Conventional retail bank licensees, when sharing account information or for payment initiation services related to legal persons, must agree the API Specifications, Customer Journeys and Operational Guidelines with the relevant AISP/PISP and the legal person. The arrangements in this respect must consider the rights, obligations and accountability of all parties, including, but not limited to, conditions relating to customer consents, authentication, authorisation, errors or omissions, downtime, fraud, data security and confidentiality and dispute resolution.