OB-2.1 OB-2.1 Framework Contracts
Legal arrangement and transparency
OB-2.1.1
AISPs and PISPs must establish a framework contract (a legal arrangement) with the
customer prior to providing AIS or PIS services. The framework contract must provide the information set forth below that are relevant to the services they provide:(a) The following information about the service and the provider:i. the name, address and contact details of the PISP or AISP as the case may be;ii. a description of the main characteristics of the service to be provided;iii. the information or unique identifier that must be provided by thecustomer in order for a payment order to be properly initiated or executed;(b) the form and procedures for giving consent to provide account information service, the initiation of a payment order and for the withdrawal of consent;(c) provisions regarding the time of receipt of a payment order and the cut-off time, if any, established by the licensee and the maximum execution time for the payment services to be provided;(d) whether spending limits for the use of apayment instrument may be agreed;(e) the detail of all fees and charges payable by thecustomer to the PISP/AISP, including those connected to the manner in and frequency with which information is provided or made available and, where applicable, a breakdown of the amounts of any charges;(f) the means of communication agreed between the parties for the transmission of information or notifications under this Module including, where relevant, any technical requirements for thecustomer 's equipment and software for receipt of the information or notifications;(g) The terms under which thecustomer may opt out from the use of thepayment instrument ;(h) explicit consents required for generic marketing promotions by the PISP/AISP; and(i) the terms of the framework contract and information.(j) The following information about safeguards and corrective measures in compliance with PDPL:i. where relevant, a description of the steps that thecustomer is to take in order to keep safe apayment instrument and how to notify the PISP/AISP for the purposes of obligations of thecustomer in relation to loss, theft, misappropriation, unauthorised use of thepayment instruments and personalised security credentials;ii. the secure procedures, by which the PISP/AISP will contact thecustomer in the event of suspected or actual fraud or security threats;iii. the conditions under which the PISP/AISP stops or prevents the use of apayment instrument ;iv. thecustomer's liability, (payer or payee's liability for unauthorized payment transactions), including details of any limits on such liability;v. how and within what period of time thecustomer is to notify the licensee maintainingcustomer account of any unauthorised or incorrectly initiated or executed payment transaction, and liability, if any for unauthorised payment transactions falling on the licensee maintainingcustomer account for execution of unauthorised payment transactions);vi. liability, if any, in the event of initiation or execution or non-execution or defective or late execution of payment transactions;vii. liability of parties in the event of a cyber-attack and loss of sensitive data; andviii. the conditions for any refunds for payment transactions initiated by or through a payee.(k) The following information about changes to and termination of the framework contract:i. the time given to thecustomer to review and accept any proposed changes; which under no circumstances, shall be less than 10 calendar days;ii. the proposed terms under which thecustomer will be deemed to have accepted changes to the framework contract in accordance, unless they notify the service provider that they do not accept such changes before the proposed date of their entry into force;iii. the duration of the framework contract;iv. where relevant, the right of thecustomer to terminate the framework contract and any agreements relating to.(l) The following information about redress:i. any contractual clause on the law applicable to the framework contract;ii. the customer complaint procedures and the availability of alternative dispute resolution procedures for thecustomer and the methods for having access to them; andiii. the name/title and contact number of the person designated to handle any queries or complaints.Amended: July 2021
Added: December 2018OB-2.1.2
The information specified in Paragraph OB-2.1.1 must be provided to the
customer free of charge before initiation of service.Added: December 2018OB-2.1.3
(a) A framework contract may provide for the PISP to have the right to stop the use of apayment instrument on reasonable ground relating to: the security of thepayment instrument ; or(b) the suspected unauthorised or fraudulent use of thepayment instrument .Added: December 2018OB-2.1.4
AISPs and PISPs must agree the basis, the time period and the manner in which the information on its intention to stop the use of the
payment instrument will be provided to thecustomer and to the relevant licensees maintainingcustomer accounts.Added: December 2018OB-2.1.5
AISPs must allow
customers to provide consent for accessing their account information for a duration of up to 12 months.Added: July 2021OB-2.1.6
AISPs must allow their
customers to choose the nature and type of data to be collected or accessed and used by the AISP for the purpose of providing the services.Added: July 2021