Four and a half years since open banking regulations came into effect, one of the biggest causes of customer friction has been addressed by the Financial Conduct Authority – scrapping the 90-day data sharing rule.
Data sharing between authorised third-party providers (TPPs) – often fintech companies – and banks promised to give customers better choice and control over their finance. While the ambition has already been realised to some degree, with 10-11% of digitally-enabled consumers now estimated to be active users of at least one open banking service, unnecessary friction in the customer journey means that this figure remains modest.
Outlining its proposed amendments to the rule in November 2021, the FCA revealed that some TPPs experienced significant customer attrition rates of around 20-40% at the 90-day mark when customers had to re-authorise access to their accounts.
Forcing customers to actively provide consent every three months to maintain access to these services – though well-intentioned – was a thorn in open banking’s side. Promisingly, the simplification of consent requirements will be a boon for the industry.
The delicate challenge of regulating consent
When the FCA introduced the initial 90-day re-authentication rule, they clearly had the users’ data privacy in mind. It was the right thing to do as the FCA focused on establishing the playing field for open banking as a new technology.
The rule consciously erred on the side of the consumer, reassuring customers that they were not locked in and could always decide to opt out every 90 days. It was a valuable exercise in building trust – both on the side of the FCA and the consumer.
Now that this trust has been built and open banking solutions have been implemented in a vast number of products (see: new forms of credit scoring, personal financial management solutions, loyalty cards), the time has come to adjust the FCA’s rule to further improve user experience and decrease friction – and in doing so address the high drop-off rate that was hindering mass adoption.
The latest change spells good news for all companies that rely on open banking integrations for their products and services. The need to re-authenticate caused immense friction for many account information service providers (AISPs), in effect introducing an expiration date for the solutions if consumers were not able to re-authenticate.
In many cases a user’s failure to re-authenticate was not a conscious decision, but rather the result of either forgetting – or not knowing – that they had to do so to continue using a service.
Trying to educate users on the necessity of re-authenticating, and then guiding them through a multi-step re-authentication process, is a challenging task for open banking providers, which in many cases led to users abandoning their products after the short 90-day period.
In particular, the inconvenience of having to manually log into their individual accounts to re-authenticate was serving as a major disincentive to finalise the process.
Good UX is good for open banking
A strong user experience (UX) is paramount for the success of any digital solution, and open banking services are no exception. The updated open banking 90-day rule, which only requires a ‘quick’ confirmation, will help to reduce or even eliminate this friction and thereby help providers to grow their user bases. The onus is now on TPPs to make re-consenting as pain-free as possible, for example by enabling customers to automatically renew consent for all their connected accounts through one click.
Providers no longer face an uphill battle to keep users engaged, but this does not mean that there is not more that can be done. There is a fresh opportunity to nurture a closer customer relationship and demonstrate the potential that open banking data-sharing and data science has to improve financial wellbeing.
A balancing act
As with the introduction of any new technology, it has taken time for open banking to gain trust and confidence. Now that it has established itself as a valuable tool to improve financial decision-making and is embedded in a vast range of products and services (e.g. payments methods, KYC-solutions, lending products), we are moving towards a new phase of growth.
TPPs must demonstrate that they continue to take security seriously, giving users confidence that they can view, manage, and revoke consent easily at any time with controls that are easily accessible. Open banking relies on users consenting to provide access to some of their most sensitive data and as such it is crucial that they can trust open banking providers as well as the responsible regulator. This is essential as only then will this rule change also be good news for users in the long term.
Ricardo Falter is fintech M&A associate at Royal Park Partners.