Introduction to Open Banking
Open Banking (OB) is a new financial directive in the EU and the UK starting from September 2019. Under OB, users have the right to grant or withhold their permission to share their account data with authorised third-party providers (TPP) such as Yodlee. It enables customers to use TPP to help manage their finances. The data is shared via Application Programming Interfaces (APIs).
With the advent of Open Banking, any financial institution that has implemented the standard categorizes financial accounts into two types - OB supported and non-Open Banking supported account types.
Customer Onboarding to Open Banking
To onboard onto the Yodlee Open Banking solution, customers will have to perform the following steps:
- Sign up for a Yodlee Developer Account, and be on the Launch pricing tier or above.
- Name Envestnet | Yodlee as your Account Information Service Provider (AISP), in your FCA application.
- Apply and get the company approved by the Financial Conduct Authority.
- Enroll in the Open Banking Directory
- Contact customer service to migrate credential-based accounts to the Open Banking site.
Yodlee will move the accounts belonging to a container (bank/card) from screen-scraping to Open Banking. - Launch the application configuration process by clicking the Open Banking banner on the Dashboard page. Perform the following steps:
- Generate and download the unsigned certificate.
- Once signed at Open Banking, upload the certificate to complete the application configuration process.
- To view the Open Banking configured sites, click Site Config in the Dashboard page.
Click Add Manual Site to register a manual site.
Only one application is allowed per environment. Customers can only switch the redirect URLs, provided there are multiple URLs present in Software Statement Assertion (SSA). To make any more updates to the application configuration, the customer has to delete the current application and register a new one. The successful creation of the application will automatically trigger the dynamic site migration process.
After the onboarding process is complete, customers can use FastLink application. Yodlee recommends completing FastLink configurations after onboarding the Yodlee Open Banking solution. Currently, FastLink for Open Banking is available in two flavors:
Single-site Selection Flow
Single site selection is defined to be displaying just one link for the financial institution (supporting both the account types) but providing options to consumer to select the account type to be aggregated. On selecting the site, the consumer will be allowed to choose from different account types - at present, only Current accounts are aggregated with Open Banking and all the other account types are aggregated using consumer's banking credentials. If a consumer is attempting to link an Open Banking supported account type, the consumer is required to provide consent to share account information with Yodlee FastLink. Yodlee FastLink with the implementation of Open Banking requirements supports only account aggregation flow.
Consent to Share Account Data
If a consumer is attempting to link a site that requires their consent to share account information with Yodlee FastLink, the consumer is asked to provide consent before they can continue with the site linking flow.
Consent to share must be re-granted for each application that supports Yodlee FastLink at the financial institution site. For example, a consumer grants consent to share data with Yodlee FastLink from a link on the financial institution home page.
Step 1: Selecting a Site
Consumers can search for sites in the search field that appears by default at the bottom of the page/view or select sites by clicking/tapping an icon in the page that corresponds to the site they want to add. When a consumer selects a site that requires the consumer to grant permission to share data (Open Banking), the application provides a path for the consumer to aggregate Open Banking required Current accounts in addition to other types of accounts that can be aggregated by providing online banking credentials.
-
Click to view the Select a Site screen – Web and Mobile
-
Click to view the Select a Path screen – Web and Mobile
Step 2: Providing Consent
In the Consent page/view, a consumer can provide site login credentials in the fields provided. If required, the consumer is asked to re-enter them for added security. If a consumer has already added the selected site, the Consent page/view shows a message similar to the following in a message at the top of the page/view: Looks like you’re already added this site. It’s OK to re-enter your credentials. The message appears for 3 seconds.
If a customer has enabled the requirement for the consumer to consent to share account data with Yodlee, the consumer will be asked to grant consent before they can complete the site linking process. In the aggregation flow, after selecting a site, the consumer provides login credentials in the fields. Note that the fields and field labels displayed on the page/view correspond with those required at the site.
-
Click to view the Provide Credentials for Non-OB Accounts screen – Web and Mobile
-
Click to view the Provide Consent for OB Accounts screen – Web and Mobile
-
Click to view the User is Redirected to the Financial Institution's site screen
-
Click to view the User Logs In and Provides Consent to Share Account Information screen
Step 3: View Accounts
The following account details are displayed for each account in the View page/view under the appropriate financial institution and container heading:
- Account Name – Name of the account (for example ABC Checking)
- Account Number – The account number (masked except for the last four digits)
- Account Type – Account type at the investment site (Savings, checking, 401k, etc.). The field holds up to 500 characters.
- Account Balance – Balance of funds in the account
The Close button closes Yodlee FastLink. The Add New button redirects the consumer back to Select a Site in Yodlee FastLink so that they can add another site if they choose to. Click to view the View Accounts screen – Web and Mobile
Consent Dashboard
Consent Dashboard or Manage Access is a feature in Yodlee FastLink that lets consumers renew or delete their consent to share account data (for the sites that require the consumer’s consent). The Consent Dashboard feature will be available from a link in the consumer's Financial Wellness Solution. Click to view the Manage Access screen – Web and Mobile
The following information appears on the consent dashboard for the accounts under each site listed.
- Permission Status – The current status of the permission along with the validity.
- Access Start Date – The date the consumer granted the sharing permission.
- Access Expiry Date – The date the sharing permission will end. The consent dashboard shows the number of days left before consent expires at each site linked that requires consent.
- Renew – A button to invoke the consent renewal flow in Yodlee FastLink
- Manage Accounts – A button to invoke the manage accounts flow in Yodlee FastLink Open Banking.
- Delete – A button to revoke access, stop sharing, and delete the historical account information.
The status of consent can be one of the following and is color-coded as described:
- Active – Green
- Expired – Red
- Nearing Expiration – Yellow
Renewing Consent to Share Data
After successfully linking a consent required site, a consumer will be asked to renew their consent periodically. By default, the frequency of required consent renewal is 90 days and the customer can configure a different frequency.
A consumer might choose to renew consent if, for example, the selection of accounts has changed at the financial institution site or consent is about to expire at the site and they want to renew it. Yodlee FastLink lets consumers re-authenticate their credentials to renew their authorization to share their account information with Yodlee.
A consumer can access the consent renew flow by clicking/tapping the consent management link in the site Select page/view. In the Consent Dashboard that appears, clicking/tapping the Renew option for any site starts the consent renewal flow for that site.
-
Click to view the Manage Access to Renew Consent screen – Web and Mobile
-
Click to view the Consent Renewal Success screen – Web and Mobile
Deleting Consent to Share Data
A consumer can delete consent to share account data by clicking/tapping Delete on the Consent Dashboard. The Delete option is available for sites where consent is active and for sites in which consent has expired or is nearing expiration.
The site for which consent was deleted no longer appears on the consent dashboard. The financial institution site receives communication that the consumer deleted consent to share account information. Click to view the Manage Access to Revoke Consent screen – Web and Mobile
Dual-site Selection Flow
With the advent of Open Banking, on searching for a site, consumer would be provided with two different options for the site (if the site has implemented Open Banking) - at present, only the Current accounts would be supported via Open Banking and all the other account types would be aggregated using consumer's banking credentials. The selection would then decide the aggregation mechanism. If a consumer is attempting to link an Open banking supported account type, the consumer is required to provide consent to share account information with Yodlee FastLink. Yodlee FastLink with the implementation of Open Banking requirements supports only account aggregation flow.
Consent to Share Account Data
Under Open Banking requirements, consumers have the right to grant or deny permission to share their account data with data providers. Yodlee FastLink provides a path to granting (or denying) permission to share account data. Yodlee FastLink also lets consumers renew and delete account data sharing permissions.
Consent to share must be re-granted for each application that supports Yodlee FastLink at the financial institution site. For example, a consumer grants consent to share data with Yodlee FastLink from a link on the financial institution home page. Later, when the consumer uses FastLink in different applications (for example, personal finance apps and lending applications) hosted by the same financial institution, the consumer must complete the consent to share flow for those applications separately.
Step 1: Selecting a Site
Consumers can search for sites in the search field that appears by default at the bottom of the page/view or select sites by clicking/tapping an icon in the page that corresponds to the site they want to add.
When a consumer selects a site that requires the consumer to grant permission to share data (Open Banking), the application provides a path for the consumer to aggregate Open Banking required Current accounts in addition to other types of accounts that can be aggregated by providing online banking credentials. Click to view the Select a Site screen – Web and Mobile
Step 2: Providing Consent
In the Verify Credentials page (Verify view in mobile), under Data you will be sharing, an explanation of the consent process is shown. The user interface lists the information to which the consumer will be granting access and sharing with Yodlee FastLink (for purposes of linking the site).
The information listed varies depending on the financial institution being linked. Typical information includes the account name, account balance, and nickname. Information can also include transactions and transaction details. If the consumer decides not to grant consent, they can cancel the operation and return to the site selection page/view.
-
Click to view the Provide Credentials for Non-OB Accounts screen – Web and Mobile
-
Click to view the Provide Consent for OB Accounts screen – Web and Mobile
-
Click to view the User is Redirected to the Financial Institution's site screen
. -
Click to view the User Logs In and Provides Consent to Share Account Information screen.
Step 3: View Accounts
The following account details are displayed for each account in the View page/view under the appropriate financial institution and container heading:
- Account Name – Name of the account (for example ABC Checking)
- Account Number – The account number (masked except for the last four digits)
- Account Type – Account type at the investment site (Savings, checking, 401k, etc.). The field holds up to 500 characters.
- Account Balance – Balance of funds in the account
The Close button closes Yodlee FastLink. The Link Another Site button redirects the consumer back to Select a Site in Yodlee FastLink so that they can add another site if they choose to. Click to view the View accounts screen – Web and Mobile
Consent Dashboard
Consent Dashboard is a feature in Yodlee FastLink that lets consumers renew or delete their consent to share account data (for the sites that require the consumer’s consent). The Consent Dashboard feature will be available from a link in the consumer's Financial Wellness Solution. Click to view the Consent Dashboard screen – Web and Mobile
The following information appears on the consent dashboard for the accounts under each site listed.
- Permission Status – The current status of the permission along with the validity.
- Access Start Date – The date the consumer granted the sharing permission.
- Access Expiry Date – The date the sharing permission will end. The consent dashboard shows the number of days left before consent expires at each site linked that requires consent.
- Renew – A button to invoke the consent renewal flow in Yodlee FastLink
- Delete – A button to revoke access, stop sharing, and delete the historical account information.
The status of consent can be one of the following and is color-coded as described:
- Active – Green
- Expired – Red
- Nearing Expiration – Yellow
Renewing Consent to Share Data
After successfully linking a consent required site, a consumer will be asked to renew their consent periodically. By default, the frequency of required consent renewal is 90 days and the customer can configure a different frequency.
A consumer might choose to renew consent if, for example, the selection of accounts has changed at the financial institution site or consent is about to expire at the site and they want to renew it. Yodlee FastLink lets consumers re-authenticate their credentials to renew their authorization to share their account information with Yodlee.
A consumer can initiate the consent renewal flow by clicking/tapping the Renew button in the Consent Dashboard page/view.
Deleting Consent to Share Data
A consumer can delete consent to share account data by clicking/tapping Delete on the Consent Dashboard page/view. The Delete option is available for sites where consent is active and for sites in which consent has expired or is nearing expiration.
The site for which consent was deleted no longer appears on the consent dashboard. The financial institution site receives communication that the consumer deleted consent to share account information. Click to view the Consent Dashboard - Revoke Consent screen – Web and Mobile
Glossary
| Term | Description and Examples |
|---|---|
| Dual Site | From an API perspective, the dual site refers to the implementation wherein two separate API calls have to be made to link OB and non-OB sites. |
| Single Site Selection | Unlike dual site, in single site selection, the search results are retrieved at a financial institution-level. Which means that a GET call results in separate calls for OB and non-OB sites. |
| PSD2 | The revised Payment Service Directive, which intends to end the monopoly of banks and financial institutions by enabling their customers to use third-party providers to manage their finances. |
| AISP | Account Information Service Providers (AISP) are the service providers with access to the account information of bank customers. |
| Consent | Consent is merely a permission given by users to the third-party providers (TPP) to access and manage their account data. |
| Provider Account | In Yodlee's context, a provider account is referred to as a site or a financial institution's accounts. |
| FCA Approval | An approval given by the Financial Conduct Authority (FCA) to the TPPs if they meet the regulatory requirements. |
| Migration | Internal to Yodlee, migration refers to the movement of users from the credential-based sites to the OB sites enabling them to adapt to OB standards. |