The demise of the 90-day rule and the future of open banking
The FCA’s recent amendment to the 90-day open banking reauthentication rule came into effect a few weeks ago – a change that was introduced back in November 2021. It signals a new breakthrough for open banking, bound to reduce high drop-off rates and reduce unnecessary friction for consumers.
Open banking services have gathered momentum and increased their user base in Europe significantly, particularly over the past 12 months. The UK has spearheaded this movement, with over 6 million users and nearly 10% of all individuals with a bank account benefiting from these services, according to the Open Banking Implementation Entity (OBIE).
In its nascent stages, concerns around the privacy and safety of consumer data were mitigated by regulations that required customers to reconfirm every 90 days that their banks are permitted to share sensitive financial information with authorised third-party providers (TPPs). This strong customer authentication (SCA) was a crucial move in establishing trust and open banking took off not only as an easy way to manage money, but also a safe one.
However, the FCA highlighted last year that TPPs often suffered an attrition rate of up to 20-40% at the 90-day mark – likely a consequence of arduous reauthentication processes. The process of logging into individual accounts to re-grant access to financial information was proving cumbersome, signposting a critical – but surmountable – problem for the future of open banking.
High attrition rates generally came down to simple oversights – often customers were unaware that they needed to re-consent after 90 days, or simply forgot to do so. This was a significant barrier for even the most engaged users.
Regulating the next stage of adoption
The 90-day rule was undoubtedly decisive in making sure that customers always had access and control of their data and could opt-out of open banking services whenever they wanted. This helped open banking establish itself as a new technology and overcome initial barriers to adoption.
The current scenario has shifted however, and so have the hurdles.
Now that open banking services have become an integral part of financial and money management services, consistent access to financial data is imperative. This is to ensure that services are not unexpectedly paused and that TPPs are making smarter integrated decisions for customers.
For continued growth and innovation, the simplification of consent is a beneficial and necessary next step to ensure the future success of open banking technology.
Invigorating the open banking experience
The new guidelines mean that customers no longer need to be redirected to their banking apps to reauthenticate access. For instance, if an individual has linked multiple accounts to a money management or budgeting app, at the 90-day mark they will be nudged to reconnect these accounts through a single screen. The process can now take place within the open banking provider’s own platform, taking just a few seconds of a user’s time.
This revision spells good news on two fronts. First, the burden of granting permission is no longer with the customer, and instead with the TPP as it requires them to be technically ready to confirm consumer consent. Secondly, the removal of this barrier is an opportunity for open banking services to expand their reach and have unfettered access to data for embedded services like wealth management, product personalisation, bill payment, account aggregation, KYC solutions and so on.
Most importantly, this is done without compromising on security, as consumers will still retain the flexibility to remove their consent at any time.
Onwards in nurturing customer relationships in open banking
During the inception of a new technology, it is paramount to have a good and, most importantly, safe user experience when nourishing a fresh crop of early adopters. Open banking achieved this by developing an innovative service and products while still applying the most onerous data security rules – now its concerns have shifted to retaining users and expanding its services. The rule change is geared toward making this a reality and simplifying financial decision making for the masses.
To make open banking technology a success in the long term, the guarantee of data security must be a continued priority. If users are assured that their financial data is protected and is being used only for the stated purposes, the dissolution of the 90-day rule and other updates in the future are more likely to be well received. Moreover, by gaining this trust, it will prove easier to adapt to changing market conditions while continuing to expand the cohort of users benefitting from open banking services.
To guarantee a fruitful future for open banking, a balance must be achieved between nurturing trusting relationships with existing customers and incorporating processes that make for a fulfilling and fuss-free user experience.