Vietnam Publishes Draft Circular On Open APIs In The Banking Industry.
On July 23, 2024, the State Bank of Vietnam (SBV) published a draft circular regulating the implementation of open (publicly available) application programming interfaces, or Open APIs, in the banking industry (Draft Circular) to collect public comments. Open APIs in the banking sector are APIs of banks that allow third parties to process data for their own use or to provide products and services to customers.
Urgent need
Currently, the development of Open APIs in Vietnam is fragmented, with each bank using different API standards and security standards. There is no common standard for information technology systems, information storage, security, connectivity, or legal frameworks. Therefore, the promulgation of a regulation on Open APIs is urgently needed to create a clear legal basis and guidance for electronic banking transactions, especially in connecting to bank information systems and processing customer data safely, and creating new, innovative products and services to meet the increasing needs of customers.
Cooperation of banks required
The Draft Circular requires banks to provide Open API services to third parties for connection to the bank system and data processing. Banks have the right to refuse or suspend Open API services if third parties do not meet specified conditions. However, banks will be responsible for ensuring the quality and security of data, providing tools for customer data queries and revocation of third-party data processing rights, and coordinating with third parties and authorities to resolve issues.
The Draft Circular standardizes Open API functions for all banks according to the Open API function list and the technical standards list specified in the Draft Circular.
Open API service contract
The template Open API service contract between banks and third parties using Open API services must have certain required contents such as provisions regarding confidentiality, data use purpose, and that the security level of information systems connecting to the bank system and processing customer data via Open API must be level 3 or higher.
Open API implementation roadmap
Under the Draft Circular, commercial banks in Vietnam are required to implement Open API in a phased manner:
- Open APIs for customer information and data queries: Within 6 months from the effective date of the adopted circular.
- Open APIs for service registration and use: Within 9 months from the effective date of the adopted circular.
- Open APIs for payment order initiation and money transfer: Within 12 months from the effective date of the adopted circular.
Additionally, commercial banks must publish their Open API implementation roadmap on their information portal.
The circular is expected to be finalized and adopted within 2024. Banks will need to familiarize themselves with the Open API function list and technical standards list within the Open API implementation roadmap and prepare their information systems accordingly.
For further information, please contact:
Duong Duy Nguyen, Tilleke & Gibbins
duong.n@tilleke.com