Back Custom print Link Text Only Rich Text Print

  • GR-6.4 GR-6.4 Standards for Program Interfaces and Communication

    • GR-6.4.1

      Conventional retail bank licensees must adhere to the Operational Guidelines, Security Standards and Guidelines, Open Banking Application Program Interface (API) Specifications and Customer Journey Guidelines included in Bahrain Open Banking Framework, “BOBF” (see CBB website) for the use cases defined in the BOBF. Where licensees have arrangements to share customer account information or allow for payment initiation services with AISPs/PISPs for use cases not defined in BOBF, they must ensure that the API Specifications, Customer Journeys and Operational Guidelines are consistent with the Security Standards and Guidelines in BOBF.

      Amended: September 2024
      Amended: July 2021
      Added: April 2019

    • GR-6.4.1A

      Conventional retail bank licensees, when sharing account information or for payment initiation services related to legal persons, must agree the API Specifications, Customer Journeys and Operational Guidelines with the relevant AISP/PISP and the legal person. The arrangements in this respect must consider the rights, obligations and accountability of all parties, including, but not limited to, conditions relating to customer consents, authentication, authorisation, errors or omissions, downtime, fraud, data security and confidentiality and dispute resolution.

      Added: September 2024

    • GR-6.4.2

      Conventional retail bank licensees must ensure that compliance with standards and guidelines specified in Paragraph GR-6.4.1 is subject to independent review and tests, including testing in a test environment., by an independent consultant upon implementation.

      Amended: July 2021
      Added: April 2019

    • GR-6.4.3

      To remain technologically neutral the technical standards adopted by conventional retail bank licensees must not require a specific technology to be adopted by AISPs or PISPs. Authentication codes must be based on solutions such as generating and validating one-time passwords, digital signatures or other cryptographically underpinned validity assertions using keys and/or cryptographic material stored in the authentication elements, as long as the security requirements are fulfilled.

      Added: April 2019