Bahrain Open Banking Framework

The Central Bank of Bahrain (CBB)

Bahrain

Banking

Open Banking

• Account Information
• Payment Information

The API specifications are built with extensibility in mind, enabling future enhancements to capabilities and functionality.

The Bahrain OBF aligns with PSD2 guidelines and additionally references the UK OBIE API specification framework. The intellectual property rights for these guidelines are owned by OBIE, UK, and their use is subject to the limitations defined by OBIE.

Current Accounts

JSON | RESTful

Regulated

Access to payment initiation services and account information is enabled through APIs that connect to customer accounts managed by licensed institutions.

The Bahrain OBF API specifications reference the UK OBIE API specification guidelines, whose intellectual property rights are owned by OBIE and are subject to the usage restrictions defined by OBIE.

Mandated

Bahrain is the first country in the world to include Islamic banking licenses within its framework.

The framework is primarily built on global ISO standards, along with the specifications and guidelines developed by the Open Banking Implementation Entity (OBIE) in the U.K., Australia’s Open Banking standards, and the EU’s Payment Services Directive (PSD2). These have been adapted to fit Bahrain’s local practices and terminology.

Banks are required to share generic product information for all major retail banking products and services without charging any fees.

Beyond these core services, AISPs and PISPs may offer additional value-added services, for which they can establish separate agreements with customers. Accordingly, some accredited third-party providers may choose to charge for certain products, solutions, or customized services.

Certificates | Registry

CIBA | OAuth | FAPI1 | OIDC

Access to the Open Banking API is secured using the Open ID Foundation’s Financial Grade API (FAPI) Profile.

Access also requires customers (Payment Service Users or PSUs) to undergo Strong Customer Authentication (SCA) as part of OpenID Connect authorisation flows.

The API currently supports app->web, mobile-web->web, web->web authentication flows.

More about security.

App to App Redirect | Browser Redirect | Decoupled

Consent Management – Bahrain OBF – Confluence (atlassian.net)

“AISPs must provide users/customers with a facility to view and revoke on-going consents that they have given to that AISP. They may have consented to share data from several ASPSPs with a single AISP.”

Bulk Payments | Single Domestic Payments | Single International Payments | Future Dated Payments

Operational Guidelines | API Specifications

Accounts | Balances | Direct Debits | Parties or Contacts | Standing Orders | Transactions | Statements | Other

https://bahrainob.atlassian.net/wiki/spaces/BH/overview

https://github.com/Central-Bank-of-Bahrain/Bahrain-OBF

https://cbben.thomsonreuters.com/rulebook/ob-open-banking-module

The Central Bank of Bahrain (CBB) introduced Open Banking regulations in December 2018, mandating all retail banks in the Kingdom to adopt the framework. While most banks and third-party providers made progress toward meeting the June 2019 implementation deadline, the CBB recognized the need for greater consistency across the industry to drive wider adoption. To achieve this, the CBB, in collaboration with industry stakeholders, developed the Bahrain Open Banking Framework (Bahrain OBF), comprising comprehensive standards and guidelines.

Launched in October 2020, the Bahrain OBF provides a holistic approach by outlining Open Banking regulations, implementation guidelines, technical standards for Open API platforms, security and data privacy requirements, and an overarching governance structure.

Security Profile | Operational

The list of CBB licensees who have provided self-declarations to CBB stating that they have completed their implementation tasks and are fully compliant with Bahrain OBF v.1.0.0 (Phase 1).

Governed by the Central Bank of Bahrain (CBB), which operates under the governance of a Board comprising seven Directors, each appointed by Royal Decree for a renewable term of four years. The Governor, who holds ministerial rank, oversees the day-to-day management of the CBB and reports directly to the Board. This position is also appointed by Royal Decree for a renewable five-year term and may be supported by one or more Deputy Governors.

The Governor’s duties include submitting a report to the Board within three months after the end of each fiscal year, detailing the Bank’s operations, audited financial statements, and the external auditor’s opinion. Additionally, the CBB is required to provide both financial and operational reports to the Board and the Ministry of Finance. Effective internal governance is ensured through a structured system of internal committees, clearly documented policies and procedures, as well as internal audit and quality assurance functions.

PDPL (Personal Data Protection Law)

CBB (Central Bank of Bahrain) Law

The CBB Rulebook