IMPORTANT NOTE:

• LFIs & TPPs MUST comply with the rules and guidelines listed in this section.

• LFIs MUST connect all mandatory APIs to the Open Finance Platform and may provide direct access to TPPs.

  • Note: The Standard does not support the direct access of LFIs to TPPs.

Basic terminology

In the context of the Open Finance Standard, the following terms have been used:

• Debtor: Term used to describe the originating payer of an Open Finance bank service initiation. In most of the cases, the Debtor is the User of the Open Finance services offered by TPPs.

• Creditor: Term used to describe the beneficiary payee of an Open Finance bank service initiation.

LFIs MUST:

CRG-1.1 Provide Open Finance APIs for as many of the following account types as they allow their Users to access in their existing Digital channels:

• Retail Accounts: Accounts used for the execution of payment transactions provided by LFIs to individuals

  • Current accounts, Savings accounts

• SME Accounts: Accounts used for the execution of payment transactions provided by LFIs to SMEs

  • Current accounts, Savings accounts

• Corporate Accounts: Accounts used for the execution of payment transactions provided by LFIs to Corporates

  • Current accounts, Savings accounts

CRG-1.2 Provide Open Finance APIs for the aforementioned account types in all currencies. The scope of currencies is as follows:

• CRG-1.2.1 For Bank Data Sharing, the aforementioned accounts as per CRG-1.1 MUST be supported in ALL available currencies.

• CRG-1.2.2 For Bank Service Initiation, the following scope rules apply:

  • For domestic payments (i.e. payment accounts within the UAE jurisdiction) both debtor (initiating) payment account and creditor (beneficiary) payment account MUST be in AED.

  • Domestic payments (i.e. payment accounts within the UAE jurisdiction) involving FX payment conversion at the debtor (initiating) payment account (for example from USD to AED or GBP to AED) before domestic payment initiation are NOT in the scope of the current version of the Open Finance Standard.

  • For international payments (i.e. payments to accounts outside the UAE jurisdiction), ALL available currencies supported by LFIs MUST be supported for Open Finance payment initiation. For more information, please refer to International Payments | 1. Description.

CRG-1.3 Allow Users to authorize consents only for eligible accounts.

CRG-1.4 Provide Open Finance APIs with domestic Payment Initiation capabilities from the aforementioned account types using ONLY the Instant Payment Platform (IPP).

• CRG-1.4.1 In the scenario that the Creditor account is with an LFI that has not been onboarded with the IPP platform, the LFIs MUST perform their BAU check and reject any payments to Creditor accounts not supported by the IPP platform.

• CRG-1.4.2 In the scenario that IPP is unavailable, for example, it is going through maintenance and planned downtime, the LFIs MUST reject the payment and set the status of the payment to the Rejected terminal state.

• CRG-1.4.3 In the scenario that IPP does not have the user's date/city of birth registered, the LFIs MUST NOT route the Open Finance payments via other payment systems. Instead, LFIs MUST reject the Open Finance payment, informing the User what is required to be done in order to resolve this issue. It is expected that the LFIs MUST obtain this information through the KYC or another process, to ensure that this mandated information is registered with the IPP platform.

• CRG-1.5 Provide Open Finance APIs for International (i.e. cross-border) Payment Initiation capabilities from the aforementioned account types using ALL available payment rails in use by LFIs to support International payment initiation for their existing online channels.

• CRG-1.6 NOT impose any additional constraints to the Open Finance initiated payments on top of the LFI limits (minimum and maximum) stated in the Open Finance Standard. More specifically, subject to meeting the minimum values stated in Limits and Constants | C. LFI Channel Limits LFIs MUST set the maximum transaction limits to the same value or higher as the transaction limits imposed on the following existing digital channels and use cases: 

  • Applicable Channels & Use Cases

    • Debit and Credit Card Transactions: Transactions made via point-of-sale (POS) and online purchases, encompassing payments to merchants onboarded by Third-Party Providers (Pay by account).

    • Proprietary online banking & Mobile banking applications: Transactions executed via the LFIs’ web portal or mobile app, including transfers, bill payments, and peer-to-peer (P2P) payments, enabling the following use cases

      • P2P/B2P Payments: Peer-to-peer payments between individuals and business-to-person payments.

      • Payments-to-self: Transfers made by customers to their accounts, whether within the same LFI or to accounts at other financial institutions.

      • Payments to Businesses non-onboarded by TPPs: Payments made to businesses not onboarded by TPPs.

• CRG-1.7 NOT impose any timing constraints on the Open Finance initiated payments. For example, cooling-off periods for new beneficiaries with reduced transactional limits or other constraints related to the number or value of payment transactions MUST NOT be applied to Open Finance initiated payments.

  CRG-1.8 Follow the principle that transaction limits and other constraints applied to the Open Finance services are not more restrictive than those applied across other commonly used banking digital channels. This establishes parity, ensuring that customer experience is consistent regardless of the digital channel used.

TPPs MUST:

CRG-2.1 Provide Users at least one of the following options for selecting their payment account to be used for the Consent:

• Manually enter their Payment Account Identification details (e.g. IBAN, account number & LFI, and any other formats supported by the LFI holding the Users' payment account)

• Select their Payment Account Identification details. This assumes that these have been saved previously and the User has a long-term profile with the TPP, having completed a User onboarding step.

• Select their LFI only (so that they can select their Payment Account later on in the journey after authenticating with the LFI). The LFI MUST be identified using the trading name which is familiar to Users.

  • CRG-2.1.1 TPPs MUST use logos and the brand names of the LFIs as they are defined in the Trust Framework Directory.

Note: It is in the competitive space of TPPs to enable additional services for Users that may provide better customer experience. For example, a TPP with a long-term relationship with a User may have dual Data Sharing and Service Initiation roles and have access to the User list of accounts with a specific LFI, making it easier for the User to select the payment account they want to use for the payment initiation.

TPPs MUST:

CRG-3.1 Either allow Users to manually enter the payment amount or pre-populate it for the Users. This is dependent on the use case.

CRG-3.2 For domestic payments, ensure that Users clearly understand that the payment amount is in local currency (i.e. United Arab Emirates Dirham - AED) as used by the local payment systems infrastructure for domestic payments.

CRG-3.3 Ensure and validate that the lowest allowable amount is 0.01 AED. The amount of the payment MUST be specified with max 2 decimal digits.

CRG-3.4 Ensure that the maximum allowable amount is equal to Limits and Constants | Max Inter bank Payment Amount for any payments to Creditor accounts managed by a different account holding entity than the User’s LFI.

• CRG-3.4.1 NOT apply any maximum amount limit for payments to Creditor accounts managed by the same LFI as the User’s LFI (i.e. Intra-bank payments).

CRG-3.5 Display a message to Users informing them that the payment amount cannot exceed the Limits and Constants | Max Inter bank Payment Amount value for all Inter-bank payments.

TPPs MUST:

CRG-4.1 Either allow Users to manually enter/select their Creditor Identification details or pre-populate them for the Users.

Note: It is in the competitive space of TPPs to enable additional services for Users that may provide a better customer experience. For example, a TPP with a long-term relationship with a User may have dual Data Sharing and Service Initiation roles and have access to Users' list of Authorized Beneficiaries with a specific LFI, making it easier for Users to select the Creditor Identification details.

CRG-4.2 Allow the Creditor Identification using the following information:

• IBAN of the Creditor payment account

• Name of the Creditor

Note: Depending on the use case, the Creditor details may not be displayed to Users in full. However, these still need to be part of the payment Consent request sent by the TPP.

CRG-4.3 Display to Users the full IBAN details of the Credit payment account, if these details have been manually entered/provided by the User.

CRG-4.4 Display to Users the masked IBAN (only last 4 digits) of the Credit payment account, if these details have been populated/provided by the TPP (e.g. in case of merchant onboarded by TPPs).

CRG-4.5 Ensure that the format and other validation rules of the Creditor Identification details are correct in case Users manually enter the Creditor Identification details. If incorrect, TPPs MUST request Users to review and re-enter the information.

CRG-4.6 TPPs MUST send the Merchant Category Code where the Creditor is a Merchant onboarded by them.

TPPs MUST:

CRG-5.1 Allow Users to manually enter a Debtor Reference. This note is for the Users' reference and may be available to Users as additional information in relation to a payment by their LFIs. This information is optional for Users and may not be provided at all.

CRG-5.2 Validate that the format of the Debtor Reference is according to the UAE Open Finance Standard specifications.

CRG-5.3 Append to the Debtor Reference the TPP ID, Merchant ID, BIC for the Creditor Account for payments to Merchants.
CRG-5.4 Append to the Debtor Reference the TPP ID, BIC for the Creditor Account for all other Payments.

CRG-5.5 Include the Debtor Reference in each Payment Initiation Request as the default value. This information will not be transferred via the payment rails. For details on the format of Debtor Reference please refer to Bank Service Initiation OpenAPI

TPPs MUST:

CRG-6.1 Allow Users to manually enter a Payment Reference or pre-populate it for the Users, depending on the use case. Payment Reference is optional for Users. Payment Reference may be populated by the User (i.e. Debtor) using information requested by the beneficiary (i.e. Creditor) or any other information the User wants to provide to the beneficiary to assist in identifying and reconciling the payment. This information will be transferred via the payment rails to the beneficiary’s LFI, if different than the User’s LFI.

Note: TPPs may make the Payment Reference mandatory based on their specific use cases or business requirements (for example credit card payment, invoice payments, etc)

CRG-6.2 Validate that the format of the Payment Reference is according to the UAE Open Finance Standard specifications.

CRG-6.3 Include the Payment Reference in the Payment Initiation Request as the default value. The Payment Reference will be used by the LFI to populate the Remittance Information of the payment.

For details on the format of Creditor Reference please refer to Bank Service Initiation OpenAPI

TPPs MUST:

CRG-7.1 Set Is Single Authorization flag in the Consent to specify that the Consent MUST be subject to single User authorization only. This is used when there is a clear requirement that the Consent on the account to be used cannot be subject to multiple User authorizations.

TPPs MUST:

CRG-8.1 Have the option to set the appropriate parameter in the Consent specifying the time window during which the Consent MUST be authorized by all required authorizers (one or multiple). The Authorization Expiration Date Time that can be specified by a TPP is limited to Limits and Constants | Max Authorization Time Window after the Consent has been submitted (i.e. staged) by the TPP for User authorization.

TPPs MUST:

CRG-9.1.1 Set ALL the available data in the Risk Information Block in order to provide additional information in relation to the Payment Consent and allow LFI to assess their risk. This includes the following information as shown in the table below, based on the type of payment/use case. The information MUST be provided as per the following requirements:

• M- Mandatory

• N - Not Required

• C- Conditional

• O - Optional (if available/applicable)]