The regulations governing data sharing in open banking in the UK have been changed by the Financial Conduct Authority. The changes will reduce friction for consumers, by getting rid of the requirement for consumers to ‘re-authenticate’ with their bank every 90 days.
What are the changes?
At present, in order for a consumer to share their account data with an account information service provider (AISP), the consumer provides consent to their account information service provider (AISP), and is redirected to their bank to ‘authenticate’ access to the data. If the data sharing is ongoing, meaning the AIS has continued access, the consumer has to be sent to their bank every 90 days to ‘re-authenticate’ access to the data.
The FCA’s changes mean that the consumer no longer has to ‘re-authenticate’ access with their bank every 90 days. Instead, the AISP will be responsible for obtaining re-confirmation of consent from the consumer every 90 days, in order for data sharing to continue.
This is a positive change. Users will experience less friction while retaining ultimate control over how they share their data.
What happens next?
Banks must make changes to enable reconfirmation of consent. Currently, they’re expected to enable this feature by March 26th, but they won’t all turn it on at the same time so we expect a staggered rollout across UK banks.
You will be required to change your TrueLayer integration because of the changes. We will provide you with more details and technical guides on this change once the banks have finalised their designs.
What is TrueLayer doing?
We are currently in talks with the OBIE, banks, the regulator and broader payments community to:
- Ensure that we agree on user journeys that maximise user experience
- Understand what the new regulation means exactly in terms of the responsibility of each party and timelines for implementation
- Get clarity on when banks will be ready to support new consent flows
- Understand the requirements so that we can scope out and design a solution that works best for our clients and their consumers
What do you need to do?
At present, nothing. We will be in touch with all our Data clients once we have more to share on bank readiness, timelines and updates to your integration.