Api standards for data-sharing (account aggregator)
Download 1.78 Mb. Pdf ko'rish
|
othp56
|
Restricted CGIDE – API standards for data-sharing – October 2022 11 Consent architecture with account aggregator Graph 1 There are examples of AAs in which third parties certified by central authorities carry out developments and implementations. For instance, in India there are currently three companies regulated by the Reserve Bank of India (RBI) that provide services as AAs. India’s AA ecosystem requires API schema, financial information schema conformance, compliance with security specifications and a test plan. 5 In other words, the RBI does not implement a public account aggregator platform for data-sharing. Instead it regulates, certifies and licenses third-party providers that implement the account aggregator. AA ecosystems contain the following flows: 6 (i) account discovery and linking flow; (ii) consent flow; (iii) consent handling management flow; (iv) financial institutions data flow; (v) notification flow; and (vi) monitoring flow. In South Korea the account aggregator’s base is the Korea Financial Telecommunications and Clearings Institute (KFTC). The KFTC is a unique platform provided by the Bank of Korea (BOK) and a consortium of commercial banks. It centralises all management and API calls, acts as the account aggregator and manages consent. The KFTC is also a retail payment network operator, which is not the case for the Indian AA. The following services implement transaction and query APIs for the data aggregator: 7 5 More details and account aggregator flows are available at https://sahamati.org.in/certification/. 6 Detailed list of flows and APIs are available at https://sahamati.org.in/account-aggregator-key-resources/#technical. 7 More details about KFTC: https://olc.worldbank.org/system/files/Korea%27s%20Open%20Banking_KFTC_Yunjong%20Moon.pdf. |
