BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player

Location: Central Bank of Bahrain Volume 1—Conventional Banks > Part A > High Level Standards > GR General Requirements > GR-6 Open Banking > GR-6.1 Access to PISPs and AISPs > GR-6.1.3
  • GR-6.1 Access to PISPs and AISPs

    • GR-6.1.1

      The CBB has recognised the need to revise its rules in keeping with the following changes at a systemic level, both globally and regionally:

      a) market growth in e-commerce activities;
      b) increased use of internet and mobile payments;
      c) consumer demand to increasingly use smart device based payment solutions;
      d) the developments in innovative technology; and
      e) a trend towards customers having multiple account providers.

      This section sets forth the rules applicable to conventional retail bank licenseesG with regards to the new category of ancillary service providersG described below.

      Added: April 2019

    • GR-6.1.2

      The CBB has established a Directive contained in "Module OB: Open Banking" in Volume 5 of the CBB Rulebook that deals with a new sub category of ancillary service providersG who, under the terms of the CBB license, may provide "payment initiation servicesG " and/or "account information servicesG ". Such licensees are termed "payment initiation service providersG " or PISPs and "account information service providersG " or AISPs. Banks and other licensees which maintain a customer account is referred to in the CBB Rulebook Volume 5 as "licensees maintaining customer accounts".

      Added: April 2019

    • GR-6.1.3

      Conventional retail bank licenseesG must:

      (a) grant ancillary service providersG of the types referred to in Paragraph AU-1.2.1 (f) and (g) of Rulebook Volume 5: Ancillary Service Providers Authorisation Module, access to customer accounts on an objective, non-discriminatory and proportionate basis based on consents obtained from the customer;
      (b) provide the criteria that the conventional retail bank licenseeG apply when considering requests pursuant to sub-paragraph (a) above for such access; and
      (c) ensure that those criteria are applied in a manner which ensures compliance with sub-paragraph (a) above while ensuring adherence to Law No 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018.
      Added: April 2019

    • GR-6.1.4

      Access to customer accounts granted pursuant to Paragraph GR-6.1.3 must be sufficiently extensive to allow the AISP and PISP access in an unhindered and efficient manner.

      Added: April 2019

    • GR-6.1.5

      Access to customer accounts granted pursuant to Paragraph GR-6.1.3 shall mean that at customer's direction, the licenseesG are obliged to share all information that has been provided to them by the customer and that which can be accessed by the customer in a digital form. The obligation should only apply where the licenseeG keeps that information in a digital form. Furthermore, the obligation should not apply to information supporting identity verification assessment; which the licensees should only be obliged to share with the customer directly, not a data recipient. The information accessed shall include transaction data and product and services data that banks are required to publicly disclose, such as price, fees, and other charges should be made publicly available under open banking. 'Value Added Data' and 'Aggregated Data' are not required to be shared. Value added data results from material enhancement by the application of insights, analysis, or transformation by the licensee. Aggregated data refers to various elements of customer data aggregated for the purpose of internal management by the licensee.

      Added: April 2019

    • GR-6.1.6

      If a conventional retail bank licenseeG refuses a request for access to such services or withdraws access to such services, it must seek approval of the CBB in a formal communication which must contain the reasons for the refusal or the withdrawal of access and contain such information as the CBB may direct. The CBB shall approve the request if it is satisfied that the impact of not giving access is minimal. If the request is rejected, the conventional retail bank licenseeG must adhere to the direction provided by the CBB.

      Added: April 2019

Back to top