE, or does the LFI have the freedom of API contracts?
•
In a centralized implementation like CBUAE, will the TPP validation happen at the central platform level, or will the banks also have to do that?
•
Do LFIs have to design APIs in a format given by CBUAE?
•
What is the process for onboarding an LFI onto the Open Finance Hub, and does the LFI have to maintain tokens between the API hub and the LFI?
•
Will the LFI determine the authentication method?
•
Will UAE Pass be used for authentication?
•
How are participants onboarded, and will TPPs follow the same process as LFIs?
•
What registration framework is used?
•
How are the certificates rotated, and how are they renewed once they expire?
•
How is FAPI resilient to DDOS attacks, especially Layer 7 DDOS attacks, as this region has recently increased DDOS activities?
•
Is a toolkit/process provided for TPP onboarding related to Certificate enrollment and its life cycle management?
•
What happens if a TPP is compromised?
•
Will there be a novation of contracts/responsibilities as security moves between LFIs and the central hub?
•
Is it possible to have a binding between one access token and multiple consents for aggregator-type scenarios?
•
Does FAPI 2.0 support refresh tokens?
•
Is payload encryption considered for transactions between TPPs and the authorization server?
•
Is there a limit to the amount of a Single Payment? Where is it checked?
•
Can a payment be made from multiple accounts with the same LFI?
•
When a payment is successful, is the money guaranteed to be received in the bank account?
•
What payment rails will be used for OF payments?
•
Will there be a description or other payment identifier available in the transaction/status details, which is required by most SMEs to solve reconciliation challenges?
•
Does SIP Payments mandate that LFIs create beneficiaries at the LFI end, or will these payments be ad-hoc without adding beneficiaries?
•
If an LFI has its rules or fraud engine, will that supersede any central platform rules?
•
Will there be any limitation for first-time transfer as a risk mitigation?
•
Will payee info be validated in real-time using CBUAE APIs, including proxy validation?
•
Will there be any real-time fraud rules configured at the hub to restrict attempts, if any?
•
Can a TPP initiate a bulk payment request?
•
Will there be a Confirmation of Funds journey available for TPPs to check the availability of funds prior to a fast-track payment?
•
What happens if one of the recurring payments fails due to a low balance in the account? What are the rules for retries?
•
In the case of a payment from a TPP where the PSU has to make vendor payments, bills & supplier payments, can the PSU give long term payment consent to the LFI via the TPP?
•
Will there be a maximum ceiling for variable payments? What happens if the payment request is over the maximum amount authorised?
•
With the recent introduction of Aani, the eDDA, and eCheques, why is Open Finance now open, and what are the differences?
•
How are consent parameters shared with LFIs, and how is data treated before storage?
•
Does the requirement to destroy data immediately after a transaction contradict record-keeping requirements or refund provisions?
•
Can external TPPs outside the UAE integrate with OFH APIs?
•
How will data retention be managed, especially in light of regulatory requirements beyond the transaction or permission period?
•
How does consent redirection work, and what information is shared with TPP regarding consent?
•
Can we access Postman collections to examine how the APIs work?
•
Is there protection against replay attacks for requests?
•
How will personal data be protected, especially considering the new functionalities for the insurance sector?
•
What is expected from insurance companies in terms of Open Finance?
Engagement Round 2
Engagement Round 3
Engagement Round 4
LFI Integration Sessions
Service Desk
General
You‘re viewing this with anonymous access, so some content might be blocked.
Close
Knowledge Base
/
Engagement Round 1
Engagement Round 1
Chris Michael
Owned by
Chris Michael
Last updated:
28 Aug 2024
Loading data...
© CBUAE 2025
{"serverDuration": 41, "requestCorrelationId": "bb235dcf33014c77bbc730921148cf45"}
Please try out our Advanced Search function.