Under Bahrain OBF, third party providers have both read and write access depending on the nature of service they provide.

• Read access allows the data recipient to obtain copies of customers’ financial data and use it for such activities as data aggregation (for example – AIS - account aggregations services).

• Write access allows data recipient to initiate payments on behalf of the user/customer (for example – PIS - payment initiation services).

Safety and Security of user/customer data has always been the primary focus area for Bahrain Open Banking:

• The user/customer is always in control: The user/customer can choose when, for what purpose and for how long, to give access to his/her data.

• Accreditation: Only third party providers regulated by the CBB can provide Open Banking services in Bahrain.

• Existing Bahrain Regulations: All the existing Bahrain regulations for data security, storage, dispute etc. will continue to be applicable to Open Banking services as well.

• Security: All Open Banking participants should comply with the Security Standards and Guidelines as part of the Bahrain OBF.

The principles of control, regulation and security combine to create a trusted Open Banking environment for the user/customer.

The first step is to discuss your complaint directly with AISP/PISP or an ASPSP. If you believe you are not satisfied with their response, you can contact CBB by submitting the Complaint Form available on https://www.cbb.gov.bh/complaint-form/

Only accredited third party providers and ASPSPs are allowed to offer Open Banking services in Bahrain.
Anyone who wishes to receive user/customer data to offer products or services to users/customers must be accredited with the CBB.
To become accredited, a person must apply to the CBB. The CBB will review the application and duly advise the applicant in writing when it has:

• Granted the application without conditions;

• Granted the application subject to conditions specified by the CBB; or

• Refused the application, stating the grounds on which the application has been refused and the process for appealing against that decision

The CBB may amend or revoke a license in any of the following cases:

• If the licensee fails to satisfy any of the license conditions;

• If the licensee violates the terms of the CBB Rulebook;

• If the licensee fails to start business within six months from the date of the license;

• If the licensee ceases to carry out the licensed activity in the Kingdom;

• The legitimate interests of the customers or creditors of a licensee required such amendment or cancellation

A REST resource should have a unique identifier (e.g. a primary key) that may be used to identify the resource. These unique identifiers are used to construct URLs to identify and address specific resources.

However, considering that some of the resources described in these specifications do not have a primary key in the system of record, the Id field will be optional for some resources.

An ASPSP that chooses to populate optional Id fields must ensure that the values are unique and immutable.

This flow assumes that the following Steps have been completed successfully:

• Step 1: Request Account Information

• Step 2: Setup Account Request

• Step 3: Authorise Consent Flow fails to succeed due to the USER/CUSTOMER providing invalid credentials to the ASPSP, resulting in no Authorization Code being generated.