What are the changes?
The regulations governing data sharing in open banking in the UK have been changed by the Financial Conduct Authority(FCA).
The FCA’s changes mean that the consumer no longer has to re-authenticate access with their bank every 90 days. Instead, the AISP is responsible for obtaining reconfirmation of consent from the consumer every 90 days, in order for data sharing to continue.
What is the benefit?
This is a positive change. Users experience less friction while retaining ultimate control over how they share their data.
There is no impact on your users’ existing connections as a result of implementing the change. They will only see the new process when they are next triggered to re-consent.
Does this mean re-authentication will no longer be required?
Re-authentication is still required for some scenarios:
- There are still exceptional circumstances where a bank can ask a user to go through strong customer authentication(SCA). This occurs in cases where the bank believes fraudulent data access is occurring. This is very rare.
- If your app supports connections to EU banks, re-authentication remains the only way to extend data access with these providers.
How can I implement reconfirmation of consent?
TrueLayer has built a new API called Connections, providing a single integration point that supports the full variety of user experiences for extending access to a user’s data.
We encourage customers to build their own UX/UI for reconfirmation of consent for optimal user experience. Any customers who are not a regulated AISP will need to follow .
When can I implement the new Connections API?
Now! The Connections API is available in production.
If you are not a regulated AISP
- If you chose the white-labelled option you will need to submit your designs for review to ensure they meet . You can submit your screens for review by submitting this .
- Once we approve your designs, we will enable the Connections API for you in Production
If you are a regulated AISP
- We have taken best efforts to pre-enable all regulated customers for the Connections API. However, if you are a regulated AISP and cannot now access the API in production please submit a ticket
Are all UK banks now supporting reconfirmation of consent?
Most banks support the new user experience. We estimate that by the end of October 2022, 90% of UK Retail and Business accounts will be supported. The Connections API has been designed to accommodate varied bank readiness timelines so you don’t need to wait to start taking advantage. Your users will be taken through the relevant flow(re-authentication OR reconfirmation of consent) depending on their bank and its readiness.
You can find which banks are supporting the reconfirmation of consent flow on the in the following fields:
What if I am not ready to implement?
This change is for you to opt into. If you are not ready to make the integration changes then the flow will stay the same as it is today.
Our existing re-authentication endpoint will continue to work as it does today, and you’ll still be able to create new connections in the same way you always have, either via an auth link or direct bank authentication.
Ready to get started?
- Review our
- Build your
- Submit your UX for (only if you are a not a regulated AISP)
- Go-live in production!
Stay tuned for more updates on our auth dialog release. Let us know if you have questions or feedback by submitting a to our Client Operations team.