Fintech R&R x Under the Hood??: Open Banking AIS Revisited

A dive into the end-to-end process of Open Banking's Account Information Service, some of my previous predictions and KSA learning from the UK's stagnation

How does the Open Banking AIS work under the hood?

What does the postal system have to do with how an API works?

Why is Saudi Arabia's Open Banking framework more progressive than the UK's?

Why has the launch of Variable Recurring Payments been a little underwhelming?

Why do some PFMs have a big User Story problem that’s meant they failed to add true value to customers?

These questions and more will be answered in this week's edition.

Hey Fintechers and Fintech newbies ????

I'm back after three hectic weeks, and the news that's dropped over this period, specifically the flurry of Open Banking news, has been exciting.?

• Visa's Big A2A Announcement - Visa made waves with its move to boost consumer protection for bank transfer payments. By bringing the security of card payments to bank transfers, Visa is pushing Open Banking forward and aiming to build greater trust with consumers.. This could unlock more opportunities for fintechs focused on secure, scalable A2A payment solutions.?

"Visa A2A will ensure consumer-to-business bank transfer payments have similar levels of protection that consumers are used to when they use their cards." - Mandy Lamb, MD of Visa UK and Ireland?

• Fifth Third and Trustly Partner Up - The partnership between Fifth Third Bank and Trustly brings Open Banking's instant payment solutions into the traditional US banking space. The hope is this will accelerate the adoption of account-to-account payments in the US, especially for merchants, where Open Banking has been slower to take hold than in Europe. Although US customer behaviour and intrinsic attachment to cards might make Pay by Bank adoption slower in the US than in other regions, this partnership will likely help speed things up.

• Truelayer and Stripe Join Forces - TrueLayer and Stripe's partnership is set to streamline Open Banking payments for businesses. By combining TrueLayer's Open Banking tech with Stripe's infrastructure, merchants can offer faster, more secure account-to-account payments, signalling another leap in making Open Banking mainstream in financial services.

All very significant leaps forward, but the most significant one from a procedural point of view of UK Open Banking that got very little press is the official completion of the Open Banking Roadmap. This means we can start to move out of this 'semi-holding pattern' we've been in with the uncertainty of the next steps and move forward to push OB innovation further. More on that later.?

And finally, the hyper-relevant news for me as I sit and write this introduction from Riyadh is the announcement that Tarabut acquired Open Banking payments facilitator Vyne . Tarabut is basically the Truelayer or Tink for the Middle East

Open Banking in Saudi Arabia is on an upward trajectory comparable to the UK at a similar period along its journey (circa 2020, 2 years after its official go live). There are several factors that make the Kingdom's Open Banking journey faster compared to other frameworks and innovation roadmaps, but I'll cover that in a dedicated Open Banking in KSA follow-up, along with some other fintech deep dives about the region as I myself entrenched myself further into the ecosystem on the ground.

In this edition, however, I want to go back to basics. With the UK officially ending the last phase of the roadmap, I wanted to give a quick reminder of the AIS process, revisit some predictions? (more like hopes and dreams) I made in 2021 for the next steps, and highlight a couple of points from some other Open Banking experts.?

As well as interesting news, puns + movie references, this edition includes the following:

• Origins of Open Banking & PSD2
• Open Banking AIS: Under the Hood: Step by step on connection and authorisation (with a clear graphic of course)
• Then and now: A reality check on some predictions I made in 2021 : Increased Account Coverage | VRP/Sweeping | Open Finance | Personalised Finance Management
• Expert perspectives from Luke Massie (VibePay) and Barry O'Donohoe (Raidiam)
• What I hope is next for UK Open Banking -> Open Finance
• Fintech Spotlight ??: Wafeer: A Saudi PFM app

Now let’s get into it ????

Quick reminder. To get these insights earlier and directly to you inbox, join the 1000s of others already subscribed by hitting the link below (it takes <20seconds)

Subscribe Now

Note: This write-up was largely focussed on Open Banking Account connection for Personal Finance Management apps but the process is the same for all end consumer and business apps so feel free to replace the reference to PFM apps with any end user product? i.e. mortgage brokerage app, insurance app, finance app etc

UK Open Banking

"...sorry Brexiteers...EU Regulation isn't about straightening bananas and taking away consumer rights"

We can’t talk about Open Banking AIS without first giving some context about its origins baked in PSD2 . The revised or Second Payment Services Directive (PSD2) is an EU regulation whose objectives include:

• To contribute to a more integrated and efficient European payments market
• Make payments safer
• Increase the consumers’ protection
• Foster innovation and competition while ensuring a level playing field for all players, including new ones.

The regulation was 'entered into force' (which basically means brought into existence in EU Law) in 2016 and EU Members had until 13th Jan 2018 to transpose it into national law.

Account Information Service

One of the biggest innovations detailed in the PSD2 regulations is the 'access to account' services defined in Articles 66 & 67 of the regulation. Look, I'm no lawyer. And I don't expect you to be either. But if you are, feel free to read the whole PSD2 doc here .

For the rest of us, Article 66 outlines Payment Information Services (PIS) – Giving the user the right to use third-party services that can initiate payments – and Article 67 outlines Account Information Services (AIS) – Giving the user the right to use third-party services that access and make use of the users account information.

Simply put, it means banks HAVE to give secure access to Payment Services and Account Information so third parties can create tools that will ultimately benefit the customer. Got it?

So. This is where Open Banking comes in.

Even though Open Banking as a concept has been around for a while, the requirement for a secure way to give providers access to your financial information was given more urgency when PSD2 came into effect and so the Open Banking term became much more mainstream. And in the UK it's the Open Banking Implementation Entity (OBIE) who were responsible for implementing these new initiatives and who continue to oversee Open Banking initiatives, drive innovation & competition and hold banks to account (pardon the pun). You can find out more about them and what they do here .

Reading this, you might be thinking that PSD2 is a positive EU regulation and you'd be right. So before I carry on, I'd like to say sorry to the Brexiteers because it's clear that EU Regulation isn't about straightening bananas and taking away consumer rights. ??

Now the context is out of the way, let's get into the process.

Open Banking flow for PFM (and many other use cases)

Step 1 - Initiate the connection of an account

The app using the Account Information Service is known as the Account Information Service Provider or AISP for short. So apps like Emma and Money Dashboard (now owned by ClearScore) are AISPs. Most PFM apps that rely on external account information will prompt the user to connect an existing account as soon as they open up the app. The user will be presented with a list of Account Servicing Payment Service Providers, or ASPSPs, for short. These will be banks, building societies and all other account providers like HSBC, Monzo, Barclays etc. The user will select the provider of the account they want to connect.

Step 2 - Summarise information access and prompt for consent

Once the account provider has been selected, the AISP will present the user with a summary of the account access request containing:

• The data that will be requested from the account provider
• The actual entity accessing the data
• Duration of the data access
• Confirmation of a redirect to the selected Account Provider once consent has been given

They will then be prompted to consent to access based on the above and if consent is not given the process ends.

Step 3 - Establish technical connection with Account Provider via API

Now the user has given consent, the AISP has permission to establish a connection with the user's account provider via an API. This is via an API that they themselves have built or they use a Third Party's API.

A quick word about APIs ??????

So let's get the techy bit out of the way. API stands for Application Programming Interface. A simple definition for an API is a gateway with a set of procedures that gives access to a defined set of functions and data of a system. I did say simple, didn't I?

To make it even simpler, I like to use the traditional postal system as an analogy.

If you didn't get any of that don't worry. It's not an easy thing to get your head around. For now you can just consider the API the secure way of communicating data and requests between the AISPs and the Banks (ASPSPs).

So, back to step 3 and using this newly established postal analogy. At this step, the AISP or a Third Party Provider (TPP) who built the approved API with the account provider, will attempt to start a new pen pal relationship behind the scenes. The user will be redirected to their bank's app or online portal to then authenticate themselves and approve this relationship from the account provider side.

Step 4 - Initialise authentication of user with the Account Provider

At this point, the AISP or the Third Party Provider (TPP) has initiated the authorisation request as part of the API. But before any information can be shared, the user has to first authenticate themselves in the account provider's native portal or app to establish a secure connection. If it's using the account provider's digital app, then authentication is as straightforward as FaceId, TouchID, a passcode or a secure link via email. If it's through an online portal then it'll usually involve the online ID, passcode and sometimes a digital or physical code generator.

They'll essentially use the same authentication method they would usually use if they were just logging in to check transactions or balances

Step 5 - Display and select available accounts to connect

Now that the user has been authenticated, the account provider will display the accounts available to connect. As mentioned before, the main focus has been Current Accounts so at the very least these will be available to select, but institutional account providers like HSBC, Barclays and others also make some savings accounts available via Open Banking APIs. The user will also be able to see what data will be shared by the account provider with the AISP here.

Step 6 - User Selects and Confirms access to the account(s)

At this stage, the user will select the account(s) they want to share with the AISP. Once selected, the user has to confirm, by clicking a final confirmation button, that they are happy to share the information for the selected accounts with the AISP. Once confirmed, this authorisation will be sent back to AISP or TPP (whoever initiates the API request).

Step 7 - AISP/TPP API receives authorisation from the ASPSP

So now the user has given authorisation to share their data and the authorisation is confirmed with the AISP/TPP so they can start requesting this data. This is another techy bit that happens in the background.

If we use the postal analogy again, imagine the envelope was extremely secure and could only be opened and closed with a key. Bear with me. Now that the user has authorised the AISP/TPP to request information, both the AISP/TPP and the account provider have a copy of the key and are able to open and close the envelope.

The first request that the AISP/TPP usually makes is to pull account information, transaction history, balances, regular payments etc to power the app. The request is put in the envelope, locked up with the key and sent to the account provider. The account provider then unlocks it, processes the request (as long as it's in the expected format) puts the response back in the envelope, locks it up and sends it back to the AISP/TPP.

Step 8 - User redirected back to App (AISP)

Now that consent has been given to access account information and the initial data request has been made, the app can use that data to populate its key features. At this point the user may see a loading screen depending on if the app was able to process the data from the account provider in the background or not.

If data was processed in the background the user will be able to see the apps key features in action which will include:

• Summary of the accounts selected
• List of all the transactions across the selected accounts
• Some categorisation of the transactions
• Insights and analysis into spending i.e. 60% of outgoing transactions are for grocery's

Step 9 - App has access to users account information for 90days 180 days from the last consent

Going back to that postal analogy one last time. The key given to both parties to allow the AISP to send and receive information from the account provider is valid for 180 days from the date consent is given by the user. It used to be 90 days but after a review or risks and a consultation it was thankfully extended to 180. After 180 days, the key becomes invalid, and the user will need to re-consent to share information and get a 'refreshed' set of keys now that the locks have changed so the AISP can continue to lock and unlock that secure envelope to request and receive information like daily transactions and balances.

If you want to read back at any of my previous Open Banking deep dives that cover PFM, Pay by Bank, US Open Banking and to stay up to future editions, make sure you sign up to the newsletter using the button below and check out the dedicated OB section I’ve created on the home page.

Thanks for reading Fintech R&R ??! Subscribe for free to receive new posts and support my work.

???? Subscribe Now ????

The past, The present, and the future…??

That Open Banking Flow write-up was originally posted in mid-2021, a long time before I started this newsletter, which is why it's relevant to reshare. At the end of the LinkedIn article, I wrote a few, let's say, hopes and dreams for the future of Open Banking, so it's only fair to take a quick look at those hopes from three years ago and see if they've come to life.??

Spoiler Alert: Very few of them have

More Account Coverage ??????

What I said then:

"When the PSD2 regulation trickled down to the UK back in 2018, it was initially only the 9 biggest UK banks (CMA9) who were obligated to provide access to accounts. And it was current account data that was the core of the data access initiative.

There are now over 150 UK firms giving access to information via OB and you can see some of those providers here . Banq has also created a really smart Open Banking Tracker that makes it easy to see the account providers and TPPs.

So the next obvious step is to get FULL coverage of all account providers and bank accounts before doing anything too groundbreaking. This will mean all account providers creating OB compliant APIs that AISPs/TPPs can use to access information which will of course take time"

And now?

This is one that, unsurprisingly, has come to fruition. Current Account coverage is pretty good. Truelayer and other TPPs claim to have around 98% personal and business current account coverage.?

This is where the positivity starts to wane.

Open Banking - > Open Finance ??????

What I said then:

“As mentioned at the beginning of the article, Open Banking started with accessing current account information, which falls under the Income and Expenses pillars of personal finance management. The next step is to broaden the scope from Open Banking - covering core bank products like Current Accounts - to more of an Open Finance model - including Mortgage, Credit Card, Investment, Savings and Pension products from all providers.

Once the full range of products across all pillars of personal finances are available (including Debts & Assets as well as Income & Expenses), it gives a much more useful picture to the customer about the state of their finances and puts the PFM tools in a much better position to guide and assist customers in improving their financial health.”

And now?

This is where the disappointment starts. As you can probably tell, in 2021 I was very optimistic about what would be next. The example I gave was fairly simple but the account coverage hasn't extended much beyond current accounts which makes Open Finance impossible. I am still hopeful that now the roadmap is complete, the Open Banking Implementation Entity (or whatever the future entity will be called) will put this at the top of their agenda for future UK OB progression to create a more interconnected financial ecosystem and more value for end consumers.?

Cash Sweeping ??????

What I said then

“This is a big one that I'm very excited about!

Back in November 2020, the OBIE held an open consultation into Variable Recurring Payments and Sweeping. They also published detailed documentation of the 2 initiatives and in the Sweeping Evaluation Paper they defined it as "the automatic movement of funds between two accounts held at different institutions".

The paper also included several potential use cases for this Sweeping functionality like:

• Sweeping funds into an overdrawn current account
• Sweeping excess funds into mortgage account to repay a loan more quickly and so reduce the cost of debt
• Sweeping funds into a savings account to enable customers to reach their savings goals sooner or maximise the interest they get on their savings?

So what does this mean in reality?

Now we've all had that month where we go a bit off the rails and spend more than we earn. Those extra couple of nights out along with a few takeaways and some fun online shopping sprees add up and can take you into your overdraft. At present, when you land in your overdraft you'll be charged interest even if you have money available sitting in another savings account (unless you're in the interest-free overdraft range).

A slightly more positive example would be using the sweep functionality to move unused money in your current account into a savings account. The PFM tool could use spending analysis from previous months, look at the amount of money sitting in your current account and move a percentage of that unused money into a savings account. Essentially making more of that leftover money that usually sits in your current account earning zero interest”

And now?

It is a clear example but one that, disappointingly, I'm yet to see in the wild. Now that the roadmap is complete and VRP is live with all the big banks, the expectation is that fintechs will be able to use this in earnest, but I'm disappointed that it's taken so long. Especially during a period where we've had a lot of interest rate changes and the value of this would have been clearly proven.

PERSONALISED Finance Management ??????????♂?????♀???????

What I said then:

“I've already touched on Personal Finance Management and the pillars of personal finances. But with these PFM tools now able to pull information from various accounts as well as capturing the goals and aspirations of each customer, there's a lot more scope to personalise the management of finances rather than giving cookie-cutter experiences.”

And now?

This does now exist to a degree. Tembo, the mortgage broker and home deposit savings app, has this functionality and uses Open Banking to pull account details and affordability, which is positive.?

But PFMs, more broadly, have underwhelmed. My assessment of the problem is that many PFMs only fulfil the first part of a User Story.?

User stories go like this.?

As a [User], I want to [XXXX], so that I can [XXXX].

The common PFM user story goes like this.

As a user, I want to see a consolidated view of my finances so I can make improvements in various areas, have more control over my money, and use it for specific medium- to long-term goals.?

The problem has traditionally been that the PFMs only only provided a consolidated view of finances and the "So What?" is never answered. You have a consolidated view of finances. So what? The next step is some action and direction.?

I'm a fan and user of Cleo, which does answer the "So What?" with their intelligent autopilot features and some other PFMs that give some clear actions and allow you to set goals, but not everyone has gone that step further.

This might seem like an Open Banking Rant edition, but my disappointment largely stems from my excitement about the opportunities that I saw back in 2018.?

It's like watching your favourite football player never quite live up to the promise they showed in the early days.?

I'm not alone, and I managed to speak to a couple of experts who've been ingrained in Open Banking for a while.

Luke Massie, CEO of VibePay , one of the cooler and customer-centric Pay by Bank products in the UK, is optimistic about the completion of the roadmap and what comes next.?

"The completion of the UK Open Banking Roadmap marks a significant step forward for the financial industry. At VibePay, we see this milestone as unlocking real opportunities for both businesses and consumers, especially with Variable Recurring Payments (VRPs) now in place with all banks. This achievement sets the stage for more efficient, transparent, and secure financial services, which will transform how payments and financial data are managed.

As Open Banking continues to evolve, collaboration between banks and emerging fintech companies will be key to improving customer experiences. We hope to see a stronger focus on creating frictionless payment journeys, enhancing fraud protection, and improving payment completion success rates."

With the Visa news at the top of the newsletter, I think Luke and VibePay will get that wish of focus on fraud protection and improving payment completion success rates.?

I also got some thoughts from Barry O'Donohoe , CEO of Raidiam , Open Banking framework experts and Barry himself is someone who's been deep in the space before it was in the fintech lexicon.?

I've had some great conversations with him and this time I asked him about the key considerations for any new Open Banking framework and here are his concise and insightful bullets:

Need a long-term regulatory framework and an independent entity to oversee, govern, and drive the rollout.

This entity needs to have stable and secure funding to sustain its function, possibly through an industry commercial model that contributes on a non-profit basis.

This is critical for the development and ongoing evolution of technical standards to enable new use cases and keep pace with industry/technology advances in order to realise the benefits for all of Open Finance & Smart Data.

Beyond the national focus, it's important not to lose sight of cross-border and even cross-sectoral data sharing opportunities and supporting multi-lateral federations between different international open finance hubs as the Bank of International Settlements are prototyping currently. We live in an increasingly mobile world, with more and more people on the move – how can they be better served beyond a national border?

And finally, there is no point in having standards if their implementation is not rigorously and routinely validated at a deep technical level - security and functionality-wise. This is necessary to demonstrate conformance and ensure parity of implementation across all participants, promoting interoperability, levelling the playing field to optimise market dynamics and inspire trust and confidence from all stakeholders, including users."

Great advice for any region looking at building a framework, and the last point is explicitly one I've discussed before. Interoperability is crucial in solving a broader range of consumer and business challenges using Open Banking, from cross-border transfers and trade to credit score porting, setting up a business in a new region and many more.??

There is no doubt UK OB has progressed from 2021.?

At the time of writing the original, there were 2.5 million active users, and that number has now quadrupled to over 10 million. Payments have also grown rapidly, and over 11 million Open Banking payments have been made.

However, UK Open Banking is not the shining example that it once was, and the implementation of the Kingdom of Saudi Arabia's Open Banking is the perfect example of that.?

The KSA framework was initially a replication of the early successful UK model but has recently diverged. One of the key differences that I think will ensure more valuable products using the framework is the fact that they outlined a number of use cases which is spreading the technology further and wider, something the UK did not do, which led to an initial concentration in TPPs and PFM apps.

Click below to read more about UK Open Banking evolution.

?? Fintech R&R ????- Open Banking Phase 3.0

The country also understands the power of true standardisation of APIs encapsulated by the quote below.?

"Standardized APIs enable interoperability between providers, leading to a more cohesive financial ecosystem," - Abdulla Al-Moayed, Founder & CEO of Tarabut

Based on their current trajectory, I think KSA will leapfrog the UK in terms of advancement of their open banking framework and richness of end user solutions within a couple of years.?

But I am also hoping that, now the Open Banking roadmap has been delivered, the new entity that will oversee developments will do something similar to what I’ve done with this edition.?

???? Revisit the implementation.

???? Take a look at the things that went well and what went not so well.

???? Align the objectives of UK OB to the outcomes.?

???? Fully assess the current market, current solutions, prevailing challenges and specific customer challenges.

???? Assess how Open Banking can help solve these challenges.

???? Outline a new roadmap with clear uses that solve problems and push ahead with delivery

I’m hoping, in two years time, I end up writing another Revisited edition that looks at some of these comments, and praises the next two years as a success and driving forward innovation in UK Open Banking and returning it to the top of the global OB framework perch.

Here’s to hoping ??

If you enjoyed this edition, drop a like and comment below, and share it with a friend or colleague. On a side note I’d love to know what Open Banking powered app is a mainstay on your phone.

See you in two weeks for another

J.

Share this edition with a friend

Fintech Spotlight ??: Wafeer - Personal Finance Management for Saudis

Wafeer is a personal finance management app based in Saudi Arabia, designed to help individuals take control of their finances with ease and efficiency. Catering to the growing demand for financial literacy and budgeting tools in the Kingdom, Wafeer offers a streamlined platform for tracking spending, setting savings goals, and analysing financial habits. The app is tailored to align with local financial practices, supporting Arabic language and integrating with regional banks for real-time updates. Wafeer’s intuitive design, automated insights, and goal-setting features empower users to make informed financial decisions, promoting savings culture and financial independence across the Saudi market.

A much needed product in the region based on falling financial literacy levels and projected increase in household income over the next few years.

Interesting News??

Revolut and Nubank come to MENA - I was at Dubai Fintech Summit earlier this year when Revolut Founder & CEO Nikolay Storonsky announced the desire from him (and the appetite from the 100,000 strong UAE waiting list) of launching Revolut in the UAE so I expected some entry into the market but I did not expect Nubank to join the race. Some folks are asking about their likelihood of success and I think it’s a foregone conclusion.

The digital banking market in MENA and drilling further into GCC is wide open.

STC Bank will likely dominate in KSA, similarly LIV in the UAE but as we've seen in the West and the East, competition drives innovation so I expect it will be a success and will be the rising tide that lifts all the digital banking boats.

Nubank and Revolut also clearly know their market and understand that superapps have a higher stickiness rating in the region vs standalone offerings (STC Bank is the perfect example but apps like Careem which offer rides, food, payments, car hire and more have high penetration and usage among customers).?

That’s before you consider how underserved SMEs are by digital banking solutions. Something I’m sure Revolut has also considered as part of this market entry strategy ??