By Daniel Lanyon on Tuesday 30 November 2021
Consumers will no longer need to reauthenticate permissions with Account Servicing Payment Service Providers every 90 days if accessing account information through a third-party provider.
The UK’s financial regulator the Financial Conduct Authority is looking to scrap a key open banking rule requiring users to reauthenticate access to customer accounts every 90 days.
While the growth of open banking in the UK has been well documented, many industry insiders have longed said the ‘90 rule’, which seeks to maintain and protect users’ permissions, has been a drag on the adoption of open banking. This is because of the added friction for users needing to re-apply the permissions.
The ’90-day’ rule came into force in 2018. Aggregator apps were instantly forced to send their customers to re-authenticate with each bank every 90-days. The impact was immediate and negative for adoption owing to the added inconvenience.
Drop off rates (where customers decided to stop using open banking) were above 50 per cent, affecting even the highly engaged consumers.
The new rules come after an ongoing consultation by the FCA with the open banking industry. From 26th March 2022, banks will only have authenticate for the first access request of an account information service provider.
Jason O'Shaughnessy, Head of International Business at Envestnet Yodlee, says the change to the 90-day reauthorisation rule is an important step for the industry.
“It means apps that provide personal finance management and financial advice solutions will no longer require the end user to reconnect every 90 days. This is now managed and controlled by the third-party provider. This takes the burden away from the end user, while limiting the risk of the end user potentially missing out on financial savings or keeping up to date with their finances.”
“While the ‘90-day’ rule was introduced with good intentions it was causing some significant issues for open banking-based services. Now there will be no need for customers to jump through the credential sharing hoops with each of their connected banks every 90-days.”
“Instead, it will be for the AISP, such as TrueLayer, to manage the customer’s data sharing, by asking the customer at 90-day intervals whether they wish for data sharing to continue. This strikes a balance between continued access with the important right for consumers to withdraw their consent at any point in time."
“What might seem like a minute, technical change will have a profound impact on Open Banking in the UK. This change will drive a more seamless experience for consumers, improve their ability to control their data, and crucially democratise how providers use data on consumers' behalf,” she said.
At present, current rules result in too much “friction in the system,” she says.
“Currently, open banking connections are automatically broken after 90 days, and the hassle of re-authenticating them individually with providers results in frustration and high levels of customer attrition. The simple step to allow third party providers to collect consumers’ reconsent every 90 days instead removes much of this friction. As a result, it will be easier to complete everyday financial tasks online - from tracking spending to making digital payments.”
“The FCA has listened carefully to industry, and its positive response will turbocharge innovation in our sector and improve consumer outcomes.”
Kevin Sefton, CEO of tax app Untied, says it is important to distinguish between one-off uses of account information such as approving loans, and those that need to be ongoing, ie for accounting, tax and similar purposes.
“For these accounting and tax use cases there is an expectation that the software will maintain an ongoing record of transactions. They are also those that have seen the highest use of open banking. We have seen that our users have been confused by the need to reconsent on a regular basis and the complexities of this being managed across multiple apps and their banks. The new provisions will mean that the confirmation of the connection being live can be managed in the software they're trusting to manage their finances. It's a welcome step.”
You can read the full changes here.