#

Step

Rules & Guidelines

Initiate User Set-up (Conditional)

Depending on the use case, the User may have to be onboarded with the TPP by agreeing to any relevant terms and conditions (e.g. regarding sharing and storage of personal data) and setting up an account with them if required.

TPPs MUST:

1.1 Provide the User with a Terms & Conditions, and Privacy Notice outlining applicable rights and responsibilities in the context of relevant regulation and legal principles. This may need to include any onward sharing of personal data, recipients or categories of recipients who receive that data, and the lawful basis for processing personal data as per Consent Setup | 2. Consent Codification

1.2 Obtain the User's agreement to the above before setting them up and be able to request User consent as per the next step in the process

1.3 Provide an option to cancel the flow

Data Sharing Consent

Basic Consent Parameters

TPPs MUST:

2.1 Request only data required to perform their service (or use case).

2.2 Use the data language standards to describe the data clusters and data permissions in user-facing interactions so that the User clearly understands the data that will be requested from their LFI to provide the service requested

• 2.2.1 Display to the User the data clusters that will be collected and the purpose the data will be used for when the data permissions cannot be set by the User due to the service being requested.

2.3 Provide to User, the OFP and the LFI their trading/brand name clearly and the name of any other parties they are supporting (if applicable).

2.4 Allow the User to identify and select the LFIs for the Consent

• 2.4.1 Provide a way for the User to search for their LFI

Additional Consent Parameters

TPPs MUST:

2.5 Set the Accepted Authorization Type (as per Common Rules and Guidelines | 7. Accepted Authorization Type).

2.6 Set the Authorization Time Window (as per Common Rules and Guidelines | 8. Authorization Time Window) if there are specific timing requirements that must be met for the Consent authorization. This is also relevant to cases where multiple authorizers are required to authorize the payment consent.

2.7 Obtain the Users' explicit consent to access information from insurance products held at LFIs (as per Consent Setup | 2.1 Data Sharing Consent).

Consent Staging

As per Common Rules and Guidelines | 10. Consent Staging

Hand-off to LFI

TPPs MUST:

4.1 Notify the User that they will be transferred to the selected LFI to undertake their authentication and consent Authorization (as per Common Rules and Guidelines | 11. Hand off to LFI)
Example wording to use: ‘We will securely transfer to YOUR LFI to authenticate and authorize the data sharing request“.

Authentication

LFIs MUST:

5.1 Enable Users to perform authentication with their LFIs, as per the following sections:

• Authentication and Authorization | 2. Redirection

• Authentication and Authorization | 3. Decoupled Redirection

5.2 Re-direct Users back to the TPPs, with information that the Consent has not been authorized, if User Authentication has failed or Users opted to cancel the authentication/authorization process.

Disclosure Consent

LFIs MUST:

6.1 Enable Users to authenticate using Multi-Factor Authentication (MFA) in order to review and authorize the data sharing Consent.

6.2 Retrieve from the OFP the data sharing Consent details staged by the TPP using the unique Consent Identifier.

6.3 Display details of data that will be shared and for how long

6.4 Use the data language standards to describe data clusters and permissions in user-facing interactions so that the same information is displayed to the User

Confirmation/ Authorization

LFIs MUST:

7.1 Present to Users all the details in relation to data sharing Consent.

7.2 NOT allow Users to change any of the Consent parameters (e.g. permissions) staged by the TPP.

7.3 Request Users to authorize the data sharing Consent.

7.4 Enable Users to cancel the data sharing Consent request from within the authorization journey

7.5 Re-direct Users back to the TPPs, with information that the Consent has not been authorized, if Users opt to cancel the Consent authorization process before final authorization.

7.6 Check the Authorization Time window is valid as per Common Rules and Guidelines | 20. Check Authorization Time Window

7.7 Change the state of the data sharing Consent from Awaiting Authorization to Authorized, when all Authorizers (one or more) have authorized the data sharing Consent.

7.8 Update the data sharing Consent details stored in the OFP with all the information included in the data sharing Consent authorized by the User.

OFP MUST:

7.9 Confirm back to the LFIs that the data sharing Consent details have been updated successfully.

Multi-Authorization Journey Only

7.10 As per Common Rules and Guidelines | 18. Multi User Authorization Flow

Hand-off back to the TPP

As per Common Rules and Guidelines | 14. Hand off back to the TPP

Confirmation to User

As per Common Rules and Guidelines | 16. Confirmation to User

Data Sharing Request

TPPs MUST:

1.1 Only request specific data in the scope of their service (or use case).

1.2 Only submit to OFP data sharing requests for the data clusters and permissions consented by the User as per the data sharing Consent authorized by the User.

Processing of Data Sharing Requests

OFP MUST:

2.1 Allow TPPs to submit data sharing requests in relation to a data sharing Consent authorized by Users, without any additional MFA or authorization by the Users.

2.2 Check that the received data sharing request relates to a valid data sharing Consent authorized by the User. The Consent MUST be in the Authorized state. The OFP MUST reject any data sharing requests related to a data sharing Consent in a different state (e.g. expired) and respond back to the TPP with the appropriate error message/code.

• 2.2.1 Provide single data sharing access to Consented information, only if the User has consented to a single use data sharing Consent.

2.3 Reject the data sharing request and provide the necessary error message to the TPP, if any checks on the data sharing request fail against the authorized data sharing Consent.

• 2.3.1 Only allow data sharing requests from TPPs for the data clusters and permissions consented by the User as per the data sharing Consent authorized by the User.

2.4 Send the data sharing requests to the LFI for the data clusters and permissions consented by the User as per the data sharing Consent authorized by the User.

LFIs MUST:

2.5 Allow the OFP to submit the data sharing requests without any additional MFA or authorization from the User.

2.6 Reject the data sharing request received by the OFP in case there are valid reasons for the data sharing Consent to be suspended as per Consent Setup | 4. Consent States or due to any other BAU checks failure.

2.7 Share data requested by the OFP in relation to the authorized data sharing Consent.

• 2.7.1 Ensure that the data provided to the OFP allows the TPPs to reconcile the account transactions received from the LFI.

OFP MUST:

2.8 Send an appropriate error response to the TPPs in case the data sharing request is rejected due to violating any of the LFIs BAU checks.

2.9 Provide the TPP with all the available data for the data clusters and permissions requested in relation to the data sharing Consent authorized by the User.

Property

Description

Basic Information

Customer ID

Depends on insurance company

Customer Full Name

Free-form

Customer Short Name

Free-form

Category / Segment

Depends on insurance company

Local Branch

Depends on insurance company

Primary Language

English / Arabic / Other

Billing Address

Address Line 1

Free-form

Address Line 2

Free-form

Address Line 3

Free-form

Postal Code

Only numeric answers allowed

Country

Select from list

State / Emirate

Select from list generated based on previous selection

City

Select from list generated based on previous selection

Permanent Address

Address Line 1

Free-form

Address Line 2

Free-form

Address Line 3

Free-form

Postal Code

Only numeric answers allowed

Country

Select from list

State / Emirate

Select from list generated based on previous selection

City

Select from list generated based on previous selection

Residential Address

Address Line 1

Free-form

Address Line 2

Free-form

Address Line 3

Free-form

Postal Code

Only numeric answers allowed

Country

Select from list

State / Emirate

Select from list generated based on previous selection

City

Select from list generated based on previous selection

Communication

Communication Type 1

Home / Mobile / Other

Communication Phone Number 1

Area code selection option and 9-10 additional digits permissible

Communication Type 2

Home / Mobile / Other

Communication Phone Number 2

Area code selection option and 9-10 additional digits permissible

Communication Type 3

Home / Mobile / Other

Communication Phone Number 3

Area code selection option and 9-10 additional digits permissible

Email ID

Must be a valid email address (i.e., include @ followed by domain)

Alternate Email ID

Must be a valid email address (i.e., include @ followed by domain)

Background and Family

Gender

Male/Female

Date of Birth

dd/mm/yyyy

Marital Status

Married/Single

Education Background

High School/ Bachelor's/ Masters/ PhD/ Other

Nationality

Select from list

Dual Nationality

Yes / No

Second Nationality (if applicable)

Select from list

Salutation

Mr./ Ms./ Mrs./ Dr./ Other

Country of Birth

Select from list

City of Birth

Select from list generated based on previous selection

Religion

Christian/ Muslim/ Jewish/ Hindu/ Buddhist/ Other

Mother's Maiden Name

Free-form

Spouse Name

Free-form

Spouse Date of Birth

dd/mm/yyyy

Spouse Employment Details

Employed/ Unemployed

Spouse Phone Number

Area code selection option and 9-10 additional digits permissible

Number of Children

Only numeric answers allowed

Employment

Profession

Free-form

Profession Description

Free-form

Employer Name

Free-form (or company name in case of self-employment)

Employer Address

Free-form (or company name in case of self-employment)

Employment Type

Select from list of options (e.g., Employed, Self-Employed, Retired, Unemployed)

Employment Location

Free-form

Nature of Business

Select from list of categories (e.g., Law, Finance, Medicine)

Designation

Free-form

Source of Income

Free-form (e.g. salary / dividends from ownership)

Income Currency

Select from a list of options (e.g., AED, USD, SAR)

Monthly Income

Only numeric answers allowed (in AED)

Annual Income

Only numeric answers allowed (in AED)

Employment Start Date

dd/mm/yyyy

Identification

EID Number

Only 15 digits permissible

EID Expiry Date

dd/mm/yyyy

Passport Issue Country

Select from list

Passport Number

Alphanumeric identifier

Passport Issue Date

dd/mm/yyyy

Passport Expiry Date

dd/mm/yyyy

Visa Number

Only numeric answers allowed

Visa Issue Country

Select from list

Visa Issue Date

dd/mm/yyyy

Visa Expiry Date

dd/mm/yyyy

UAE Driving License Number

Only 7 digits permissible

UAE Driving License Issue Date

dd/mm/yyyy

UAE Driving License Issuing Emirate

Select from drop-down list (e.g., Dubai, Ajman, Abu Dhabi)

Mulkiya Card

pdf attachment

Home Country Driving License Number

Free-form

Bank Information

Bank Account Number

Free-form (may vary by bank and country)

IBAN

Free-form (may vary by bank and country)

Swift Code 

Free-form (may vary by bank and country)

Name on Account

Free-form

Bank Name

Free-form

Home Branch

Free-form (may vary by bank and country)

Type of Account

Free-form (may vary by bank and country)

Emergency Contacts

Emergency Contact 1 Name

Free-form

Emergency Contact 1 Relationship

Free-form

Emergency Contact 1 Phone Number

Area code selection option and 9-10 additional digits permissible

Emergency Contact 1 Email Address

Must be a valid email address (i.e., include @ followed by domain)

Emergency Contact 2 Name

Free-form

Emergency Contact 2 Relationship

Free-form

Emergency Contact 2 Phone Number

Area code selection option and 9-10 additional digits permissible

Emergency Contact 2 Email Address

Must be a valid email address (i.e., include @ followed by domain)

Property

Description

Insured Vehicle

Vehicle Make

Drop-down list of vehicle makes (e.g., Toyota, Lexus, Honda)

Vehicle Model

Drop-down list of models based on previous selection

Vehicle Model Year

Drop-down selections (1900-present year)

Vehicle Purchase Date

dd/mm/yyyy

Vehicle Specification

Drop-down selections (Light vehicle, truck, etc.)

Estimated Value

Only numeric answers allowed (in AED)

Date of Registration

dd/mm/yyyy

Vehicle Passing Certificate

pdf attachment

Dealers Quote

quote from dealer reflecting all costs (out-the-door price)

Chassis Number

Only numeric answers allowed

Engine Number

Only numeric answers allowed

Country of Origin

Select from list

Vehicle Color

Select from list

Plate Number

Free-form

Plate Code

Free-form

Vehicle Mileage

Only numeric answers allowed (in km)

Vehicle Weight

Only numeric answers allowed (in kg)

Traffic Code Issuing Emirate

Select from drop-down list (e.g., Dubai, Ajman, Abu Dhabi)

Traffic ID Number

Only numeric answers allowed

Vehicle History

Vehicle imported / modified / declared as total loss before

Driving History

More than 1 year of driving experience

First Time Registration

Yes/No

Vehicle Mortgage

Pending mortgage amount on the vehicle

Policy

Policy Number

Only numeric answers allowed

Policy Issue Date

dd/mm/yyyy

Policy Expiry Date

dd/mm/yyyy

Coverage Type

Select from drop-down list (e.g., Full, Partial, Other) - may vary by insurance company

Policy Limits

Free-form

Policy Exclusions

Free-form

Coverage Amount

Only numeric answers allowed (in AED)

Coverage Start Date

dd/mm/yyyy

Coverage End Date

dd/mm/yyyy

Previous Policy Insurer

Free-form

Previous Policy Start Date

dd/mm/yyyy

Previous Policy Expiry Date

dd/mm/yyyy

Any previous claims?

Yes/No

If yes, provide amount and details

Only numeric answers allowed (in AED) for amount and free-form for details

Add-Ons

Drivers Personal Accident

Driver accidental coverage included?

Passengers Personal Accident

Passenger accidental coverage included?

Property

Description

Premium

Policy Premium Value

Only numeric answers allowed (in AED)

Policy Premium Payment Period

Select from drop-down list (e.g., Monthly, Bi-annually, Annually)

Premium Payment Records

pdf attachment

Outstanding Balances

Only numeric answers allowed (in AED)

Loan (if applicable)

Loan Date (if applicable)

dd/mm/yyyy

Loan Amount (if applicable)

Only numeric answers allowed (in AED)

Interest Rate (if applicable)

Only numeric answers allowed (%)

Repayment Schedule (if applicable)

Only numeric answers allowed (in years)

Outstanding Loan Balance (if applicable)

Only numeric answers allowed (in AED)

Benefit Payouts

Benefit Payout Date 1

dd/mm/yyyy

Benefit Payout Amount 1

Only numeric answers allowed (in AED)

Benefit Payout Date 2

dd/mm/yyyy

Benefit Payout Amount 2

Only numeric answers allowed (in AED)

Claims

Number of claims last 12 months

Only numeric answers allowed

Number of approved claims last 12 months

Only numeric answers allowed

Total value of claims last 12 months

Only numeric answers allowed (in AED)

Total value of approved claims last 12 months

Only numeric answers allowed (in AED)

Number of claims last 36 months

Only numeric answers allowed

Number of approved claims last 36 months

Only numeric answers allowed

Total value of claims last 36 months

Only numeric answers allowed (in AED)

Total value of approved claims last 36 months

Only numeric answers allowed (in AED)

Claim 1 Date

dd/mm/yyyy

Claim 1 Description

Free-form

Claim 1 Status

Select from drop-down list (e.g., Submitted, Pending, Complete)

Claim 1 Amount

Only numeric answers allowed (in AED)

Deductible Amount 1

Only numeric answers allowed (in AED)

Claim 2 Date

dd/mm/yyyy

Claim 2 Description

Free-form

Claim 2 Status

Select from drop-down list (e.g., Submitted, Pending, Complete)

Claim 2 Amount

Only numeric answers allowed (in AED)

Deductible Amount 2

Only numeric answers allowed (in AED)

Previous Policies

Previous Insurance Company 1

Free-form

Previous Policy ID 1

Depends on insurance company

Purchase Date

dd/mm/yyyy

Renewal Date 1

dd/mm/yyyy

Renewal Date 2

dd/mm/yyyy

Premium Amount

Only numeric answers allowed (in AED)

Deductible Amount (if any)

Only numeric answers allowed (in AED)

Coverage Type

Select from drop-down list (e.g., Full, Partial, Other) - may vary by insurance company

Adjustment Date 1 (if any)

dd/mm/yyyy

Premium Adjustment 1 (if any)

Only numeric answers allowed (in AED)

Coverage Adjustment 1 (if any)

Free-form

Reason for Adjustment 1 (if any)

Free-form

Adjustment Date 2 (if any)

dd/mm/yyyy

Premium Adjustment 2 (if any)

Only numeric answers allowed (in AED)

Coverage Adjustment 2 (if any)

Free-form

Reason for Adjustment 2 (if any)

Free-form

Loan Date (if applicable)

dd/mm/yyyy

Loan Amount (if applicable)

Only numeric answers allowed (in AED)

Interest Rate (if applicable)

Only numeric answers allowed (%)

Repayment Schedule (if applicable)

Only numeric answers allowed (in years)

Outstanding Loan Balance (if applicable)

Only numeric answers allowed (in AED)

Benefit Payout Date 1

dd/mm/yyyy

Benefit Payout Amount 1

Only numeric answers allowed (in AED)

Benefit Payout Date 2

dd/mm/yyyy

Benefit Payout Amount 2

Only numeric answers allowed (in AED)

Termination Date

dd/mm/yyyy

Reason for Cancellation

Free-form

Refund Amount (if any)

Only numeric answers allowed (in AED)

Surrender Date (if applicable)

dd/mm/yyyy

Surrender Amount (if applicable)

Only numeric answers allowed (in AED)

Reason for Surrender

Free-form

Cash Value of Policy Paid to Policyholder

Only numeric answers allowed (in AED)

Motor Insurance Policies

(ReadMotorInsurancePolices)

Any other name by which you refer to these policies

Provide policy identifiers to facilitate retrieval of other policy details. No other policy data is provided unless explicitly requested.

Customer Basic

(ReadMotorInsuranceCustomerBasic)

Your basic information

Provides basic customer information, including full name and short name.

Your detailed information

Provides full customer details, including address, employment information, and emergency contact details.

Bank Account Information

(ReadMotorInsuranceCustomerPaymentDetails)

Your bank account details

Provides customer bank account information.

Policy and Vehicle Information

(ReadMotorInsuranceProduct)

Your policy and vehicle information

Provides all policy data including policy number and vehicle information.

Premium and Claim Information

(ReadMotorInsuranceTransactions)

Your premiums and claims

Provides premium and claim information.