Under the Hood: Open Banking Account Information for PFM

Preamble

This is the second in a series of deep dives into the underlying technology powering Fintech apps and processes. This time I'm taking a look under the hood of the Open Banking Account Information Service for PFM. This will cover apps that use Open Banking to connect multiple accounts in a single place and help with the management of your finances.

But, this isn't the catchiest of titles so let's break it down and give it context before getting into the flow itself.

UK Open Banking

"...sorry Brexiteers...EU Regulation isn't about straightening bananas and taking away consumer rights"

So we cant talk about Open Banking without first talking about PSD2. The revised or Second Payment Services Directive (PSD2) is an EU regulation whose objectives include:

• To contribute to a more integrated and efficient European payments market
• Make payments safer
• Increase the consumers’ protection
• Foster innovation and competition while ensuring a level playing field for all players, including new ones.

The regulation was 'entered into force' (which basically means brought into existence in EU Law) in 2016 and EU Members had until 13th Jan 2018 to transpose it into national law.

Account Information Service

One of the biggest innovations detailed in the PSD2 regulations is the 'access to account' services defined in Articles 66 & 67 of the regulation. Look, I'm no lawyer. And I don't expect you to be either. But if you are, feel free to read the whole PSD2 doc here.

For the rest of us, Article 66 outlines Payment Information Services (PIS) – Giving the user the right to use third-party services that can initiate payments – and Article 67 outlines Account Information Services (AIS) – Giving the user the right to use third-party services that access and make use of the users account information.

Simply put, it means banks HAVE to give secure access to Payment Services and Account Information so third parties can create tools that will ultimately benefit the customer. Got it?

So. This is where Open Banking comes in.

Even though Open Banking as a concept has been around for a while, the requirement for a secure way to give providers access to your financial information was given more urgency when PSD2 came into effect and so the Open Banking term became much more mainstream. And in the UK it's the Open Banking Implementation Entity (OBIE) who were responsible for implementing these new initiatives and who continue to oversee Open Banking initiatives, drive innovation & competition and hold banks to account (pardon the pun). You can find out more about them and what they do here.

Reading this, you might be thinking that PSD2 is a positive EU regulation and you'd be right. So before I carry on, I'd like to say sorry to the Brexiteers because it's clear that EU Regulation isn't about straightening bananas and taking away consumer rights. ??

Personal Finance Management (PFM)

The term PFM covers the management of money across the 4 pillars of personal finances: Assets, Debts, Income, and Expenses

At present, PFM tools largely cover the creation of budgets and savings goals as well as aspects of spending analysis which sits in the Income and Expenses pillars. Part of the reason the focus has been concentrated on these pillars is, the initial requirement in the UK was to expose Current Account information via the Account Information Service. And Current Accounts are where most people have their income paid into and where most expenditure comes from hence the concentration on the Income & Expenses pillars but we'll dive into that a bit later.

PFM tools like Emma, Dozens and Lumio use the Account Information Service to pull transactions and other info from user's accounts. They then aggregate them so they can get a full picture of Income and Expenses to show users where they can generally improve their finances, pinpoint areas where they can save more and cut back on spending.

Now the context is out of the way, let's get into it. And for anyone who hasn't seen the original post, you can check it here and it'll help to have it in another tab to refer back to: Open Banking Process.

Open Banking flow for PFM

Step 1 - Initiate the connection of an account

The app using the Account Information Service is known as the Account Information Service Provider or AISP for short. So apps like Emma and Money Dashboard are AISPs Most PFM apps that rely on external account information will prompt the user to connect an existing account as soon as they open up the app. The user will be presented with a list of Account Servicing Payment Service Providers, or ASPSPs, for short. These will be banks, building societies and all other account providers like HSBC, Monzo, Barclays etc. The user will select the provider of the account they want to connect.

Step 2 - Summarise information access and prompt for consent

Once the account provider has been selected, the AISP will present the user with a summary of the account access request containing:

• The data that will be requested from the account provider
• The actual entity accessing the data
• Duration of the data access
• Confirmation of a redirect to the selected Account Provider once consent has been given

They will then be prompted to consent to access based on the above and if consent is not given the process ends.

Step 3 - Establish technical connection with Account Provider via API

Now the user has given consent, the AISP has permission to establish a connection with the user's account provider via an API. This is via an API that they themselves have built or they use a Third Party's API.

A quick word about APIs ??????

So let's get the techy bit out of the way. API stands for Application Programming Interface. A simple definition for an API is a gateway with a set of procedures that gives access to a defined set of functions and data of a system. I did say simple, didn't I?

To make it even simpler, I like to use the traditional postal system as an analogy.

If you didn't get any of that don't worry. It's not an easy thing to get your head around. For now you can just consider the API the secure way of communicating data and requests between the AISPs and the Banks (ASPSPs).

So, back to step 3 and using this newly established postal analogy. At this step, the AISP or a Third Party Provider (TPP) who built the approved API with the account provider, will attempt to start a new pen pal relationship behind the scenes. The user will be redirected to their bank's app or online portal to then authenticate themselves and approve this relationship from the account provider side.

Step 4 - Initialise authentication of user with the Account Provider

At this point, the AISP or the Third Party Provider (TPP) has initiated the authorisation request as part of the API. But before any information can be shared, the user has to first authenticate themselves in the account provider's native portal or app to establish a secure connection. If it's using the account provider's digital app, then authentication is as straightforward as FaceId, TouchID, a passcode or a secure link via email. If it's through an online portal then it'll usually involve the online ID, passcode and sometimes a digital or physical code generator.

They'll essentially use the same authentication method they would usually use if they were just logging in to check transactions or balances

Step 5 - Display and select available accounts to connect

Now that the user has been authenticated, the account provider will display the accounts available to connect. As mentioned before, the main focus has been Current Accounts so at the very least these will be available to select, but institutional account providers like HSBC, Barclays and others also make some savings accounts available via Open Banking APIs. The user will also be able to see what data will be shared by the account provider with the AISP here.

Step 6 - User Selects and Confirms access to the account(s)

At this stage, the user will select the account(s) they want to share with the AISP. Once selected, the user has to confirm, by clicking a final confirmation button, that they are happy to share the information for the selected accounts with the AISP. Once confirmed, this authorisation will be sent back to AISP or TPP (whoever initiates the API request).

Step 7 - AISP/TPP API receives authorisation from the ASPSP

So now the user has given authorisation to share their data, the authorisation is confirmed with the AISP/TPP so they can start requesting this data. This is another techy bit that happens in the background.

If we use the postal analogy again, imagine the envelope was extremely secure and could only be opened and closed with a key. Bear with me. Now that the user has authorised the AISP/TPP to request information, both the AISP/TPP and the account provider have a copy of the key and are able to open and close the envelope.

The first request that the AISP/TPP usually makes is to pull account information, transaction history, balances, regular payments etc to power the app. The request is put in the envelope, locked up with the key and sent to the account provider. The account provider then unlocks it, processes the request (as long as it's in the expected format) puts the response back in the envelope, locks it up and sends it back to the AISP/TPP.

Step 8 - User redirected back to App (AISP)

Now that consent has been given to access account information and the initial data request has been made, the app can use that data to populate its key features. At this point the user may see a loading screen depending on if the app was able to process the data from the account provider in the background or not.

If data was processed in the background the user will be able to see the apps key features in action which will include:

• Summary of the accounts selected
• List of all the transactions across the selected accounts
• Some categorisation of the transactions
• Insights and analysis into spending i.e. 60% of outgoing transactions are for grocery's

Step 9 - App has access to users account information for 90days from the last consent

Going back to that postal analogy one last time. The key given to both parties to allow the AISP to send and receive information from the account provider is valid for 90 days from the date consent is given by the user. After 90 days, the key becomes invalid, and the user will need to re-consent to share information and get a 'refreshed' set of keys now that the locks have changed so the AISP can continue to lock and unlock that secure envelope to request and receive information like daily transactions and balances.

So what's next for Open Banking and PFM apps

The likes of Emma, Yolt, Money Dashboard and others make great use of the Account Information Service to pull in information from multiple accounts, display transactions from those accounts, provide useful categorisation & insights and encourage the forming of good financial habits.

But is that the limit of what these PFM tools can do? The short answer...No. Here's the slightly longer answer ????????????????

More account coverage ??????

When the PSD2 regulation trickled down to the UK back in 2018, it was initially only the 9 biggest UK banks (CMA9) who were obligated to provide access to accounts. And it was current account data that was the core of the data access initiative.

There are now over 150 UK firms giving access to information via OB and you can see some of those providers here. Banq has also created a really smart Open Banking Tracker that makes it easy to see the account providers and TPPs.

So the next obvious step is to get FULL coverage of all account providers and bank accounts before doing anything too groundbreaking. This will mean all account providers creating OB compliant APIs that AISPs/TPPs can use to access information which will of course take time

Open Banking - > Open Finance ??????

As mentioned at the beginning of the article, Open Banking started with accessing current account information, which falls under the Income and Expenses pillars of personal finance management. The next step is to broaden the scope from Open Banking - covering core bank products like Current Accounts - to more of an Open Finance model - including Mortgage, Credit Card, Investment, Savings and Pension products from all providers.

Once the full range of products across all pillars of personal finances are available (including Debts & Assets as well as Income & Expenses), it gives a much more useful picture to the customer about the state of their finances and puts the PFM tools in a much better position to guide and assist customers in improving their financial health.

Cash Sweeping ??????

This is a big one that I'm very excited about!

Back in November 2020, the OBIE held an open consultation into Variable Recurring Payments and Sweeping. They also published detailed documentation of the 2 initiatives and in the Sweeping Evaluation Paper they defined it as "the automatic movement of funds between two accounts held at different institutions".

The paper also included several potential use cases for this Sweeping functionality like:

• Sweeping funds into an overdrawn current account
• Sweeping excess funds into mortgage account to repay a loan more quickly and so reduce the cost of debt
• Sweeping funds into a savings account to enable customers to reach their savings goals sooner or maximise the interest they get on their savings 

So what does this mean in reality?

Now we've all had that month where we go a bit off the rails and spend more than we earn. Those extra couple of nights out along with a few takeaways and some fun online shopping sprees add up and can take you into your overdraft. At present, when you land in your overdraft you'll be charged interest even if you have money available sitting in another savings account (unless you're in the interest-free overdraft range).

A slightly more positive example would be using the sweep functionality to move unused money in your current account into a savings account. The PFM tool could use spending analysis from previous months, look at the amount of money sitting in your current account and move a percentage of that unused money into a savings account. Essentially making more of that leftover money that usually sits in your current account earning zero interest

PERSONALISED Finance Management ????????????♂??????♀????????

I've already touched on Personal Finance Management and the pillars of personal finances. But with these PFM tools now able to pull information from various accounts as well as capturing the goals and aspirations of each customer, there's a lot more scope to personalise the management of finances rather than giving cookie-cutter experiences.

Summary

Over the past few years, Open Banking has given rise to nearly 300 Fintechs & providers and there are around 2.5 million consumers and businesses using Open Banking products. Whilst there's a bit more I could say to summarise I'll outsource part of the summary to someone else...

“While there is still much to be done, individual consumers and small businesses are already seeing the benefits of the ecosystem and functionality we have put in place. This work serves as a natural blueprint for how the ‘open’ philosophy can be extended to everything from open finance to open telecommunications, thereby giving customers greater control and greater benefits.” - Imran Gulamhuseinwala OBE - OBIE Implementation Trustee

Couldn't have said it better myself. Open Banking has created an solid foundation that many have already built on but there's much more to come. Open Finance, lots more automation and the hyper personalisation of finance management is coming...and it's coming fast!

If you enjoyed this article and think others will too, drop it a like below and give it a share????????????????

And for anyone in the process of developing a progressive PFM tool of their own and want's some guidance on designing a unique and valuable product, drop me a message at [email protected] and I'll detail how I can help!