TrueLayer passes the CTS! How did we do it?

TrueLayer is open for business after gaining active status as an open banking player.

TrueLayer has passed the final hurdle for full open banking accreditation, as our technology platform aced the Conformance Testing Suite (CTS). We passed the compulsory eight-stage process with flying colours. In every aspect of working within the CDR ecosystem we want to go over and above the minimum requirements – in this case, that meant taking on the optional ninth scenario as well. We passed that too.The CTS is part of the onboarding process and allows brand new Authorised Data Recipients (ADRs) to test their technology's compliance with the Consumer Data Standards and Consumer Data Right Register design. The testing takes place within a secure sandbox environment which doesn't expose consumer data and doesn't interfere with software products and brands that are already live.Without a clean pass mark, budding ADRs can't receive the all-important 'active' status on the Consumer Data Right Public Register.To find out more about the CTS, read our guide to becoming an ADR here.

How we did it: build quality

The trick to passing the CTS is building the best technology from the ground up which conforms to high local and global standards. The TrueLayer platform worked out of the box: we were able to pass the CTS without needing to be adjusted. Our 6+ year history as an open banking specialist in the UK and Europe enabled us to understand what the Australian ecosystem would look like, and allowed us to build quickly and correctly.The CTS itself is a straightforward process. We logged in to the CTS portal, clicked on the scenario we wanted to run, and it quickly returned our pass results. The nine scenarios are:
  • Dynamic Client Registration (DCR)
  • Once-Off Consent (Get Accounts)
  • Ongoing Consent (Get Accounts)
  • Once-Off Consent (Get Transactions)
  • Ongoing Consent (Get Transactions)
  • Revoke Consent Arrangement (DR to DH)
  • DH Initiated Revoke Consent Arrangement (DH to DR)
  • Token Revocation (DR to DH)
  • Optional: PAR Extend Consent

Financial API experience

The technical side of open banking leans on financial grade API standards. These are a complex security workflow to make sure data is encrypted and can only be accessed by the right people.An API (Application Programming Interface) is a software intermediary that lets two applications talk to each other.Financial grade API standards make integrating into the CDR ecosystem much more difficult than with a normal API, and it was our development team's deep understanding of security and financial systems that allowed us to move quickly and build accurately.One example of this level of difficulty is the concept of mutual transactional layer security. In an ordinary API environment, such as a consumer API, you only need to have a request checked by the server. But for financial APIs it's two way: the client needs to validate the server and the server has to validate me as a client. It's where two-way encryption comes into the workflow and is how consumers' financial data remains encrypted with travelling between parties.

It's helps to be global

TrueLayer's experience in the UK and Europe open banking systems was invaluable for passing the CTS. We had a global team to weigh in on thorny issues early on, while building out the technology and were able to lean on experience from locations as diverse as Hong Kong and the UK. Passing the CTS is the final step on the road to becoming an unrestricted ADR, a status that gives you access to the full power of open banking in Australia, but it can be a challenging process to get there.If becoming an ADR is the right go-to-market strategy for you, reach out to us to find out how we can help you through the process.
Background image
Background image

Ready to get started?

Talk with one of our open banking experts