Upload
trinhdien
View
220
Download
0
Embed Size (px)
Citation preview
PUBLIC
Open Banking
Open Banking Service Levels March 2017 for Open Data
Date: 31st January 2017
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 2
Table of Contents 1. Service Level Overview ........................................................................................................................................ 3 2. Goals & Objectives ............................................................................................................................................... 3 3. Stakeholders......................................................................................................................................................... 3 4. Period & Review ................................................................................................................................................... 4 5. Services ................................................................................................................................................................ 5
5.1. Open Banking Service Desk Scope ............................................................................................................... 5 5.2. Participant Requirements ............................................................................................................................ 6 5.3. Open Banking Requirements ....................................................................................................................... 6 5.4. Service Assumptions .................................................................................................................................... 6
6. Service Availability ............................................................................................................................................... 7 7. Service Management ........................................................................................................................................... 8
7.1. Service Desk Availability ............................................................................................................................... 8 7.2. Change of Details ......................................................................................................................................... 8 7.3. Complaints Handling Service Levels ............................................................................................................. 9 7.4. Breach Service Levels ................................................................................................................................... 9 7.5. Withdrawal Service Levels ......................................................................................................................... 10
7.5.1 Mandatory API Providers .......................................................................................................................... 10 7.5.2 Voluntary API Provider .............................................................................................................................. 10 7.5.3 API Users ................................................................................................................................................... 10 7.5.4 Retention of Records................................................................................................................................. 10
7.6. Suspension and Exclusion Service Levels ................................................................................................... 10 7.6.1 Suspension ................................................................................................................................................ 10 7.6.2 Exclusion ................................................................................................................................................... 11
7.7. Disputes Service Levels ............................................................................................................................. 12 7.7.1 Outline of Procedure ......................................................................................................................... 12 7.7.2 Escalation of Dispute ......................................................................................................................... 12 7.7.3 Third Party Determination................................................................................................................. 12
8. Management Information Reporting .................................................................................................................. 14 9. Appendix A - Summary of Service Levels ........................................................................................................ 15
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 3
1. Service Level Overview This document represents a set of Service Levels for Open Banking between the Open Banking Implementation Entity and registered API Providers and API Users for the provisioning of services required to support and sustain ‘read only’ open banking from March 2017. This document remains valid until superseded by revised Service Levels mutually endorsed by the Operational Governance Rules and Guidelines Working Group (OGRGWG). This document details the parameters of all Open Banking services covered as they are mutually understood by the participant stakeholders.
2. Goals & Objectives The purpose of these Service Levels is to ensure that the proper elements and commitments are in place to provide consistent Service Desk support and that a delivery is provided to the registered API Participants.
The goal of these Service Levels is to obtain mutual agreement for service provision between Open Banking and Participants.
The objectives of these Service Levels are to:
Provide clear reference to service ownership, accountability, roles and/or
responsibilities.
Present a clear, concise and measurable description of service provision to the
participants.
Match perceptions of expected service provision with actual service support &
delivery.
3. Stakeholders The following Service Provider(s) and Customer(s) will be used as the basis of this document and represents the primary stakeholders associated with these open data Service Levels:
Open Banking Implementation Entity
Registered API Providers and API Users / Developers
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 4
4. Period & Review
The service levels detailed in this document are valid from March 2017 and remain valid until further notice. The Service Levels should be reviewed at a minimum once per fiscal year; however, in lieu of a review during any period specified, the current Service Levels will remain in effect. The Head of Operational Governance (Document Owner) is responsible for facilitating regular reviews of this document. Contents of this document may be amended as required, provided mutual agreement is obtained from the OGRGWG and communicated to all affected parties. The Document Owner will incorporate all subsequent revisions and obtain mutual agreements / approvals as required.
Open Banking Implementation Entity: Head of Operational Governance Review Period: Bi-Monthly (2 months) First Review Date: 13-05-2017 Next Review Date: 12-07-2017
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 5
5. Services
The following detailed service parameters are the responsibility of Open Banking in the ongoing support of these Service Levels.
5.1. Open Banking Service Desk Scope
The following Services are covered by this document:
Manned telephone support
Monitored email support
Open Banking website
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 6
5.2. Participant Requirements
Participant responsibilities and/or requirements in support of these Service Levels include but are not limited to:
Acceptance of Open Banking “Terms and Conditions”
Acceptance of the “Open Banking License”
Reasonable availability of Working Group and/or Participant representative(s)
when resolving a service related request or incident.
5.3. Open Banking Requirements
Open Banking responsibilities in support of these Service Levels cover:
Manned Service Desk
Managing and maintaining a “Participant” Register
Participant validation for Providers
Withdrawals
Suspensions
Exclusions
Managing Complaints
Managing Breaches
Managing Disputes
Meeting response times associated with system availability Service Levels
Appropriate notification to Participants for all scheduled maintenance activities.
5.4. Service Assumptions
Assumptions related to in-scope services and/or components include:
All Changes to services will be communicated and documented to all stakeholders, even when they may have no visible or direct impact on Participants.
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 7
6. Service Availability Effective support of the Open Banking Service Availability is to maintain consistent system Service Levels for open data from March 2017. The following Service Availability, supported by Technical Standards, has been agreed as the standard for Open Banking services:
• Each API end-point must be available 95% of the time during each 24 hour period.
• Each API end-point must return the first byte of response within 500ms for 95% of the requests.
• The response time will be measured from an external client with a network latency of at
most 50 ms (time to first byte).
• Each provider must comply with the performance and availability SLAs under a peak load of
500 requests per minute across all Open Data APIs for that provider.
• Each provider must comply with the performance and availability SLAs under a load of 15,000
requests in an 8 hour window across all Open Data APIs for that provider.
• Caching – An API provider must update the dataset within 24 hours of a related update to its website (Note: there is no specific service level on how frequently a dataset is updated, so long as it’s in sync with the Provider website)
• Versioning – API Providers must update to the current or previous version of published Open Banking Technical Standards.
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 8
7. Service Management The scope of the Open Banking Service Desk is to maintain consistent service levels for open data from March 2017. The Service Management sub-sections provide relevant details for Open Banking services.
7.1. Service Desk Availability
Coverage parameters specific to the service(s) covered in these Service Levels are as follows:
Telephone support : 08:00 to 18:00 Monday – Friday UK Time
Email support: Monitored 08:00 to 18:00 Monday – Friday UK Time
o The Service Desk will aim to fix an enquiry or complaint on first call and if the subject raised can’t be fixed, will aim to provide further guidance or additional information within 1 business day and achieve a successful close to the contact.
o A contact that starts as a query or information request may move into a breach complaint or another process after the initial investigation or triage has taken place. In these circumstances, the Service Desk would then be subject to the appropriate Service Level as detailed in the document.
o Emails received outside of office hours will be collected, however no action can be guaranteed until the next working day.
7.2. Change of Details
1. API Providers will use best endeavours to notify Open Banking of any changes to any
of their details provided within 5 business days following the date of the relevant
change
2. Open Banking will update the Central Register to reflect such updated to within
2 business days following receipt of the relevant API Provider's notification.
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 9
7.3. Complaints Handling Service Levels
1. When a complaint is raised with the Open Banking Service Desk as a result of a breach
relating to the Rules and Guidelines, T&Cs or Open Licence, receipt and logging of the
complaint will be acknowledged to the raiser within 1 business day.
2. If a registered API User goes directly to a Provider with a Complaint, they are to re-direct
the User to the Open Banking Service Desk to log the complaint for investigation.
3. The Open Banking Service Desk, in conjunction with the Head of Operational
Governance will effect a determination and a resolution plan within 5 business days, (on
a best endeavours basis).
4. The Open Banking Service Desk will advise the Participant of its determination and
communicate the decision to the Participant.
5. If deemed as valid and worthy of further investigation the Head of Operational
Governance can refer the breach complaint to the appropriate regulator or Third Party
Determination.
6. A complaint due to a breach could lead to a suspension or exclusion, dependent on
severity and determined on a case by case basis by the Head of Operational
Governance.
7.4. Breach Service Levels
1. If a registered Participant breaches the open banking standards, they are obliged
to inform the Open Banking Service Desk within 1 business day of any breach being
discovered. Notification should be by one of the Service Desk communication
mediums.
2. Where Open Banking has discovered that a Participant has breached the open
banking standards, Open Banking will invoke an investigation process and
communicate this to the API Provider via the Service Desk, with a determination of
who is deemed to be in breach within 1 business day of identifying a breach.
3. The Head of Operational Governance (as delegated by the Open Banking Trustee)
will investigate and make a determination and provide a resolution plan within
5 business days.
4. Participants who breach the Open Banking standards may be subject to guidance
set by Open Banking, for suspension and / or exclusion from the Open Banking
Register, depending on the severity of the breach.
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 10
7.5. Withdrawal Service Levels
7.5.1 Mandatory API Providers
1. Mandatory API Providers will not be permitted to withdraw from the OBS.
7.5.2 Voluntary API Provider
1. Voluntary API Provider requests for withdrawal from the Open Banking Register
must be communicated in writing to the Open Banking Service Desk.
2. The Open Banking Service Desk will acknowledge the receipt of any request from a
Participant to withdraw from the Central Register within 7 business days.
3. Voluntary API Provider removal from the Open Banking Register must be after a
minimum term of 20 business days from the receipt of the withdrawal request and
published on the Open Banking website.
7.5.3 API Users
1. If the API User has registered then Open Banking would be able to withdraw them
upon a request to be de-registered, allowing 20 business days to complete the request.
7.5.4 Retention of Records
1. Where a Participant is withdrawn from the Open Banking Register, the retention
period for records will be for 6 years for audit purposes unless subject to statutory or
regulatory change.
7.6. Suspension and Exclusion Service Levels
7.6.1 Suspension
1. Suspended Participants who are Mandatory API Providers must continue to be active on
the Open Banking Register for the provision of ‘open data’. Open Banking would seek
counsel from the relevant Regulator, e.g. CMA or FCA.
2. A participant can be suspended if they are both a Provider and a User, but could also be
suspended for one participant role and not necessary for the other role.
3. Open Banking has the authority to suspend any Voluntary API Provider or API User and
revoke the Open Banking Licence from the Open Banking Register with immediate
effect if found in breach of OBS Rules and Guidelines.
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 11
• The suspended Participant will have the right to employ the ‘Third Party
Determination’ to resolve a dispute.
4. Participants who are marked as Suspended must receive guidance and a plan for
remedial action to be taken by the OBS Head of Operational Governance up to 10
business days from the day suspension is invoked.
5. A Voluntary API Provider or API User will be reinstated at the end of a suspension period
to full participation, unless the Provider or User has not implemented a remedy, in
which case they will be excluded from participating in Open Banking.
6. Where the OBS decision is a recommendation for Exclusion, it must be communicated
to the participant as soon as the determination occurs.
7. Open Banking will hold the right to add any Suspended Entity Brand, API set or API User
linked to a website to a Suspended list for publication onto the Open Banking website
within 1 full business day of the suspension being invoked by Open Banking.
7.6.2 Exclusion
1. If a Voluntary API Provider or an API User has committed a material breach of the
Participation standards and/or conditions and, if such breach is capable of remedy, the
User will be excluded if they fail to remedy the breach condition within 5 business days
of receipt of notice of the breach.
2. Excluded participants must be flagged on the Open Banking Register with immediate
effect. The CMA9 cannot be excluded, in which case Open Banking would seek counsel
from the relevant Regulator, e.g. CMA or FCA.
3. Where the excluded Participant is a Voluntary API Provider or API User, then they must
be removed from the OBS Website for API Provider endpoints with immediate effect.
4. Any Participants with Excluded status will be notified to all other Participants of the OBS
within 1 full business day of the exclusion being in place.
5. Notification will be by publication on the Open Banking website and by email to the
participant Points of Contact on the Open Banking Register.
6. When a complainant is not satisfied by the determination of their exclusion, they will
have the right to employ the services of ‘Third Party Determination’ to resolve a dispute.
7. Open Banking will hold the right to add any Excluded Entity Brand, API set or API User
linked to a website to an Excluded list for publication onto the Open Banking website
within immediately of the exclusion being invoked by Open Banking.
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 12
7.7. Disputes Service Levels
The Dispute Resolution Procedure forms part of the Participation conditions and will apply to all registered Participants.
7.7.1 Outline of Procedure
The parties to a dispute will make an effort to resolve a dispute as follows:
1. In the first instance Participants will use their best endeavours to resolve any dispute
between themselves regarding open data.
2. Escalation of Dispute - Where disputing parties fail to resolve any dispute between
themselves, either Participant can escalate the dispute by referral to the Open Banking
Service Desk to invoke an assessment by the OBS Head of Operational Governance on a
case by case basis
3. Third Party Determination - If the Head of Operational Governance cannot make a
determination, the dispute can be referred to a third party for determination.
7.7.2 Escalation of Dispute
1. Each participant will notify Open Banking in writing of contact details (by name or role)
to who disputes will be referred.
2. Any dispute will be referred to the nominated representative of each disputing party for
assessment and resolution within 10 business days from when the dispute escalation
was initiated.
3. If any dispute is not resolved by the disputed parties, the dispute will be referred to the
OBS Head of Operational Governance within 5 business days for assessment.
4. Within 5 business days of the OBS Head of Operational Governance being appointed,
each disputing party will submit a written summary to Open Banking and to each other.
5. The assessment will take place within 10 business days of the written summaries. (The
disputing parties can agree to extend these periods at any time).
6. Where a determination cannot be made by the OBS Head of Operational Governance,
the dispute can be referred for Third Party Determination.
7.7.3 Third Party Determination
1. Where a dispute is referred to a third party for determination, the disputing parties will agree a suitably qualified third party - a Referee, within in 10 business days.
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 13
2. If the appointed Referee does not accept the appointment within 2 business days, the disputing parties will agree an alternative Referee within 5 business days.
3. Within 10 business days of a Referee accepting an appointment the disputing parties will each submit a written report on the dispute. (The disputing parties can agree to extend these periods at any time).
4. The Referee is to deliver a determination within 40 business days following submission of written reports. The Referee’s determination will be final.
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 14
8. Management Information Reporting
a) Open All of the endpoints will be connected to a service dashboard which monitors
performance Service Levels and publishes a RAG status for each endpoint based on its
behaviour.
b) Open Banking will provide an API dashboard for summary information relating to API
Usage.
c) Open Banking will produce a simple report to summarise incidents raised.
d) API Providers must retain logs of completed API calls (not requests) for 6 years.
Open Banking Service Levels March 2017 for Open Data PUBLIC
© Open Banking Limited P a g e | 15
9. Appendix A - Summary of Service Levels
Service Notification Participant
to OBS
Open Banking
Acknowledge
Action by Service
Desk
Dispute Referred
Senior PoC’s
Assessment
PoC’s Refer for OBS
Assessment
PoC Submit Written
Summary to HeadofOpGov
Determination HeadofOpGov
Determination by Referee
Breach 1 1 5
Withdrawal 7 20
Suspension Immediate 10
Exclusion Immediate 1
Complaint 1 5
Dispute Escalation
10 5 5 10
Dispute - TPD
5 10 40