Open Ops
Overview
Open Ops is Sensedia's foundational service for institutions operating within the Open Finance and Open Insurance ecosystem. It ensures continuous compliance with the requirements of the Central Bank of Brazil (Bacen) and Susep, combining regulation, technology, and governance into a structured and stable operation.
As the standard service within the Open Services portfolio, Open Ops is included in the Sensedia product contract and represents the technical and regulatory foundation on which the other services (Service Desk Ops and Regulatory Intelligence Ops) are built.
Problem it solves: financial institutions operating in Open Finance face continuous certification cycles, regulatory change monitoring, and technical adjustments. Without a structured management model, these processes consume the capacity of internal teams, increase risk exposure, and create operational unpredictability.
Operating Model
Open Ops operates across four major fronts throughout the lifecycle of the institution's Open operation:
- Platform Setup — Initial structuring of the Sensedia environment and activation of integrations.
- Add-on and Open Module Setup — Configuration of Open Finance/Insurance-specific modules and certification engines.
- Open Finance Module Activation — Integration of the Authorization Server (AS), consent and resource APIs, and execution of mandatory certifications.
- Continuous Assisted Operation — Sustainment, monitoring, renewals, and support through new regulatory phases.
Scope Items and Deliverables
1. Platform Configuration
The setup phase covers the initial structuring of the Sensedia environment for compliant operation in the Open ecosystem. It includes:
- Sensedia API Platform Setup: gateway configuration, connection activation, and Developer Portal customization with the institution's visual identity.
- Hosts, SSL Certificates, and Registration in the Central Directory (Bacen/Susep): preparation of technical prerequisites required by the regulator to enter the ecosystem.
- Add-on Configuration: activation of contracted modules (Consent Engine, Authorization Server, certification engines) according to the purchased Add-ons.
Premise: DNS, WAF, and Data Link configuration is the client's responsibility, as it involves elements outside the Sensedia Gateway scope.
2. Certification and Recertification
Open Finance certifications are mandatory, periodic, and have regulatory deadlines. Open Ops manages the entire cycle:
- Mock preparation: creation of simulated responses for the regulator's test engines, ensuring the institution's environment passes the required validations.
- Certification test execution (engines): running OIDF (OpenID Foundation) and functional tests in the correct environments, with step-by-step monitoring.
- End-to-end management of regulatory cycles: from scheduling certifications to production deployment after approval.
- Post-certification assisted operation: support during the stabilization period after each certification.
Exclusion: the administrative management of certifications (formal acquisition and issuance with authorities) remains the client's responsibility. Open Ops covers technical execution and monitoring.
3. Regulatory Reporting Management
The Open Finance ecosystem is dynamic: new normative instructions, manual updates, and phase changes are published frequently. Open Ops actively monitors this landscape:
- Bacen and Susep regulatory communication monitoring: continuous tracking of regulatory publications relevant to the institution's operation.
- Technical impact assessment: analysis of how each regulatory change affects APIs, configurations, and Sensedia platform flows.
- Support for regulator responses: technical support in drafting responses and justifications when the regulator requests clarifications from the institution.
- New Phase version support: analysis, integrated testing, and activation support for new Open Finance phases.
4. Regulatory Reports
Visibility and governance of the operation are essential for the institution to make informed decisions. Open Ops delivers:
- Periodic Status Reports: consolidated reports with current compliance status, identified risks, upcoming certification expirations, and recommended next steps.
- Operation checkpoints: recurring meetings to align status, priorities, and actions between Sensedia and the client's team.
5. Continuous Monitoring (Assisted Operation)
After activation, Open Ops sustains the operation on an ongoing basis:
- Environment monitoring: technical health monitoring of integrations and APIs in production.
- Certificate renewal: proactive management of digital certificate expiration dates (SSL, OIDF), preventing operational interruptions.
- Recertification (Security + Functional): support through the mandatory recertification cycles required by the regulator.
- Troubleshooting: identification and support in resolving technical failures at the Sensedia platform layer.
- Integrated testing of new demands: technical validation of new integrations or changes before going to production.
Onboarding Roadmap
The Open Ops activation process follows a structured roadmap with parallel activities between Sensedia and the client:
| Phase | Sensedia Activities | Client Activities |
|---|---|---|
| Platform Setup | Sensedia API Platform setup; Connection activation; Dev Portal Look & Feel | Open Finance checklist; Hosts, SSL Certificates, Central Directory registration |
| Add-on Setup | OpenX module setup; Add-on, Certificate, and Certification Engine configuration | — |
| Open Finance Module Activation | Phase X Configurations; AS Integration; Consent and resource APIs; OIDF/Functional Certifications; Add-on configuration; Certification execution; Production deploy; Assisted operation | Journey building (UI + Backend); Deploy + Assisted operation |
| Assisted Operation | Monitoring; Certificate renewal; Recertification; Troubleshooting; Regulatory communication monitoring; Regulator response support; New phase support; Integrated testing | Continuity Service |
Strategic Value
Open Ops delivers three dimensions of value to the institution:
Regulatory Resilience
- Protection against regulatory findings
- Non-compliance risk mitigation
- Operational predictability across new cycles and phases
Operational Efficiency
- Structured governance of the Open operation
- Continuous monitoring without burdening internal teams
- More productive technology and product teams
Ecosystem Expansion
- Expanded conversion in Open journeys
- Continuous operational evolution alongside the market
- Open as a strategic asset and competitive differentiator
Expected Outcomes
- Operation always certified and up to date with the regulator
- Reduced regulatory and reputational risks
- Greater technical and operational predictability
- Reduced burden on the institution's internal teams
- Security and stability to evolve within the Open ecosystem
RACI — Open Ops
Legend: R = Responsible | A = Accountable | C = Consulted | I = Informed
Activation and Configuration
| Activity / Deliverable | Sensedia | Client | Premise / Exclusion |
|---|---|---|---|
| Module Configuration (Consent, Engine, etc.) | R/A | C | Activation of contracted Add-ons. |
| DNS, WAF, and Data Link Configuration | I | R/A | Exclusion: configurations outside the Sensedia Gateway scope. |
Technical Sustainment
| Activity / Deliverable | Sensedia | Client | Premise / Exclusion |
|---|---|---|---|
| Backend/Core Bug Sustainment and Fixes | I | R/A | Exclusion: does not include legacy system maintenance. |
| Impact validation of Backend/Core changes | C | R/A | Exclusion: does not include analysis of client legacy systems. |
| Certificate Management and Renewal | C | R/A | Exclusion: administrative certificate management (formal issuance with authorities). |
| Certification Management and Renewal | C | R/A | Exclusion: administrative certification management (formal registration). |
Regulatory Compliance
| Activity / Deliverable | Sensedia | Client | Premise / Exclusion |
|---|---|---|---|
| Analysis and Monitoring of Regulatory Communications | R/C | R | Ecosystem monitoring by Sensedia; client confirms business impact. |
| Certification Test Execution (Engines) | C | R/A | Use of Sensedia compliance tools. |
| Registration / Update in the Central Directory (Bacen/Susep) | C | R/A | Exclusion: management of the Production Directory remains with the client. |
| Regulatory API Updates on Sensedia Platform | R | I/A | Sensedia environment maintenance. |
Did this page help you?