Save content
Have you found this content useful? Use the button above to save it to your profile.
FCA relaxes rules requiring users to re-authorise Open Banking access every three months
iStock_Online security_PhonlamaiPhoto

Open Banking: 90-day authorisation rule relaxed


Armalytix CEO Richard McCall offers an update of proposed changes to Open Banking protocols and explains what they will mean for accountants.

15th Dec 2021
Save content
Have you found this content useful? Use the button above to save it to your profile.

Many accountants will already be familiar with Open Banking. Whether you’re embracing the new opportunities it brings or are largely indifferent, it certainly continues to impact the accounting world. Open Banking in the UK is overseen by the Financial Conduct Authority (FCA), which recently announced changes that may soon affect you. They are worth paying attention to, particularly with MTD on the horizon.

A bit of background

The second European Payment Services directive (PSD2) was adopted a few years ago and introduced requirements and safeguards around payments and other services in the face of growing technology. Following this, the Competition and Markets Authority (CMA) decided that UK high street banks were making it too difficult for customers to get hold of their bank information and thus preventing competition for financial products.

The CMA issued a ruling requiring the nine biggest banks to provide access to that data and from that Open Banking was born – a framework for licensed companies to securely access customers’ bank data with their permission.

One of the key requirements of PSD2 is that customers who have given their consent for a third-party provider (TPP) to access their data must reconfirm that consent every 90 days with every bank. The reason for this is fairly simple and well-intentioned – to stop customers forgetting that they gave a company ongoing access to their data.

A blunt tool

Unfortunately, like many of the bits of financial regulation over the years, the 90-day rule is a bit of a blunt tool – missing many of the nuances in the problems it is trying to solve. In most cases where Open Banking is useful, bank feeds into accounting software being the obvious one, customers explicitly want the access to be ongoing. Making them go back to every bank every three months is often more bother than they are willing to tolerate, meaning feeds get cut and the benefits that Open Banking aimed to provide are lost.

Enter the FCA

The FCA conducted consulted extensively with the payments industry to understand these and other problems, and last month issued policy statement PS21/19, to be implemented in March 2022, which confirmed the following (among many other things):

  • Banks will no longer be responsible for managing ongoing consents – instead TPPs will be able to centrally manage their customers’ consents across multiple banks
  • Where a customer fails to reconfirm their consent after 90 days, TPPs must stop accessing the customer’s account information, however access may re-start when the customer subsequently reconfirms their consent with the TPP; and
  • Individuals are allowed to delegate consent to access to their account information to a third party such as an accountant, who may reconfirm consent on their behalf.

What does this mean for you?

Essentially, it should mean an end to the issues that prevent your clients from making the most of Open Banking. Firstly, instead of having to go to each of their banks every 90 days, your clients will be able to reconfirm once with their software provider that they are happy for them to continue to access their bank data.

More importantly though, the FCA has opened up the ability for your clients to delegate their authority to perform that reconfirmation to a third party, and specifically used accountants as the example use case.

The response from AccountingWEB members was favourable. “About time, it was a complete pain to reauthorise every bank every quarter!” commented williams lester accountants in Any Answers.

So, from March next year we should expect providers of accounting software to make it possible for clients to approve their accountants handling the 90-day authorisation process on their behalf, and to do it centrally across all their accounts. No more 90-day consent problems for them, and no more chasing them to do anything for you.

It remains to be seen how the accounting software providers will handle this, and of course the big unknown is how the banks will react to this and make whatever changes they need to by March 2022. But that’s another story that we can come back to in the future…

Replies (3)

Please login or register to join the discussion.

By Charlie Carne
16th Dec 2021 12:11

This is excellent news, though I hope that the new rules will fully prevent the banks from imposing their own obstacles to allowing TPP's to have full control of ongoing access. As use of bank feeds spreads, more companies (not just for bookkeeping) will offer amalgamated services that show all sorts of information (especially for individuals, rather than companies) and this worries the major banks as they will lose control of the customer and the ability to sell them more services. If there are any loopholes in the new rules that allow banks to force their users to go back to the bank on a regular basis, we need to call that out and publicly shame those banks into complying with the spirit of the new rules.

Thanks (1)
By SE_Confused
12th Jan 2022 13:52

Great news if they delegate access to us
i am fed up with clients messing up the bank connections in cloud packages

Thanks (0)
By rmillaree
25th Apr 2022 15:44

I see that march has been and gone with no progress - hey ho.

Thanks (0)