The third iteration of the Open Banking specifications, released earlier this year, are now being adopted by the major UK banks. The Regulatory Technical Standards on Strong Customer Authentication and common and secure communication under PSD2 (commonly
abbreviated to “the RTS”) came into effect on 14th September 2019, and many of the major banks in the UK have been funnelling their efforts into a “final” release of their APIs ahead of time.
Since the APIs were released at the beginning of 2018, the specifications have undergone a number of iterations, with version 3 being the most significant. What makes version 3 more interesting than previous versions is, conveniently, threefold.
Faster Consent Process with A2A and W2A
Firstly, the release of version 3 coincides with a number of version-agnostic improvements the banks have been making to their customer authentication and authorisation procedures. The biggest of which being App-to-App and Web-to-App (A2A and W2A, respectively)
redirection as part of the customer consent journey. Practically, this means that if a customer is interacting with a TPP on a mobile device and wishes to connect to their bank, the redirection undergone by a customer would be straight to the mobile banking
app on their device. This means authentication can be as easy as scanning a face or a finger, then tapping a button to confirm consent. This is a monumental enhancement over prior implementations. Despite customer conversion being much higher under Open Banking
when compared with screen-scraping, this streamlining of the consent journey only serves to increase it further.
App-to-App and Web-to-App give customers a low-friction consent journey.
New Types of Account Including Credit Cards
Secondly, there are now new types of accounts that are in-scope that will be served via the APIs. So far the solitary inclusion of current accounts has limited the power offered to third parties by the Open Banking APIs. Most banks are now offering other
kinds of payment accounts, like credit cards and savings accounts via the same rails. The inclusion of these accounts will make it possible to get a more complete picture of an individual and offer them greater levels of service. If a third party can understand
how money flows between the accounts a customer holds, they have the ability to offer greater advice on how to get the most out of their money, where previously they would be unable to.
Non-CMA9 Banks Like TSB Now Available
The final major change to coincide with the release of Open Banking version 3 is the number of non-CMA9 providers entering the Open Banking ecosystem. PSD2 affects not only banks but any account-servicing payment service provider (ASPSP). This includes credit
card companies as well as smaller banks and building societies. The addition of these providers is valuable for a number of reasons. Firstly, it further enables TPPs to gain a more complete picture of a customer’s finances — a customer may use credit card
facilities not offered to them by the major banks, for example — and, secondly, it advances financial inclusion. Too often in the world of FinTech are services geared towards relatively affluent, tech-savvy consumers living in a few east-London postcodes.
The addition of smaller and challenger banks — who typically serve consumers the Big Nine overlook — to the Open Banking ecosystem allows companies to build services that serve customers who may have more nuanced needs. We hope this fuels a drive towards a
more inclusive economy, with financial institutions large and small leveraging the insights Open Banking data can offer to provide more holistic, tailored services to their customers.
With new accounts available through Open Banking APIs, enhancements to the existing Open Banking authentication journeys and a wide variety of non-CMA9 financial institutions joining the ecosystem, the release of the version 3 APIs presents an exciting opportunity
for companies capitalising on the technical infrastructure the banks have provided.