Open Banking, PSD2, the FCA and Us…
For most consumers in the UK, this event seemed rather inconsequential. However, for the future of banking, this is a monumental step in innovation, better services and products, and more choice.
Open Banking is an initiative by the UK’s Competition and Markets Authority:
“'Open Banking will enable personal customers and small businesses to share their data securely with other banks, and with third parties, allowing them to compare products on the basis of their own requirements, and to manage their accounts, without having to use their bank’.'
Similarly, the Second Payments Services Directive (“PSD2”) is a European wide regulation that will:
“Lower the entry barriers, protect consumers, encourage lower prices, and promote the development and use of innovative online and mobile payments.
What does this all mean?
It means British consumers will get more choice. Consumers won’t be bound to their banks, and continue to get sub-par service. Consumers will have more options with products and services in the realm of lending, payments, savings tools, and every-day banking.
Innovative companies like Zopa, Emma, EdAid and Plum are able to utilise open banking protocols and PSD2 to offer consumers better products and services. These evolved regulatory frameworks have created the capacity for companies like these to now be able to access the financial data of their users, provided their user's consent, through an Application Programming Interface (“API”) that is made available in conjunction with the banks and is compliant with EU and UK regulatory and technical standards.
Where does TrueLayer come in?
As a regulated entity through the Financial Conduct Authority (“FCA”), TrueLayer now has the authorisation to offer access through APIs to data (“AIS”) and payment initiation (“PIS”) in compliance with regulation and with the highest security standard.
Our Data API will enable you to get access to your customer’s data through both credential sharing and OpenBanking at the same time, delivering the best experience and reliability for your application and service.
We had to go through a rigorous evaluation process with the FCA and have been authorised as an Account Information Service Provider (“AISP”) and a Payment Initiation Service Provider (“PISP”).
The FCA evaluated us on a number of items but primarily:
security frameworks and processes, including ensuring sensitive payment data is secure and protected;
our data protection and consent controls;
our company, including the suitability of our team and robustness of our organisation to offer these services.
Can TrueLayer access the OpenBanking Directory?
Of course we can — and you can too through our API! Our team is working day and night to release support for Open Banking as soon as possible. We are engaging with all the CMA9 banks and we’ll keep you posted as we get ready to get our Open Banking connectivity out in the wild.
Do I need to be regulated as well?
For accessing bank data, it depends. According to the provisions set out in the Payment Services Regulation 2017 (the UK's equivalent of PSD2), if your use case is account aggregation and you are planning to display the data back to the consumer through a consolidated dashboard, you are in scope for AIS and therefore, you will need to register with the FCA. Our team can help you navigate this process and share detailed information on how TrueLayer can be appointed as your Technical Provider, saving you months of work and effort to ensure safety when storing sensitive payment data and overall security and data protection (TrueLayer is also certified as ISO-27001).
If your use case is to ingest the data for ancillary services — i.e. affordability checks or account verification — and you don’t need to display the data back to the user, you are not in the scope of AIS, and you can simply use TrueLayer to access the data in an easy and compliant way without the need to engage with the FCA.
What about Payment Initiation?
TrueLayer is a fully authorised payment institution for the provision of PIS. That means that you will be able to initiate payments through our Payment API (that is under development at the moment). If you are a company selling online services or goods and you want to enable your customers to pay directly through their bank account, you won’t need to be authorised as a PIS as long as you go through the TrueLayer API.
What happens now?
As a consumer, if you’ve signed up to non-traditional banking companies like the ones mentioned above, you’ll start to see them and others offer you various different features and products that will either save you money, offer you better rates on loans or bank accounts, analyse your credit score more efficiently and effectively, and give you a larger range of services for your financial needs.
If you’re a company in the financial service industry (whether you are a Fintech, Payment provider, Lender, Account Aggregator, etc.), these services will enable you to rethink the way you interact with your customers and our API will allow you to access them in a secure and compliant environment.
Email us at [email protected] if you want to understand how you can leverage the opportunities of Open Banking and PSD2, today!