Introduction to Open Banking
Open Banking (OB) is a financial directive in the EU and the UK starting from September 2019. Under OB, users have the right to grant or withhold their permission to share their account data with authorised third-party providers (TPP) such as Yodlee. It enables customers to use TPP to help manage their finances. The data is shared via Application Programming Interfaces (APIs). With the advent of Open Banking, any financial institution that has implemented the standard categorizes financial accounts into two types - OB supported and non-Open Banking supported account types.
Getting Started with UK Open Banking
Envestnet | Yodlee provides two different engagement models to allow your users to connect and share for their account information with your application:
- Registered AISP service:
If you have your own FCA AISP license or wish to apply for one, following steps apply:
- With your FCA AISP permissions, enroll in the Open Banking Directory.
- Sign up for a Yodlee Developer account, and be on the Launch pricing tier or above.
- Configure your application and generate an unsigned certificate.
- Generate your Open Banking certificates at the Open Banking Directory.
- Onboard payment account providers:
- Dynamic providers are registered automatically.
- Manual Providers need to be registered on demand and on per provider basis by providing Client-id and Client-secret.
- Yodlee AISP service:
If you are a UK entity, and you don’t have your own FCA AISP license, you can apply to use Envestnet | Yodlee’s extended AISP license service. You will be requested to submit your application, and an Envestnet | Yodlee representative will contact you and guide you through the eligibility process.
Account Aggregation through FastLink
FastLink for aggregating financial institutions supports both payment as well as non-payment account types through Open Banking. On selecting a provider, the user is allowed to choose from different supported account types. At present only payment-enabled accounts can be aggregated with Open Banking whereas all the other account types are aggregated using user's banking credentials. If a user is attempting to link an Open Banking supported account type, the user is required to provide consent to share account information with Yodlee FastLink.
Consent to Share Account Data
If a user is attempting to link a provider that requires their consent to share account information with Yodlee, the user will be asked to provide consent before they can continue with the provider linking flow.
Consent to share must be re-granted for each application that supports Yodlee FastLink at the financial institution provider. For example, a user grants consent to share data with Yodlee FastLink from a link on the financial institution's home page.
Step 1: Selecting a Provider
Users can search for providers in the search field that appears by default at the top of the screen or select other providers by tapping an icon in the page that corresponds to the provider they want to add. When a user selects a provider that requires the user to grant permission to share data (Open Banking), the application provides a path for the user to aggregate Open Banking supported accounts in addition to other types of accounts that can be aggregated by providing online banking credentials.
Applies to both Registered AISP and Yodlee AISP service model.
Step 2: Choose the Type of Account
On this screen, users has to select the type of accounts they wishes to connect, whether Open Banking or online credentials.
Step 3: Provide Consent
In the Consent screen, the user is required to provide his consent to share his account details and for a specific period with the client’s application. If the user had already added the selected provider in past, the Consent screen displays a message at the top of the screen indicating that the user had already aggregated this provider/account, and process is being repeated.
Step 4: View Accounts
The following account attributes are displayed for each aggregated account in the view accounts screen under the appropriate financial institution and container heading:
- Account Name – Name of the account (for example ABC Checking)
- Account Number – The account number (masked except for the last four digits)
- Account Type – Account type at the investment provider (Savings, checking, 401k, etc.).
- Account Balance – Balance of funds in the account
The Save & Finish button closes FastLink, whereas Connect More Accounts button redirects the user back to select a provider screen in FastLink, so that they can add another provider if they choose to.
The Manage Consent screen in FastLink facilitates a consolidated view of all user consents for aggregated accounts. The user can renew or delete their existing consent to share account data (for the providers that require the users consent). When launching Fastlink, the Manage Consent screen can be invoked by passing the
manageConsent value in the
flow extra parameter attribute.
Renew Consent to Share Data
After successfully linking a consent-required provider, the user will be asked to renew their consent periodically. By default, the frequency required to renew consent is 90 days for UK Open Banking.
The user might choose to renew consent if:
- The selection of accounts has changed at the financial institution.
- The consent is about to expire at the provider and it needs to be renewed.
Yodlee FastLink lets users re-authenticate and renew their authorization to share their account information with Yodlee. The user can invoke the consent renewal flow by invoking the Manage Consent screen and selecting the required consent from the listed consents. The consent status applicable at that moment is displayed against each listed consent.
Delete Consent to Share Data
The user can delete consent by tapping the Delete Account, available only on the consent detail screen that can be invoked from the Manage Consent screen. The delete option is available when the consent is active and if the consent has expired or is about to expire. The provider for which consent is deleted will no longer appear in the Manage Consent screen. The financial institution or provider receives a notification that the user had deleted the consent to share account information.