The Central Bank established on 29.10.2020, by Resolution BCB nº 32, the technical requirements and operational procedures for the implementation of Open Banking.
The regulation provides that the institution(transmitter and receiver of data; account holder; payment transaction initiation service provider; or that has entered into, as a contracting party, a correspondent contract in the Country, whose object includes the activity of receiving and forwarding proposals regarding credit and leasing transactions granted by the contracting institution by electronic means) must register its participation in Open Banking, in the repository of participants by 15.01.01.2021, for mandatory participant institutions, or before the beginning of the data sharing of the Open Banking scope, for voluntary participant institutions.
Payment institutions initiating payment transactions must provide the registration within ten business days after the start of their activities. The same deadline must be met by institutions that come to be included in the cases of mandatory participation in Open Banking after 01.15.2021, counted from the date of the beginning of their inclusion.
The technical requirements and operational procedures for the implementation of Open Banking are detailed in the following manuals:
| Manual | Forecast | Normative Instruction |
| Open Banking APIs Manual | Establishes standards for the development of APIs by institutions participating in Open Banking, in particular: (i) the design of APIs; (ii) the protocols for data transmission; (iii) the format for data exchange; (iv) access controls to APIs; (v) versioning controls; (vi) the specification of the parameters regarding the unavailability of APIs, based on the minimum frequency of API availability every twenty-four hours and every three months; (vii) the specification of parameters relating to the performance of processes for requesting the sharing of data and services, based on the minimum response time for API calls; (viii) and the limits on API calls, based on minimum call traffic limits.
|
BCB Normative Instruction 34 |
| Open Banking Data and Services Scope Manual | Details the data and services to be shared within the scope of Open Banking | BCB Normative Instruction 35 |
| Manual of Services Provided by the Structure Responsible for the Governance of Open Banking | Establishes the technical requirements and operational procedures for the implementation of: (i) directory of participants; (ii) channels to support access to the directory and to forward demands to participating institutions; and (iii) Open Banking portal in Brazil.
|
BCB Normative Instruction 36 |
| Open Banking Security Manual | Details the security standards and certificates that must be observed by financial institutions and other institutions authorized to operate by the Central Bank to share data and services of the scope of Open Banking; and the technical security requirements that must be observed by institutions in APIs and systems related to the implementation of Open Banking. | BCB Normative Instruction 37 |
The Structure Responsible for the Governance of Open Banking deserves special attention.
It shall contemplate the participant directory, which shall perform: (i) the management of the registration and accesses to the directory by the participating institutions and their representatives; (ii) the management of the identity and authorization of the applications of the participating institutions (which covers the identification, authorization, and revocation of certificates used in the sharing of data and services in the scope of Open Banking) and directory information (which covers the availability of updated information of interest to participants and developers on technical standards, regulatory requirements, and other information necessary for the implementation of APIs); and (iii) the monitoring and disclosure of information on the unavailability and performance of processes requesting the sharing of data and services in the scope of Open Banking.
Furthermore, it must provide a free and uninterrupted service channel available twenty-four hours a day, seven days a week, responsible, at least, for: meeting, registering, instructing, analyzing and giving formal and proper treatment to the demands of participant institutions regarding the functioning of the directory; and forwarding to the participant institutions the demands received from clients, the public and other participants regarding Open Banking. This channel must ensure, at least: the identification of the received demand through a protocol number, which must be provided to the claimant; and the follow-up, the provision of clarifications and the sending of notifications to claimants about the received demands.
And, finally, it shall maintain in its website, to serve as the portal of Open Banking in Brazil, which makes available, in a single environment, updated information on its activities, standard of interfaces, including its versioning, and other information related to the implementation of Open Banking, organized in specific areas intended for the following publics: financial institutions and other institutions authorized to operate by the Central Bank of Brazil; developers; and citizens, as well as, maintain permanent discussion forums with experts and other parties interested in the implementation in the Country of Open Banking which are not represented in the Technical Groups constituted at this level.
The full text of all the above mentioned regulations can be consulted at the links:
BCB Normative Instruction No. 34
BCB Normative Instruction n° 36
BCB Normative Instruction n° 37
If you have any questions, our Payment team([email protected]) is at your disposal.
