What is Open Banking?
Open Banking is the standardised legislation that allows all of us to take control of our own financial data. We can choose to share our banking information with trusted third-parties to get the financial products and services we want faster, cheaper and more easily than we do today.
What’s the background to Open Banking?
Way back in 2013 The Competitions and Markets Authority (CMA) started a review of the current UK retail banking industry.
Incredibly it took a 3 year-long review before the CMA published a report in August 2016 that unsurprisingly found that the financial services industry lacks innovation and more importantly, competition. The CMA found that smaller financial technology (Fintech) companies are unable to penetrate the banking market as it’s dominated by the big name banks.
Because of this review, the CMA and the Government ordered the largest 9 UK banks, named the CMA9, to start creating Open Banking API’s that allow the passing of data from one party to another securely.
The deadline for delivery of the APIs from the CMA9 was January 13th, 2018.
What is PSD2?
PSD2 is a directive from the European Union, which sets requirements for banks and businesses in the financial services sector to improve consumer protection, make payments safer and more secure, and drive down the costs of payments services.
What is an API?
API stands for application programming interface. In short, an API transfers data securely from one party to another.
How do Open Banking APIs work?
An Open Banking API, securely transfers data from a person or businesses bank account, to an authorised and regulated third-party provider.
Who can access the Open Banking APIs?
Each participating bank will create their own Open Banking API. Trusted and authorised third parties approved by the banks and the financial regulator, the Financial Conduct Authority, can then, with the data holders permission, access specific data from their bank.
What are Third Party Providers
Third Party Providers (TPPs) is a term used to refer to any regulated and authorised business that provides a product or service using the Open Banking APIs.
What regulations are in place to protect my data from unauthorised Third Party Providers?
All TPPs have to be FCA regulated and listed in the Open Banking directory to use Open Banking APIs.
The information transferred is encrypted and your information always remains anonymous.
But you should always be aware of fraudulent businesses that use various techniques to gain access to bank accounts. To ensure that you’re using an authorised TPP check that they’re regulated by the FCA and listed in the Open Banking register.
Also make sure that when you get redirected to your online banking to sign in to your account, that you’re definitely on your banks website and that it is a secure URL. A secure URL begins with ‘https’ and has a padlock.
What should I check before using a TPP with an Open Banking connection?
There are three things that you should always check before giving a TPP your permission to access your financial data.
What do the FCA regulate?
Any third party provider that is authorised by the FCA to use Open Banking connections have had their business plan, risks, budgets, resources, systems, controls and staff independently reviewed. The FCA hold all financial businesses in the UK to the same standards.
What does AISP mean?
AISP means Account Information Service Provider. This means that the business has been granted permission to request consent from people and businesses to connect to their bank account and use their account information to provide a service. This access is read-only, meaning the TPP cannot move any money or make any transactions on the behalf of the consumer.
What does PISP mean?
PISP means Payment Initiation Service Provider. This means that the business has been granted permission to request consent from a consumer to connect to their bank account and initiate payments or transfers on their behalf.
Is Open Banking safe?
Open Banking is highly secure. Not only does it all exist within the banks established and highly secure technology platform, the APIs themselves allow for a highly secure transfer of data. You need to authorise the connection between the two parties, which means neither party needs to see your full security credentials and you always stay in control of the data you share, with who and when.
How do I give permission for a TPP to access my data?
When you sign up to a service or app that uses Open Banking, you’ll be taken through a consent journey where you’ll be presented with all the information that the TPP needs access to, to enable them to provide their service.
If you’re happy with the information presented then you’ll be redirected to your bank, where you’ll be presented with the same information again and asked by your bank for your final consent.
How do I remove permission for a TPP?
You can see every TPP connected to your bank account from within your online banking. From here you can also remove access to any TPP.
You could also cancel your account directly with the TPP and they would remove the connection for you.
Can I ‘Opt-out’ of Open Banking?
Your bank account is not available by default. You control whether anybody can access your bank account, so there is no need to opt-out. If you don’t want to share your bank account information, simply don’t consent to any of the services or tools that use it.
Way back in 2013 The Competition and Markets Authority (CMA) started a review of the UK retail banking industry and financial...
9 UK based banks were ordered to create Open Banking APIs. These participating banks are referred to as the CMA9.
Open Banking is very secure - as secure as your online banking. The Open Banking API endpoints have been built by the banks...
The information that you choose to share through Open Banking will vary depending on the service that you want to receive.
Your online banking is the only place where you can control who has permission to see your bank account and for what purpose.
To be fully authorised through PSD2 to use the Open Banking APIs businesses have to be registered as either an AISP or PISP.
All your questions answered in our quick fire Open Banking FAQs.