+ What is Open Banking and what does it mean for me?
In short, Open Banking is a series of reforms that means all UK-regulated banks will have to let you share your financial data such as your spending habits, regular payments and companies you use (basically, for the moment, your current account information) with authorised providers offering budgeting apps (like Moneyhub!), or other banks – as long as you give your permission.
The idea behind these changes is that they'll bring more competition and innovation to financial services which, in turn, will lead to more and better products to help manage your money. Open Banking puts you in control of your data and lets you find the best deal and the best services easily and safely.
Open Banking is all well and good, but it doesn't mean you can automatically share you data with just anyone. You can only safely share your financial information with people who are Financial Conduct Authority regulated. In addition to this, if you want to share your data via an API and not screen scraping the company has to be AISP regulated by the FCA.
+ What does is mean when you connect via Open Banking in Moneyhub, and what are banking APIs?
Banks have now begun their managed roll out, or ‘beta’ period, to test their APIs with FCA regulated third parties who have permissions as Account Information Services Providers (AISPs).
Application Programming Interfaces will appear to you as a redirect from the third party app (like Moneyhub) where you'll go to your banking app or banking website, it will ask if you want Moneyhub to have access to your finances and be able to show your data for the next 3 months, and once you say yes you'll get redirected back to Moneyhub.
It's a bit like when you sign in to another app via Facebook or Google, it doesn't change or allow unlimited access to your actual account, and you can stop access at any time from your banking app. You'll get prompted every 3 months to reconnect, so you can never accidentally leave the connection running.
+ Why do I still sometimes have to put in my login credentials to connect my account?
Open Banking sets standards for banking APIs. But the legislation only covers banks, and specifically only current accounts. It doesn’t cover providers like mortgage providers or even other account types at the same bank. Also, not every bank has their API ready. We know that Moneyhub is most useful when you can connect every account you want to see – that’s why we use another method to allow you to add your accounts that aren’t ready for APIs.
This method is called ‘screen-scraping’. A programme logs into your account on your behalf, captures the data from the screen and translates it into data we can add to your Moneyhub dashboard. The company we work with to do this is called Yodlee. Yodlee’s technology is trusted by many of the biggest financial institutions in the world, including Bank of America and Amex.
All your data is encrypted, so no one could see it even if they wanted to. And most importantly, no matter what, your bank is still responsible for your money and accounts in the highly unlikely event that things go wrong with Moneyhub, as the FCA has given us AISP permissions. No matter what method is used to bring together your financial data.
Every day, more banks and financial providers are getting their APIs ready. Soon, screen-scraping will fade away. If you’d like to know what your bank is doing to get ready for Open Banking, just call them directly.
+ What are AISP regulations and and what has that got to do with Moneyhub?
Account Information Services Providers have an extra layer of special regulation from the FCA, which means a company can use a bank's APIs rather than just simply screen scraping.
All banks must provide their APIs by September 2019, and the UK’s nine biggest banks and building societies – the CMA9 – must have their APIs ready to go by April 2018. Meanwhile, until an API is available for AISP third parties, banks must allow screen-scraping by ‘grandfathered’ third parties only.
And since APIs only currently apply to current accounts in the CMA9, AISP regulated third parties are allowed to screen scrape other data for accounts such as loans, mortgages, credit cards or savings accounts with the same level of security and coverage in the unlikely event that things go wrong, the same as if the third party uses an API. This means, that no matter what, your bank is still responsible for your money and accounts in the highly unlikely event that things go wrong with Moneyhub, as the FCA has given us AISP permissions.
Bear in mind, too, that not everyone who applies to be AISP regulated gets approved. Third parties need to have strict internal and external security procedures and frameworks in place, and to meet the very latest customer authentication models. For instance, at Moneyhub we had to provide extensive detail of our security protocols, such as our compliance with ISO-27001 information security procedures, and our use of the OAuth 2.0 and OpenID Connect standards to enable token based authorisation for all our internal services, ensuring that we don’t rely on perimeter security alone. These are just two examples of the lengths required to become AISP approved, and what is needed to have a realistic opportunity of gaining AISP regulatory approval. Some third parties in the market today that are screen-scraping accounts have already been rejected, and the FCA has said it only expects to see 15-20 companies with AISP regulations in the UK.
+ What about my banking terms and conditions?
The Financial Conduct Authority (FCA) has released some information on your rights as a consumer who shares your information with a third party application, such as Moneyhub. The following is an excerpt from this information:
"Your banking terms and conditions should not prevent you from sharing your credentials with regulated AIS or PIS providers. Your bank cannot hold you responsible for unauthorised transactions just because you have shared your credentials with AIS and PIS providers."
To see more please visit the FCA website here.
Moneyhub Financial Technology is a registered AIS (Account Information Service) provider, reference no. 809360.
This means, that no matter what, your bank is still responsible for your money and accounts in the highly unlikely event that things go wrong with Moneyhub, as the FCA has given us AISP permissions.
Connect with Open Banking
Open Banking sets standards for banking APIs (this is how you connect these accounts to Moneyhub). But the legislation only covers 13 banks, with a few others proactively joining the scheme early, and specifically only applies to current accounts at the moment, with credit card and savings accounts following over the next couple of years.
We currently connect to:
Bank of Scotland
Royal Bank of Scotland
If your bank is not listed, please keep in mind that not every bank has their API ready, if you don’t see your bank in this list we can probably still connect to them, just via a different method. Please contact them to ask them what they’re doing to get ready for Open Banking and what their API status is.