FastLink AU Open Banking Product Guide

Introduction to Open Banking

Yodlee FastLink application manages all aspects of consumer data right (CDR) requests, including redirection of the user/consumer to authorise and consent to data sharing, aggregate and verify accounts, and support both CDR-enabled sites and legacy credential-based sites in the same user experience.


Account Aggregation through FastLink

The FastLink application takes the user through the process of linking a site. The user flow has three steps:

Step 1: Selecting a Site

In the site linking process, the site selection screen is first displayed. In this screen, consumers can search for sites that require the consumer to grant permission to share data. Consumers can either search for the sites in the search field or select the sites by tapping an icon that corresponds to the site they want to aggregate.

Step 2: Provider Consent

The pre-consent screen displays the high-level steps to aggregate accounts. The consumer has to tap Get Started on the pre-consent screen to start the process of providing consent. The Consent screen is then displayed letting the consumer know that the consumer’s account information is being shared.

pre consent screen

To grant consent and continue adding the site, the consumer has to tap I Consent. The status spinner and a message is displayed indicating that the consumer is securely transferred to the data provider's site. At the data provider site, the consumer authenticates his/her identity by entering the site login credentials. The data provider site then requests confirmation of consent from the consumer to pass his/her account data to the client application.

Once the consumer provides the confirmation, the account aggregation process is triggered. The status spinner lets the consumer know that he/she is securely transferred from the data provider site to FastLink, and the account information is being gathered. After the data is retrieved, the Success screen appears that lets the consumer know that the account information is successfully aggregated.

Step 3: View Accounts

After the account information is received from the data provider site, the accounts summary screen is displayed with the following account attributes for each aggregated account in the view accounts screen under the appropriate financial institution and container heading:

  • Account Name – Name of the account (for example ABC Checking)
  • Account Number – The account number (masked except for the last four digits)
  • Account Type – Account type at the investment provider (Savings, checking, 401k, etc.).
  • Account Balance – Balance of funds in the account

The Save & Finish button closes FastLink, whereas Save and Link More Accounts button redirects the consumer back to select a provider screen in FastLink, so that they can add another provider if they choose to.


The Manage Consent screen in FastLink lets the consumer view and manage their consent. The consumer can land on the Manage Consent screen from a link in the customer’s application. The Manage Consent screen lists down all the statuses of consent that exists for a particular consumer:

  • Active
  • Pending
  • Archived

Active

The consent is in active state when the consumer has already given consent and it has not exceeded the consent validation period of 12 months. Tapping Active button on the Manage Consent screen will display the active consent details.

Pending

The consent is in pending status if an account has not gone through the full aggregation process or there has been a service disruption.

Archived

The consent will have the archived status if the consumer has withdrawn or revoked the consent, or the consent validation period has expired.

Consent Withdrawn by Consumer

The archived consent screen is displayed when the consumer has revoked the consent i.e. if the consumer has stopped sharing the data by tapping I want to stop sharing my data button on Manage Consent active screen by selecting Delete my data instead, the consent will be archived and the screen shows Go Back button.








 

Consent Validation Period Expires

The consent will be archived automatically if the consent validation period expires without revocation. The archived Manage Consent screen displays the provider name, product, consented date, and archived date. On this screen, the consumer can also download the Consent withdrawal confirmation PDF by tapping View your consent withdrawal confirmation link.

The consumer can delete the existing consent and provide the new consent by tapping Restart consent that initiates the process of providing consent starting from the pre-consent screen. The consumer can also avoid giving consent and archive the account by tapping Keep archived. This will display the Manage Consent screen.

Notification

The Notification bell icon is shown on the consumer’s application and on the Manage Consent screen. It displays the number of notifications on it. Tapping Notification bell icon displays the Notifications screen.

Note: A notification for active consent is generated every 90 days or three months from the day the consumer had provided the consent.


The consumer can withdraw the consent or stop sharing the data by tapping I want to stop sharing my data button on the active consent screen.

When the consumer taps I want to stop sharing my data button the Stop Sharing screen is displayed. The Stop Sharing screen displays what happens to the consumer’s data and what will be the impact of not sharing the data.

On this screen, if the consumer selects the toggle, the data will be hard-deleted. A consumer who continues without selecting the toggle would be able to revoke the consent but will not delete the data.

When the consumer taps Continue, the second Stop Sharing screen is displayed to reconfirm. This Stop Sharing screen gives a detailed impact of withdrawing consent. On tapping Yes, Stop Sharing, the data sharing is successfully stopped and the You are no longer sharing data screen is displayed with Archived status on the screen to confirm that the data sharing is stopped and the account has been archived. This screen also gives details of what data was collected and how the data was used, and the key dates in condensed form.

De-identification of Data

De-identification of data is removing the consumer’s personal information associated with data, i.e., the data will not be associated with the consumer’s identity (name and contact details) after the de-identification process takes place.

The de-identification of data happens after a consent expires or when a consumer revokes the consent.

Note: After the consent period expires, Yodlee and it’s customers are authorised to use the de-identified data without further consent.

Downloading PDFs

The consumer can download the Consent Confirmation PDF from active Manage Consent screen and the Consent Withdrawal Confirmation PDF from the archived Manage Consent screen to the consumer’s local drive.

Downloading Consent Confirmation PDF

The Consent Confirmation PDF is available on the Manage Consent screen when the consent status is active. This PDF can be downloaded by tapping View your consent confirmation link.
The Consent Confirmation PDF gives information about key dates, who is the Generic client and its ADR number, Envestnet Yodlee and its ADR number, transaction details, account balance and details, what is the additional uses of the consumer’s shared data, etc.

Downloading Consent Withdrawal Confirmation PDF

The Consent withdrawal confirmation PDF is available once the consumer has withdrawn the consent by stopping the data sharing. For more information about withdrawing consent, see Withdrawing Consent. This PDF can be downloaded by tapping Download withdrawal confirmation PDF on the header and View your consent withdrawal confirmation link on the You are no longer sharing data screen.

The Consent Withdrawal Confirmation PDF gives information about when the consumer gave consent and when the consumer withdrew the consent, who was the Generic client and its ADR number, Envestnet Yodlee and its ADR number, transaction details, account balance and details, what data was collected and how it was used, etc. This PDF also lists the list of third parties that were associated.