Open Banking Working Group (OBWG) Terms of Reference

September 2015

Note: These Terms of Reference serve as the starting point for the work of the OBWG; the
nature and scope of the work will evolve over time and this will be tracked via updates from the
OBWG, which will be posted throughout the course of its work.

1 ROLE

The objectives of the OBWG are to:

Deliver a framework for the design of an open API standard in UK banking
focussing on personal and business current accounts;
Evaluate how increased levels of open data in banking can benefit consumers,
businesses and society; and
Publish recommendations in a paper by end of 2015 outlining how an open API
standard can be designed, delivered and administered, alongside a timetable
and implementation roadmap for achieving this.
Recommendations produced will:
Define key terminology and areas of investigation
Address key issues around customer usability and trust, security of data, liability
and governance of the open API standard;
Inform the development of business, legal and technical policies required to
develop the open API standard alongside governance and protocols; and
Actively consider the consequences of parallel and concurrent regulatory
initiatives such as the Payment Services Directive (PSD2) and aligning and
sharing as far as possible where practicable - and where in the interests of UK
consumers, businesses and society.
The OBWG will seek to be as transparent and open as possible in its work, and invite
views from a wide spectrum of stakeholders.

2 COMPOSITION

Members of the OBWG will act as a representative of their industry and not of their
individual company or body.
The OBWG will be made up of a wide range of subject matter experts representing a
cross section of private and public players with a unique contribution to ensuring that the
framework is designed effectively for the benefit of society, including those with
experience in the design of standards and common technical parameters to be used by
multiple parties; consumer groups and representatives of the payments industry; and
key regulatory bodies.
The Working Group, in particular its Steering Committee, will be co-chaired by Gavin
Starks (CEO of the Open Data Institute) and Matt Hammerstein (Managing Director,
Barclays), who were instructed by the Economic Secretary to the Treasury.
The OBWG will be comprised of a Steering Committee and a series of subsidiary groups
that will develop recommendations against specific streams of enquiry; the members of
the Steering Committee are included as Appendix 1. The chairs and members of the
subsidiary groups have not yet been finalised but will be published when they have
been.

Government (Her Majesty's Treasury - HMT) will play a key role in the Working Group,
acting as a facilitator and an observer; HMT will be the lead department as the
department responsible for the policy, supported by the Cabinet Office.
The Working Group will be actively supported by key Trade Associations (the British
Bankers' Association; Payments UK; Innovate Finance - the Associations); the
Associations will work with their members to ensure support and agreement to
recommendations made by the Working Group is obtained in parallel to their being
produced with the aim of allowing the Government to accelerate implementation of the
agreed recommendations.
Government (HMT) will sit on the Steering Committee, acting as a facilitator and an
observer, and the Working Group has the full support from the Economic Secretary to
the Treasury (EST), as set out in the EST's letter http://goo.gl/cJF87k endorsing the coChairs.

3 VISION, MISSION AND VALUES

Vision: Unlock the potential of open banking in the UK to improve efficiency and
stimulate innovation.
Mission: Create a clear, impactful and detailed framework report that enables
government, banks, businesses, consumers and 3rd party developers to understand the
potential of open banking, and the next steps to implementation.
Values:
Open. We will...
i.
share our views and plans, and share knowledge as widely as possible;
ii.
solicit and listen to views from end users and stakeholders; and
iii.
make our outputs available publically.
Expert. We will...
i.
bring our expertise to the discussion as individuals;
ii.
use our expertise to synthesise the views of others in constructive and
forward-thinking proposals; and
iii.
use good judgement to respect privacy and confidentiality.
Collaborative. We will...
i.
support each other in discussion, in decisions, and in delivery;
ii.
constructively hold each other to account on our commitments; and
iii.
ensure all voices are heard and considered carefully.

4 INITIAL SCOPE OF WORK

1. Define the scope of data to be covered by the open API standard and open data;
2. Define the scope of the open API standard, especially the appropriate technical
standards and protocols to facilitate effective access to and sharing of information;
3. Define who will be responsible for complying with the open API standard (recognising
the interests of and applicability to a range of stakeholders);
4. Determine the implications of concurrent work in the UK and beyond (especially PSD2);

5. Define the 'rules' on data access and permissions to ensure those accord with data
protection rules and other regulatory and legislative obligations (including PSD2);
6. Define the security parameters and framework around data release, permissions and
use, especially the vetting process and procedure for 3rd party access;
7. Determine the framework of operating governance going forward and the maintenance
process to manage change;
8. Outline the education and delivery options for consumers, businesses and society;
9. Consider whether more open data in banking could benefit consumers and, if so, what
open data and how it could be published and/or used; and
10. Publish a paper by the end of 2015 setting out a framework for the open API standard,
including explaining how it could be designed, delivered and administered, with a
timetable for achieving this and business case.
5 SUBSIDIARY GROUPS
The Steering Committee will guide the creation of the required framework through a set of
subsidiary groups. The list below is the basis on which the work will start; it may evolve over
time. In addition to its defined parameters, each subgroup will consider the any relevant tradeoffs between costs and benefits for the various solutions that could be developed for their
questions to feed into the overall business case of the final recommendations.
1. User Reference Group: This subgroup will set up and administer user reference groups
of end users (consumers, businesses and developers) to ensure alignment with their
needs/ thoughts. It will consider the education needs of different stakeholders. Other
users groups may be formed as the work evolves.
2. Regulation and Legal: This subgroup will build a picture of the regulatory and legal
environment in which the framework will need to operate, including activities / reviews /
consultations currently underway. In particular, this group will identify potential regulatory
/ legal issues and propose possible measures to address any relevant issues, as well as
review considerations regarding liability for data breaches whether systemic or
idiosyncratic, especially considerations regarding who the custodian of any shared data
is deemed to be.
3. Governance: This subgroup will suggest an approach for the governance of open API
standards, including: how the standardisation process is best taken forward; the scope
of who should adopt / use the standard; the vetting process for those who have access
to account information and who runs this; and the process for managing change. This
will including considerations regarding policing those who are given access to the data
(e.g., rights of audit, rights to withdraw access). This subgroup will also consider liability
for data breaches and any interaction with the regulation and legal subgroup.
Consideration will also be given as to how customers decide with whom they would like
to share their data and how this is most effectively achieved.

4. Data: This subgroup will determine the scope of the data to be included initially within
the open API standard and open data standard and why. It will also take a view on what
harmonisation work may be required to ensure usability and the product roadmap of
how data sets might be made available. This will also include review of common
terminology, templates and descriptors to ensure ease of understanding and use.
5. Security and Authentication: This subgroup will explore the security firewalls,
protocols and authentication requirements around the development of the framework for
the API, including read / write access protocols, how access authentication will work in
real-time (in conjunction with the Governance subgroup). It will also explore security
rules and processes that need to be met, product delivery and customer usability.
6. Standards and Technical Design: This subgroup will focus on the necessary
standards development process and what is required for a fully functional open API
standard. It will focus on the technical and architectural design of the open API standard.
It will take into consideration existing and emerging international API standards and will
seek to be aligned as much as possible with these. It will work closely with the Data and
Security and Authentication subgroups, in particular, to ensure that the necessary
functionality is catered for within the technical design and the standard is fit for purpose.
6 GOVERNANCE

The Steering Committee will be responsible for agreeing the final recommendations;
capturing those in its report; and submitting that report to HMT.
In the event that the Steering Committee cannot agree on any particular part of its work,
the co-Chairs will ensure that the OBWG is able to deliver on its commitments.
The subsidiary groups will make recommendations to the Steering Committee within the
scope of their individual remits.
The Steering Committee and subsidiary groups will be supported by a secretariat
function coordinated by Ernst and Young and including the Associations.

7 APPENDIX 1 - STEERING COMMITTEE MEMBERS

Gavin Starks (co-Chair), CEO, Open Data Institute

Matt Hammerstein (co-Chair), Managing Director, Barclays
Imran Gulamhuseinwala, Partner, EY
Matt Stroud, Head of Personal Data & Trust, Digital Catapult
Christophe Chazot, Managing Director, Group Head of Innovation, HSBC
Patrick Mang, Director, Lead for Innovation Strategy, HSBC
Claire Calmejane, Innovation Director, Lloyds Banking Group
Andy Maciver, Director, Financial Data and Technology Association
Nick Middleton, Head of Payments Strategy, Nationwide Building Society
Kate Frankish, Head of Payments Strategy and Authorisations, Tesco Bank
John MacLeod, Head of Strategy Development, SME Markets, Santander UK
Chris Taggart, CEO, OpenCorporates
Guy Levin, Executive Director, Coadec
Paul Hollands, Head of Data and Analytics, Commercial and Private Banking, RBS