Consumers will no longer need to re-authenticate authorizations with account management payment service providers every 90 days if they access account information through a third-party provider.
Image Source: Photo by Gareth Willey from Pexels
The UK’s financial regulator, the Financial Conduct Authority, is seeking to remove a key open banking rule requiring users to re-authenticate access to accounts receivable every 90 days.
While the growth of open banking in the UK has been well documented, many industry insiders have long said that the ‘Rule of 90’, which aims to maintain and protect user permissions, has been a drag on adoption of open banking. This is due to the added friction for users who have to reapply permissions.
The â90 dayâ rule came into effect in 2018. Aggregation apps were instantly forced to send their customers to re-authenticate with each bank every 90 days. The impact was immediate and negative for adoption due to the added inconvenience.
Drop-out rates (when customers decided to stop using open banking) were over 50%, affecting even the most engaged consumers.
The new rules come after an ongoing FCA consultation with the open banking sector. From March 26, 2022, banks will only be able to authenticate for the first access request from an account information service provider.
Jason O’Shaughnessy, Head of International Affairs at Envestnet Yodlee, says changing the 90-day reauthorization rule is a big step for the industry.
âThis means that applications that provide personal finance management and financial advice solutions will no longer require the end user to reconnect every 90 days. This is now managed and controlled by the third party vendor. This alleviates the burden on the end user, while limiting the risk that the end user potentially loses financial savings or stays up to date with their finances.
Jack Wilson, head of public policy at open banking provider TrueLayer, also welcomes the news.
âAlthough the 90-day rule was introduced with good intentions, it caused significant problems for open banking. Now, customers will no longer need to go through the steps of sharing credentials with each of their connected banks every 90 days. ”
âInstead, it will be up to AISP, like TrueLayer, to handle the sharing of customer data, asking the customer at 90-day intervals if they want data sharing to continue. This balances continued access with the important right for consumers to withdraw consent at any time. “
Kat Cloud, UK policy manager at open banking provider Plaid, says FCA’s response to its consultation on 90-day reauthentication in open banking is likely to be a boon to greater adoption.
âWhat may seem like a minute, the technical change will have a profound impact on Open Banking in the UK. This change will lead to a more transparent experience for consumers, improve their ability to control their data and crucially democratize the way providers use data on behalf of consumers, âshe said.
Right now, the current rules are causing too much âfriction in the system,â she says.
âCurrently, open bank connections are automatically terminated after 90 days, and the hassle of re-authenticating them individually with vendors leads to frustration and high levels of customer attrition. The simple step of allowing third-party providers to collect consumer consent every 90 days removes much of this friction. As a result, it will be easier to perform daily financial tasks online, from expense tracking to digital payments. “
âThe FCA has listened carefully to the industry and its positive response will drive innovation in our industry and improve consumer outcomes. “
Kevin Sefton, CEO of Tax Enforcement Untied, says it’s important to distinguish between one-time uses of account information such as loan approval, and those that need to be ongoing, i.e. say for accounting, tax and similar purposes.
âFor these accounting and tax use cases, the software is expected to maintain a continuous record of transactions. They are also those who have used open banking the most. We have seen that our users have been confused by the need to resign themselves regularly and by the complexity of this management through several applications and their banks. The new arrangements will mean that confirmation of active connection can be managed in the software they trust to manage their finances. It is a welcome step.
You can read full changes here.