In Decision 182, the Data Standards Chair approved four recommendations. This Future Plan item covers Recommendation 1 and the targeted consultation to migrate the Data Standards to FAPI 1.0.
The Consumer Data Standards Information Security profile currently leverages Financial-Grade API (FAPI) Implementer's Draft v06 (ID2 Draft 06). Since the finalisation of version 1.0 of the Consumer Data Standards, the FAPI 1.0 standards have also been finalised. This has introduced a small set of significant changes that impact existing implementations.
This recommendation is considered a mandatory transition state to the other recommendations including FAPI 2.0 adoption. It is recommended that FAPI 1.0 profile adoption should be prioritised before Energy obligations. This ensures alignment across the banking and energy sectors on a common Information Security profile.
Adoption should be in line with the requirements of the CDR and any appropriate security controls currently defined.
The benefit of aligning all sectors to FAPI 1.0 within the implementation timeframes of the energy sector will allow the energy sector to define to a stable benchmark with strong vendor support.
Key Future Directions Recommendations
Recommendation 8.9 – Using open international standards where available
Recommendation 8.10 – When diverging from open international standards
Problem Statement
In Decision 182, the Data Standards Chair approved four recommendations. This Future Plan item covers Recommendation 1 and the targeted consultation to migrate the Data Standards to FAPI 1.0.
The Consumer Data Standards Information Security profile currently leverages Financial-Grade API (FAPI) Implementer's Draft v06 (ID2 Draft 06). Since the finalisation of version 1.0 of the Consumer Data Standards, the FAPI 1.0 standards have also been finalised. This has introduced a small set of significant changes that impact existing implementations.
This recommendation is considered a mandatory transition state to the other recommendations including FAPI 2.0 adoption. It is recommended that FAPI 1.0 profile adoption should be prioritised before Energy obligations. This ensures alignment across the banking and energy sectors on a common Information Security profile.
Adoption should be in line with the requirements of the CDR and any appropriate security controls currently defined.
The benefit of aligning all sectors to FAPI 1.0 within the implementation timeframes of the energy sector will allow the energy sector to define to a stable benchmark with strong vendor support.
Key Future Directions Recommendations