/
Common Rules and Guidelines

This space is deprecated and no longer supported. Please use the latest available version here.

Common Rules and Guidelines

Owned by Chris Michael
02 Aug 2024
20 min read

This section contains Rules & Guidelines which are common for all Bank Data Sharing and Bank Service Initiation capabilities described in the UAE Open Finance Standards.

IMPORTANT NOTE:

  • LFIs & TPPs MUST comply with the rules and guidelines listed in this section.

  • LFIs MUST connect all mandatory APIs to the Open Finance Platform and may provide direct access to TPPs.

    • Note: The Standard does not support the direct access of LFIs to TPPs.

Basic terminology

In the context of the Open Finance Standard, the following terms have been used:

  • Debtor: Term used to describe the originating payer of an Open Finance bank service initiation. In most of the cases, the Debtor is the User of the Open Finance services offered by TPPs.

  • Creditor: Term used to describe the beneficiary payee of an Open Finance bank service initiation.

1. Supported Accounts & Payment Rails

LFIs MUST:

CRG-1.1 Provide Open Finance APIs for as many of the following account types as they allow their Users to access in their existing Digital channels:

  • Retail Accounts: Accounts used for the execution of payment transactions provided by LFIs to individuals

    • Current accounts, Savings accounts

  • SME Accounts: Accounts used for the execution of payment transactions provided by LFIs to SMEs

    • Current accounts, Savings accounts

  • Corporate Accounts: Accounts used for the execution of payment transactions provided by LFIs to Corporates

    • Current accounts, Savings accounts

CRG-1.2 Provide Open Finance APIs for the aforementioned account types in all currencies. The scope of currencies is as follows:

CRG-1.3 Allow Users to authorize consents only for eligible accounts.

CRG-1.4 Provide Open Finance APIs for domestic Payment Initiation capabilities from the aforementioned account types using ONLY the Instant Payment Platform (IPP).

  • CRG-1.4.1 In the scenario that the Creditor account is with an LFI that has not been onboarded with the IPP platform, the LFIs MUST perfrom their BAU check and reject any payments to Creditor accounts not supported by the IPP platform.

  • CRG-1.4.2 In the scenario that IPP is unavailable, for example, it is going through maintenance and planned downtime, the LFIs MUST NOT route the Open Finance payments via other payment systems. Instead, LFIs MUST keep the status of the payment to pending and process the payment as normal when IPP is available again.

    • Note: This does not exclude edge cases where the payment value may be applied on a different date than the payment authorization. CBUAE will be monitoring the ecoysystem for these cases to assess whether remediations may be required in the future.

  • CRG-1.4.3 In the scenario that IPP does not have the user's date/city of bith registered, the LFIs MUST NOT route the Open Finance payments via other payment systems. Instead, LFIs MUST reject the Open Financen payment informing the User what is required to be done in order to resolve this issue. It is expected that the LFIs MUST obtain this information through the KYC or another process, to ensure that this mandated information is registered with the IPP platform.

  • keep the status of the payment to pending and process the payment as normal when IPP is available again.

CRG-1.5 Provide Open Finance APIs for International (i.e. cross-border) Payment Initiation capabilities from the aforementioned account types using ALL available payment rails in use by LFIs to support International payment initiation for their existing online channels.

2. User Payment Account Selection

3. Payment Amount & Currency

4. Creditor Identification

5. Debtor Reference

6. Creditor Reference

7. Is Single Authorization flag

8. Authorization Expiration DateTime

9. Risk Information Block

9.1 TPP Obligations

Based on the type of payment/use case, TPPs have different obligations with populating the various parts of the Risk Information Block.

Risk Information Block Element

 

Payments to Merchants onboarded by TPPs (Pay by Account)

P2P/B2P Payments

Payments-to-self

Payments to Businesses non-onboarded by TPPs

Risk Information Block Element

 

Payments to Merchants onboarded by TPPs (Pay by Account)

P2P/B2P Payments

Payments-to-self

Payments to Businesses non-onboarded by TPPs

A. User (Debtor) Indicators

Information related to the User.

  1. User Name

C (if onboarded)

C (if onboarded)

C (if onboarded)

C (if onboarded)

  1. Geo Location

C (if customer present)

C (if customer present)

C (if customer present)

C (if customer present)

  1. Device Operating System & Version

O

O

O

O

  1. Date/time onboarded by the TPP

C (if onboarded)

C (if onboarded)

C (if onboarded)

C (if onboarded)

B. Transaction Indicators

Information in relation to the transaction initiated by the User.

  1. Customer Present flag (Y/N)

M

M

M

M

  1. Creditor Contract with TPP Present flag (Y/N)

M

M (Y)

M (Y)

M (Y)

  1. Initiating Channel (Web/Mobile)

M

M

M

M

C. Destination Delivery Address

Information for all related e-commerce payments. Destination Delivery Address may not be relevant for certain in-store transactions for example when goods/services are delivered to customers in-store. In these cases, TPPs are NOT required to provide this field.

  1. Recipient Type (Individual/Corporate)

M (Online), C (Instore)

C (upon availability)

N

M (Online), C (Instore)

  1. Recipient Name

M (Online), C (Instore)

C (upon availability)

N

M (Online), C (Instore)

  1. Full Delivery Address with region and country

M (Online), C (Instore)

C (upon availability)

N

M (Online), C (Instore)

D. Beneficiary Indicators

Information in relation to the Beneficiary of the initiated payment.

  1. Beneficiary Account Type (Retail/Corporate)

M

M (Retail)

M

M

  1. Beneficiary Prepopulated by TPP flag (Y/N)

M

M

M

M

  1. Merchant Trading Name

M

N

N

N

  1. Beneficiary Verified by TPP flag (Y/N)

C (if verified by KYC or COP)

N

N

C (if verified by KYC or COP)

  1. Verified by COP (Y/N)

C (if verified by KYC or COP)

M

M

C (if verified by KYC or COP)

  1. COP signed response contents

C (if verified by KYC or COP)

M

M

C (if verified by KYC or COP)

  1. Additional Beneficiary Account holder Identifiers such as:

  • Emirates ID or Passport Number for Retail accounts or Trade License number number for Business/Corporate accounts

  • Account Holder Name

M (Trade License number)

M (Account Holder Name)

O (Emirates ID)

C (D4) (Account Holder Name)

O (Emirates ID)

C (D4) (Account Holder Name)

O (Trade License number)

C (D4) (Account Holder Name)

  1. Merchant Details such as

  • Name

  • SIC code

  • MCC code

  • Merchant Identification: This must be in the format used by the UAE IPP Scheme, as follows:

    • A three-character Emirates Code followed by a hyphen and

    • the five-character Issuer type code followed by a hyphen and

    • the Trade License number followed by a hyphen and

    • a four-digit Economic activity code.

M

N

N

O

9.2 LFI Obligations

9.3 Additional TPP Obligations

9.3.1 Details Verification for Merchants onboarded by TPPs

10. Consent Staging

11. Hand-off to LFI

12. Payment Account Selection at LFI

13. Check Is Single Authorization flag

14. Hand-off back to the TPP

15. Payment Status Update

GRC-15.10 Payment Status Model

This figure illustrates the payment status model that can be used to cover the payment status throughout the payment's lifecycle. The model is applicable to all payment types including Single Immediate, Future Dated, Fixed Recurring, Variable Recurring, Fixed On-demand, Variable On-demand, and Variable-defined.

Payment Status New3.png

Payment Status

Description

Payment Status

Description

Pending (ISO 200022 PDNG)

Payment initiation or individual transaction included in the payment initiation is pending. Further checks and status updates will be performed.

Rejected (ISO 200022 RJCT)

The payment initiation has been rejected

Accepted Settlement Completed Debtor Account (ISO 200022 ACSC)

The payment has successfully passed technical validation, customer profile checking, and funds checking. The payment instruction has been accepted for execution and the settlement is now in process.

The amount of the payment has been reserved in the User Account and the payment has been sent through the payment rails for execution. The User Account will be debited in response to successful credit accepted by the recipient LFI. Alternatively, in response to rejected credit from the recipient LFI (or not response), the User Account will be released from the reserved payment amount as per the BAU payment initiation processes of the LFI.

Accepted Credit Settlement Completed (ISO 200022 ACCC)

OR

Accepted Without Posting (ISO 200022 ACWP)

The receiving account holding entity has successfully accepted the credit transfer initiated by the TPP payment instruction and the credit has been posted to the creditor customer’s account.

OR

The receiving account holding entity has successfully accepted the credit transfer initiated by the TPP payment instruction, but the credit has not been posted to the creditor customer’s account yet.

Accepted with change (ISO 200022 ACWC)

The sending LFI has accepted the payment order with changes to the initial order.

16. Confirmation to User

17. Payment Notifications

CRG-17.5 Multi-User Authorization Flow Notifications

In scenarios of multi-user accounts such as shared accounts or corporate accounts where multiple users have delegated authority to approve the payments.

18. Multi-User Authorization Flow

19. Check Authorization Time Window

20. Purpose of Payment

21. Shari’ah compliance of TPP

Shari'ah compliance of TPP journey.png

22. Supplementary Information

23. TPP Obligations towards Customer Verification

 

© CBUAE 2024
Open License and Contribution Agreement | Attribution Notice