Open Banking, Your Getaway to your Financial World

FAQs

What is Open Banking?

Open Banking is a banking practice to enable customers of financial institutions to share their financial data securely with Third Party Providers (TPPs) permitted by the Saudi Central Bank, which in turn provide new and innovative financial services and products for customers. Examples of Open Banking services are Account Aggregation, Personal Finance Management (PFM), Enterprise Financial Management (EFM), Extended Customer Attributes, E-Statement as a Service, Credit Risk Assessment, Tax Filling as a Service, and Letter of Guarantee as a Service.

Data are securely shared, and customers have a choice to consent to give access to third-party providers providing explicit and informed consent.

Who are the Third-Party Providers?
Third-Party Providers are companies permitted by the Saudi Central Bank to offer Open Banking products or services under the full supervision of the Saudi Central Bank. Examples include: Personal Finance Management providers, Enterprise Financial Management providers, etc.

What are the APIs used in Open Banking?
Technical interfaces that allow Third Party Providers (TPPs) to access and share customer financial data securely after obtaining their consent.  SAMA is leading the definition of the API standards for Open Banking APIs in order to ensure efficient and secure communication in the Open Banking Ecosystem.

What are the objectives and expected benefits of Open Banking in Saudi Arabia?

Open Banking aims to:

- Promote competition by reducing barriers to entry for new participants, which means creating new competitive opportunities in the financial sector.

- Enable innovation by enhancing opportunities to develop new products and services, as Open Banking provides the financial institutions with a better understanding of customer needs by analyzing their financial data.

- Foster financial inclusion by developing new financial products and services for specific customer segments, as well as contributing to increase financial literacy and financial awareness of the customers.

- Increase efficiency by fostering the adoption of efficient ways to manage financial information and execute transactions; additionally, new technologies may reduce the cost of innovation providing an easy way to partnering with Third-Party Providers.

What type of information can be shared?

Third Party Providers must disclose the required data, the purpose of the request and the duration of the retention of the data, which may include:

Account name, number, and account balance

Incoming and outgoing transactions, details of each transaction on your statement and your account balance after each transaction.

Are there any limitations in place on the data that can be accessed by the Third Party Providers (TPPs)? 

Data accessed by Third Party Providers (TPPs) shall be limited to the data required for TPPs to provide their services to the Service User and limited to the data that the Service User consented to have accessed by the TPP. TPPs can only store data to the extent required for them to provide their services and to comply with regulatory record retention requirements. Notably, TPPs cannot store Sensitive Data, i.e. data including personal security credentials that could be used to conduct fraudulent activities.

How will safety and security be assured to end users sharing their data?

 Open Banking services are developed following the best security standards.

- It is regulated: only TPPs registered and permitted by SAMA can provide Open Banking services and access customers’ data.

 - The customer is in control: the customer chooses to give access to his data; in fact, consent will have to be explicitly provided by customers to allow a TPP to access specific set of data for a specific purpose and it can be revoked at any time via the TPP’s mobile app or via the bank’s digital channels.