Save content
Have you found this content useful? Use the button above to save it to your profile.
digital rendering of a bank vault

Open Banking authentication changes: a bumpy start but a brighter future for accountants


While the relaxation of Open Banking authorisation rules will help accountants provide long-term efficiency gains for their clients, patchy bank implementation means they should manage their expectations about when to expect the changes.

9th Feb 2022
Save content
Have you found this content useful? Use the button above to save it to your profile.

In my last piece, I explored the forthcoming relaxation to the 90-day bank authorisation rule, set to be introduced from March 2022.

While the announcement is a positive step, it is unclear when banks will make the necessary adjustments as the timeline of changes is likely to differ across banking providers. 

Despite this, accountants should still welcome these changes, as having the authority to consent to data flowing will remove bottlenecks from account filings and overcome security issues from sharing logins. 

Patchy roll out 

If we go back to the beginning in January 2018, when Open Banking was first mandated for the CMA 9 banks, many readers will recall that several providers delayed their APIs being ready in time. Barclays, Bank of Ireland, RBS and HSBC, among others, were given an extra six weeks to prepare. Additionally, Cater Allen (owned by Santander) missed the deadline by a year, due to needing to rebuild their IT systems.

We will likely see the relaxation of the 90-day reauthentication rule being similarly patchy, so accountants should manage their expectations about when to expect these changes. The FCA guidance asks banks to make changes ‘as soon as practical’ from March 2022 but at present, there does not appear to be a hard deadline for when this must be enacted.

There are currently around 100 banks with some level of Open Banking connectivity in the UK, and we may see a more enthusiastic rollout from the non-CMA 9 challenger banks, which have incorporated Open Banking voluntarily. As many clients won’t take an interest in these changes, it may be worthwhile for accountants to monitor the different implementations by different providers. We will provide updates on this for you in the future.

In the short term, this may lead to a frustrating hybrid experience for accountants, with a mix of banks that have and have not adopted the new rules. This may make assignments confusing for accountants and their clients as it will be hard to standardise workflows related to accessing bank feeds, but while this means the changes may get off to a bumpy start the disruption will be worth it for the long-term efficiency gains.

Smoother experience

There has been no clear guidance on how changes will take place. It is possible that the Third Party Providers (TPPs), such as Armalytix, Xero and QuickBooks that connect to banks will be responsible for managing the process of delegation. If so, this will create a smoother experience for accountants allowing them to streamline their processes by not having to go back and forth between banks and their accounting software and re-entering multiple login details. 

Tasnim Mustafa, founder of Barnes & Scott, a firm specialising in tech startups, thinks this is a vast improvement on the current authentication rules.

He says: “If we’re in control and the authentication can be delegated to other team members in a secure manner this would be positive. I’d just be mindful that data wasn’t lost during the authentication taking place. If this removes the existing pain points we’d be happy.”

Changes can keep the data flowing 

Under the current authentication rules, many firms experience frustrations from delays and difficulties in client bank feeds needing to be authenticated every 90 days. These can take several days to fix, even with the help of customer support from leading accounting platforms. 

This can be a barrier to completing day-to-day bookkeeping and is particularly stressful when data is needed for time-sensitive statutory requirements such as quarterly VAT returns.

With MTD for ITSA on the horizon, accountants’ lives will be made a lot easier if banks make the changes in time.

Bobby Lane, CEO of Factotum, a practice providing businesses with a range of outsourced back-office services including accounting, says: “The planned changes will mean that we can do what Open Banking was meant to do and increase the efficient flow of information between systems without added frustrations. This will also reduce the risk of missed transactions and outdated information.” 

Overcoming security concerns

The authentication change fulfils one of the core remits of Open Banking - to provide more secure data sharing by removing the thorny issue of clients putting their accountants in a problematic situation by sharing their bank login credentials with them. 

Not all banks provide read-only access to advisers, so some smaller firms may get around this by login details being passed across to them by their clients. The relaxation should remove this issue and enhance security for all parties. 

So what does this all mean?

The end goal of the relaxation of authentication is a positive one, and the importance of data being able to flow freely will become heightened as the MTD roadmap accelerates.

The Open Banking Implementation Entity (OBIE) are soon due to open a consultation on how the planned changes will take place, and accountants should get in touch with them to provide their input.

Next time, we’ll look at what’s actually happening with the proposed authentication changes.

Replies (1)

Please login or register to join the discussion.

By Charlie Carne
10th Feb 2022 10:40

On a similar note, the roll-out of 'Confirmation of Payee' across the banks is also very patchy, with major banks like Metro refusing to comply. This service is hugely helpful but relies on suppliers and employees letting the companies that pay them know their EXACT bank account name and whether it is a business or personal bank account. I am surprised by the number of errors brought up when it transpires that a payee is unconfirmed because they don't know if their account name is 'J Smith' or 'John Smith' or 'Mr & Mrs J Smith', etc.

All banks that comply with 'Confirmation of Payee' should either send a letter or a prominent message in their app that explains to their customers how critical it is that they get the name, as well as account number and sort code, right on their invoices etc., as well as letting those customers know exactly what their account name is. As for distinguishing between whether it is a personal or business bank account, I cannot see a reason why the payer should know this and why it needs to be part of the confirmation process.

Thanks (1)