top of page
Anchor 1

or

or

Search

What is Platform-as-a-Service?

Platform as a service (PaaS) is a development and deployment environment in the cloud containing the resources that enable delivery of anything from simple cloud-based apps to sophisticated enterprise applications.

Show parent question
Show related info

Bookmark

What next for the Open Banking Implementation Entity once it has implemented the UK's Open Banking framework?

In June 2020, UK Finance (a cross-sector trade body that includes the members of the CMA9) commissioned Accenture UK to propose a roadmap for the post-implementation strategy of OBIE. Click on 'Show More Info' below to access their 'Open Banking Future State' report.

Show parent question
Show related info

Bookmark

What are the PFM (Personal Finance Management) use cases?

By allowing Account Information Service Providers (<a href="/glossarycollection/account-information-service-provider" style="color:#48277C;" target="_blank" title="Account Information Service Provider"><u>AISP</u></a>) to access consumer accounts, Open Banking supports a number of Personal Finance Management (PFM) use cases. Some typical examples are budgeting and transaction categorisation, and more advanced providers are able to provide intelligent forecasting.<br/><br/>

Examples of PFM apps include <a href="https://cake.app" style="color:#48277C;"><b><u>Cake</u></b></a> and <a href="https://emma-app.com" style="color:#48277C;"><b><u>Emma</u></b></a>.

Show parent question
Show related info

Bookmark

Are UK financial institutions obliged to use the Open Banking Implementation Entity interface?

There is currently no obligation for UK registered organisations to use the Open Banking Implementation Entity (<a href="/glossarycollection/open-banking-implementation-entity" style="color:#48277C;" target="_blank" title="Open Banking Implementation Entity"><u>OBIE</u></a>) interface. The use of the OBIE interface is free, and although organisations are required to register with the Financial Conduct Authority (<a href="/glossarycollection/financial-conduct-authority" style="color:#48277C;" target="_blank" title="Financial Conduct Authority"><u>FCA</u></a>), they are not required to register with the OBIE.<br/><br/>

In general, any interface should be fit for purpose and able to support widespread usage. This means that using the OBIE interface would be sensible for a UK firm but it does not prevent them from using an alternative national or commercial interface.

Show parent question
Show related info

Bookmark

What is the proposition behind using a Banking-as-a Service (BaaS) provider?

A 'BaaS' provider is a licensed financial institution which is able to provide digital payment services to a non-banking business.<br/><br/>

For example, a high street retailer might decide they want to offer their customers their own, branded, payment card. The retailer believes that this will help build customer engagement and facilitate their loyalty programme. The retailer also knows that the card will reveal the customer's payment data which it intends to use to improve its marketing and product offerings.<br/><br/>

Rather than setting up their own bank or payment institution, the retailer could choose to offer this card, (and other banking services such as loans and accounts) through a BaaS provider. Because the provider is already licensed, it can bring the retailer's offering to market much more quickly and at a far lower cost.<br/><br/>

The BaaS provider does this via an Application Programming Interface (<a href="/glossarycollection/application-programming-interface" style="color:#48277C;" target="_blank" title="Application Programming Interface"><u>API</u></a>) which provides a secure and reliable connection to the retailer, enabling customers to access banking services directly through the retailer's own app. As the retailer is effectively an intermediary between the customer and the BaaS provider, it is spared the associated regulatory and compliance burdens.

Show parent question
Show related info

Bookmark

How could Open Banking help with sales of goods and services which require identity or age verification?

Identity verification often comes with cumbersome processes for business that create sales friction. Open Banking can often solve that problem. For high value transactions or age-related products and services, your business may rely on documents being sent and analysed before decisions can be made. Instead, customer consent to access their bank details means data is coming from a bank where it has already been checked and verified. This can be used as a digital ID meaning you can drive sales at a faster pace and improve service delivery.

Show parent question
Show related info

Bookmark

What product features are criminals attracted to when laundering money through a financial institution?

Some products are more susceptible to being used for money laundering or terrorist financing purposes. Features that criminals are attracted to include:<br/><br/>

- anonymity;<br/>
- unlimited spend;<br/>
- international transactions;<br/>
- lack of paper trails;<br/>
- simplified or absent due diligence;<br/>
- limited validation processes;<br/>
- unverified funding sources;<br/>
- cash acceptance;<br/>
- settlement methods.

Show parent question
Show related info

Bookmark

What is a basic worked example of Enterprise Risk?

Risk Number: RA1<br/><br/>

Risk Type: Customer Risk<br/><br/>

Sub-Risk Type: An applicant is, or becomes, a politically exposed person (PEP) which could create a risk of exposure to the proceeds of corruption.<br/><br/>

Inherent Risk: The risk is that a PEP uses our services to launder the proceeds of corruption obtained via the abuse of their political position.<br/><br/>

Inherent Risk Rating: 7/10<br/><br/>

Controls: Our organisation uses a service provided by PassFort automated via Dow Jones to screen applicants and clients against PEP lists. We carry out continuous monitoring on high-risk clients and PEPs undergo monthly re-screening against the updated lists. Where a PEP is identified, we undertake enhanced due diligence measures and seek additional information to better judge whether the client presents a higher risk.<br/><br/>

Residual Risk Rating: 3/10

Show parent question
Show related info

Bookmark

What is proportionality and why what does it mean in the context of the European Banking Authority (EBA) guidelines on outsourcing?

The European Banking Authority (<a href="/glossarycollection/european-banking-authority" style="color:#48277C;" target="_blank" title="European Banking Authority"><u>EBA</u></a>) guidelines refer to another document: 'Guidelines on internal governance under Directive 2013/36/EU' for an explanation of proportionately.<br/><br/>

Essentially, 'Payment Institutions (<a href="/glossarycollection/payment-institution" style="color:#48277C;" target="_blank" title="Payment Institution"><u>PI</u></a>) should take into account their size and internal organisation, and the nature, scale and complexity of their activities, when developing and implementing internal governance arrangements. Significant PIs should have more sophisticated governance arrangements, while small and less complex PIs may implement simpler governance arrangements.'<br/><br/>

Unfortunately there is no definition of 'simpler governance arrangements'.<br/><br/>

The following criteria should be taken into account by PIs and competent authorities:<br/><br/>

- the size in terms of the balance-sheet total of the PI and its subsidiaries within the scope of prudential consolidation;<br/><br/>

- the geographical presence of the PI and the size of its operations in each jurisdiction;<br/><br/>

- the legal form of the PI, including whether the PI is part of a group and, if so, the proportionality assessment for the group;<br/><br/>

- whether the PI is listed or not;<br/><br/>

- whether thePI is authorised to use internal models for the measurement of capital requirements (e.g. the Internal Ratings Based Approach);<br/><br/>

- the type of authorised activities and services performed by the PI (e.g. see also Annex 1 to Directive 2013/36/EU and Annex 1 to Directive 2014/65/EU);<br/><br/>

- the underlying business model and strategy; the nature and complexity of the business activities, and the PI’s organisational structure;<br/><br/>

- the risk strategy, risk appetite and actual risk profile of the PI, taking into account also the result of the SREP capital and SREP liquidity assessments;<br/><br/>

- the ownership and funding structure of the PI;<br/><br/>

- the type of clients (e.g. retail, corporate, institutional, small businesses, public entities) and the complexity of the products or contracts;<br/><br/>

- the outsourced activities and distribution channels;<br/><br/>

and,<br/><br/>

- the existing information technology (IT) systems, including continuity systems and outsourcing activities in this area.<br/><br/>

For the benefit of the doubt, it is probably safest to implement all of the controls and processes mentioned in the EBA guidelines on outsourcing.

Show parent question
Show related info

Bookmark

What is Digital Transformation?

Essays have been written but Digital Transformation (DT or DX) is fundamentally the adoption of digital technology to transform services or businesses.

Show parent question
Show related info

Bookmark

Do I need a business continuity plan when making an application to become authorised as a payment institution?

Yes, the application will need to provide a description of the business continuity arrangements.

Show parent question
Show related info

Bookmark

What is the difference between an Electronic Money Institution (EMI) and a Small EMI?

The difference centres around the Electronic Money Institution's (<a href="/glossarycollection/electronic-money-institution" style="color:#48277C;" target="_blank" title="Electronic Money Institution"><u>EMI</u></a>) size and business activities. If an EMI's total business activities generate less than €5 million outstanding e-money, and the EMI does not require passporting rights, it might be able to register as a 'small EMI'. Registering as a 'small EMI' is generally cheaper than authorisation.<br/><br/>

(c) The Financial Conduct Authority

Show parent question
Show related info

Bookmark

What is OBIE proposing for Variable Recurring Payments in the UK

Open Banking are proposing two specific mechanisms for enabling Variable Recurring Payments (VRPs).
<br>
<b>VRP Payments with an SCA exemption</b>
These are possible when explicit consent has been provided to the PISP provided that:
<br>
a) the payee is fixed;
b) the number and/or frequency of payments is fixed (or capped); and
c) although the amount cannot be fixed in advance, there are clear parameters around the permitted value, such as maximum individual payment amount, maximum total value in a month or year etc.
<br>
<b>VRP Payments with delegated SCA</b>
<br>These payments require that a bi-lateral contract is agreed between the ASPSP and the PISP and that SCA is performed in the PISP environment, for every transaction that false outside the original payment limits that were consented to.

Show parent question
Show related info

Bookmark

What is the Senior Managers and Certification Regime (SM&CR)?

THE SM & CR is guidance from the UK's FCA aimed at reducing harm to consumers and strengthening market integrity by creating a system that enables firms and regulators to hold individuals to account. As part of this, the SM&CR aims to:

• encourage staff to take personal responsibility for their actions
• improve firm conduct at all levels
• make sure firms and their staff clearly understand and can show who does what

Show parent question
Show related info

Bookmark

What are the European Banking Authority (EBA) Guidelines on outsourcing and why are they relevant?

From the European Banking Authority (<a href="/glossarycollection/european-banking-authority" style="color:#48277C;" target="_blank" title="European Banking Authority"><u>EBA</u></a>) guidelines on outsourcing:<br/><br/>

"These guidelines set out which arrangements with third-parties are to be considered as outsourcing and provide criteria for the identification of critical or important functions that have a strong impact on the financial institution’s risk profile or on its internal control framework. If such critical or important functions are outsourced, stricter requirements apply to these outsourcing arrangements than to other outsourcing arrangements.<br/><br/>

Competent authorities are required to effectively supervise financial institutions’ outsourcing arrangements, including identifying and monitoring risk concentrations at individual service providers and assessing whether or not such concentrations could pose a risk to the stability of the financial system. To identify such risk concentrations, competent authorities should be able to rely on comprehensive documentation on outsourcing arrangements compiled by financial institutions."

Show parent question
Show related info

Bookmark

ALTERNATIVE FINTECH

From Dark-Web to DeFi, everything that is either unregulated or unexplained

Show parent question
Show related info

Bookmark

Why are periodic reviews critical to an effective Anti-Money Laundering (AML) framework?

It is crucial that the identity verification data available to a financial institution is up to date; stale documentation does not serve the purpose of an AML programme and documents have to be regularly reviewed and updated. This is why regulators place such an emphasis on periodic reviews.<br/><br/>

Ensuring documentation remains up to date also helps reveal whether there has been a material change to a customer's profile and helps financial institutions to ensure risk ratings assigned to a customer remain applicable.<br/><br/>

Regulators perform regular audits of financial institutions to ensure that all internal compliance controls, policies and procedures are fit for purpose and implemented properly.<br/><br/>

It is mandatory for financial institutions to have fully auditable records that are 'regulator-ready' at the end of the day. This includes the recording of all compliance decisions as well as data, documentation and the back-up required to evidence the basis for these decisions.

Show parent question
Show related info

Bookmark

DeFi

Show parent question
Show related info

Bookmark

Can you provide an example of a solution that incorporates open banking into a federated identity service?

AVOCO provides the following value proposition on their website:<br/><br/>

The solution has three options that can be used together or separately. The examples below show use in a government context:<br/><br/>

1) Service Sign-in:<br/><br/>

Sign into a government service using a bank ID (federation). Avoco support thousands of different banks using Open Banking. Optionally, customers can supply a verified bank account number; this is verified during customer registration using Open Banking - the act of signing in via a bank offers assurance that they have been <a href="/glossarycollection/customer-due-diligence" style="color:#48277C;" target="_blank" title="Customer Due Diligence"><u>CDD </u></a>/<a href="/glossarycollection/know-your-customer" style="color:#48277C;" target="_blank" title="Know Your Customer"><u>KYC</u></a> checked.<br/><br/>

2) Add Assured Data to Existing Account:<br/><br/>

Open Banking can be used to add assured data to existing government service accounts to update them with verified bank details.<br/><br/>

3) Use Open Banking after account setup/sign in to drive assured transactions:<br/><br/>

Customers can use Open Banking to share bank details, set up payments, etc.

Show parent question
Show related info

Bookmark

Decreased concentration risk in financial marketplaces

Show parent question
Show related info

Bookmark

bottom of page