Open Banking allows you to share your GIB account information with Third-Party Provider (TPP), without sharing your login details. It will enable third parties, such as your financial advisor or a product comparison site, to access your data and provide you with services. It will also allow you to fetch the account information details through TPP website.
Please note that all TPP services are offered directly by the TPP under the terms you agreed with them.
Open Banking is an industry wide initiative and is being introduced by the Saudi Central Bank (SAMA). SAMA requires all banks to adopt Open Banking and to share your data with Third-Party Provider (TPP), subject to your consent. This is in an effort to give personal and business customers more control over their data and finances, as well as increase innovation and competition in the banking markets.
Open Banking aims to:
- Provide you with a greater market choice
- Give you greater control over your money and who you share your account data with
- Create better and easier access to services from a broader range of financial service providers
All banks and Third-Party Providers (TPPs) involved in Open Banking must comply with data protection laws.
TPPs will need to be registered with, or licensed by, SAMA and each TPP needs your explicit consent before they can access your account(s) through Open Banking.
You do not have to use Open Banking if you do not wish to receive the service. Your account information will not be shared with third parties unless you specifically give your consent.
To use these services in connection with your accounts you will need to securely authenticate using your online banking credentials and OTP validation. This will provide authorisation for us to deal with a Third-Party Provider (TPP).
Depending on the access requested by the TPP and granted by you, we will share data related to your account details and transactions.
You can see a list of authorised Third-Party Providers (TPPs) on the SAMA website. If you would like more information about a TPP, you can contact them directly or visit their website.
This is up to you - we will only share your data if you authorise us to share it with a Third-Party Provider (TPP).
TPPs should give you the option of sharing up to four categories of data related to your accounts. They will need explicit consent from you to access any of these four categories and they should only request the data they need for the services they are providing.
The data can be split as follows and may include:
- Account details. Account name, number and sort code, account balance and any other name associated with the account
- Regular payments. Direct Debits, standing orders and other payee agreements that you may have set up
- Account transactions. Incoming and outgoing transactions
- Account features and service benefits. The type of account you have, benefits, fees, services and interest
a. Single Use Consents: For a single-use consent, the TPP MUST set the ExpirationDateTime field up to a maximum period of 24 hours beyond the date-time of when the consent request is staged with the Bank. The Bank MUST NOT modify the ExpirationDateTime for a single-use consent (as this MAY be considered as altering the customer consent) and MUST leave it as provided by the TPP.
b. Long Lived Consents: For a long-lived consent, the TPP MUST set the ExpirationDateTime field. This value MUST be greater than 24 hours and a maximum of 1 Year beyond the date-time when the consent request is staged with the Bank. The Bank MUST NOT modify the ExpirationDateTime for a long-lived consent.
Yes, you can choose to stop sharing your data at any time and it will be with immediate effect.
You can go back to the Third-Party Provider (TPP) that you agreed could access your data and ask them to stop accessing your accounts. This will usually be via their app or website, in accordance with their terms and conditions.
For Retail Customers, you can also contact us and ask for consent to be revoked for specific accounts and TPPs or you can revoke/manage consent though our meem application. We will notify the TPP that their access has been cancelled and this may affect the services they provide you.
Steps to revoke the consent for Corporate Customers:
Step 1: Login to eBanking portal and navigate to "Open Banking" menu
Step 2: The customer will be presented with a screen displaying a list of historical "Active" and "Inactive" consents they have granted to TPPs in the past.
Step 3: To revoke any existing "Active" consent, the customer must select the respective consent and click the "Revoke" button.
Step 4: A pop-up will appear on the screen, asking the customer to confirm their decision by clicking the "Revoke Access" button.
Step 5: Once the customer confirms the revocation, the TPP will no longer have access to their data.
No, you will not be opted in automatically.
To take advantage of services provided by Third-Party Providers (TPPs), you will need to provide your consent to a regulated TPP. But, if you do not provide your consent or do not authenticate with us, your data will not be shared.
If you would like to use Open Banking with GIB account, you will need to be registered for online banking.