Open Banking moves us from a world where your bank controls the data they hold about you, to one where you own your data and can control how it’s used.
At Xero we’ve been delivering on the principles of Open Banking for more than 10 years. Our bank feeds have enabled small businesses to connect their bank accounts to Xero so that transaction data automatically flows in – meaning easy reconciliation and greater visibility of cash flow.
Open Banking will continue to provide this data automation to Xero small businesses and partners. In addition, the new bank feeds allow you to connect directly through a completely digital process. This means transactions are transferred through a direct connection between your bank and Xero, rather than using screen scraping.
What Open Banking means
Open Banking includes the practice of securely sharing financial information electronically with customer consent. It was set up by the Competition and Markets Authority (CMA) in conjunction with the largest nine UK banks on behalf of the UK Government to bring more competition and innovation to financial services.
Open Banking complies with the second Payment Services Directive (PSD2) legislation and provides the technical framework (gateways or APIs) for the sharing of bank account information with customer consent.
The second Payment Services Directive, or PSD2, is legislation adopted by the European Union in 2015 to promote the development and use of new financial technologies.
Standards came into effect on 14 September 2019
On 14 September 2019, new standards under PSD2 were introduced. These new standards impose changes to the way third parties access data from banks. Under the new requirements, existing Xero bank feeds with Barclays, and all UK and EU bank feeds set up using Yodlee, will no longer be available. Most of these feeds are being replaced by new direct bank feeds to ensure they’re compliant with Open Banking standards.
While the requirements came into effect on 14 September 2019, a six month adjustment period was provided by the UK’s Financial Conduct Authority in early August, which means most UK banks can continue to allow customers to use Yodlee feeds up until 14 March 2020. Barclays feeds will also continue up until 14 March 2020. Refer to this list to see the latest status of each bank feed.
As new direct feeds become available over the coming months, we’ll let affected customers know so they can switch.
How Xero is involved with Open Banking
Xero is registered by the Financial Conduct Authority (FCA) as an Account Information Service Provider (AISP), which means we are authorised to access our customers’ bank account information when they ask us to. As an AISP we have ‘read-only’ access to bank account information, so we are simply retrieving a customer’s bank transaction data to provide an automated feed of transactions into Xero. Rest assured we do not have the ability to move a customer’s money.
Businesses that are authorised to use Open Banking, like Xero, are listed on the FCA’s Financial Services Register and on the Open Banking directory. To get listed, businesses need to go through a stringent assessment by the FCA and have systems, processes and security standards in place that meet the FCA’s requirements.
How Open Banking affects Xero’s bank feeds
On 14 March 2020, standards introduced under PSD2 took effect. These new standards impose changes to the way third parties access data from banks. Under the new requirements, old Xero bank feeds with Barclays, and all UK and EU bank feeds set up using Yodlee, are no longer available. Most of these feeds have been replaced by new direct bank feeds to ensure they’re compliant with Open Banking standards.
About Xero’s partnership with OpenWrks
OpenWrks has successfully delivered the first Open Banking connections in the UK and are now helping UK banks to deliver compliant Open Banking gateways for third parties to connect to.
OpenWrks is acting as a Technical Service Provider on Xero’s behalf to enable us to access Open Banking gateways. They act as a messenger between your bank and Xero. OpenWrks gets ‘read-only’ access to your bank account when you authorise the bank connection, and securely passes bank transaction data from your bank to Xero.
Neither Xero nor OpenWrks can move your money or see your online banking credentials. Your bank transaction data will remain secure. OpenWrks is fully approved by the UK’s Financial Conduct Authority.
Security and Open Banking
Security is at the heart of the Open Banking design. Here’s how:
- It’s regulated – only apps and websites regulated by the Financial Conduct Authority or European equivalent can use Open Banking.
- Bank-level security – Open Banking uses rigorously tested software and security systems. You will only ever interact with your bank directly, so you’ll never be asked to give your bank login details to anyone else.
- You’re in charge – you choose when you want to share your data, and for how long.
Your bank will only allow authorised and regulated financial services providers to connect with your bank account. They will also let you remove access to any business you’ve connected with from within your online banking. For security, customers will also be asked to re-authenticate their Open Banking connection every 90 days.
Our commitment to security
Both Xero and OpenWrks have been through a stringent assessment by the Financial Conduct Authority (FCA) to become authorised Account Information Service Providers (AISPs). Each organisation has robust systems, processes and security standards in place.
When you authorise the bank connection, both Xero and OpenWrks have ‘read-only’ access to your bank account and securely move bank transaction data from your bank to Xero. Neither Xero nor OpenWrks can move your money or see your online banking credentials.
We’re committed to the security of your data and provide multiple layers of protection for the personal and financial information you entrust to Xero. To help you understand how we protect and secure data, we encourage you to read our policy on security at Xero. It includes the option to request Xero’s Service Organisation Control (SOC 2) report for formal reviews of compliance obligations and for evaluating controls relating to security, availability and confidentiality.
Both Xero and OpenWrks are registered with the Financial Conduct Authority (FCA) to provide account information services, and are listed on the Open Banking directory – see here:
Can an accountant/bookkeeper authorise new bank feeds on behalf of a client?
Due to new requirements around strong customer authentication, the new Xero feeds can only be authorised by the bank account holder or someone with authorised access to online banking.
Changes to Xero bank feeds
If you have affected bank feeds that need to be changed, we’ll notify the person that manages your Xero subscription by email. There will also be notifications on your Xero dashboard under the bank accounts that are affected by the new requirements.
Existing Xero bank feeds with Barclays, as well as all UK and EU bank feeds set up using Yodlee, will be impacted by the new requirements. Refer to this page for a list of impacted and updated bank feeds. The new bank feeds will be made available in stages, so more feeds will become available over the coming months – keep an eye out on your Xero dashboard to see when you can switch.
If there is no replacement for your bank feed, you can manually upload transactions into Xero. If this is the case, we will let you know on the Xero dashboard under your affected bank feed.
Preparing your clients for Open Banking
If you’re a Xero Partner, log in to Xero HQ and open the Explorer tab to see which of your clients are affected and what action is required.
You’ll have an overview of how many clients are affected and what to do next. Plus, you’ll have the option to download a .CSV file which includes your clients’ contact details to help you communicate the changes with them. We recommend you download a new .CSV file to make sure you have the most up to date information.
Bank feeds for non-UK banks based in the European Union
Xero (UK) Limited is a UK incorporated company and a registered Account Information Service Provider (AISP) with the Financial Conduct Authority (FCA) in the UK. As such, we’re able to access bank account information from UK banks in accordance with PSD2 and Open Banking. Xero is not incorporated in any other EU country and, therefore, is not authorised to provide AISP services by any regulator in any other EU country, except for the UK.
What happens if I missed the deadline?
If you miss the deadline, your existing bank feed will stop importing transactions into Xero and you will lose the benefits of having a bank connection, such as easy bank reconciliation.
But don’t worry. You can connect bank feeds at a later date – you’ll just need to make sure that you import historical transactions back to the date your bank feed disconnected so there isn’t a gap in transactions. For your convenience, we’ll pre-select this date for you when you connect a new bank feed.
Authenticating your bank feed
When you connect a new bank feed or change your existing bank feed connection, as part of the new requirements, your consent will last for 90 days. After 90 days, you’ll need to re-authenticate your bank connection. Xero will remind you when you need to do this – it’s as simple as re-entering your online banking credentials. Whilst it’s a little extra admin, this is a new standard under Open Banking.
If you don’t re-authenticate my bank feed after 90 days, you can re-authenticate your bank feed at a later date. You’ll just need to make sure you import historical transactions back to the date your bank feed stopped importing transactions so there isn’t a gap. You can only import 90 days of historical transactions when re-authenticating your bank feed. If you need more historic data you’ll need to manually import transactions into Xero.
How the new direct bank feeds work
Transactions will automatically import into Xero each business day, in the morning and at various times throughout the day. Please note they may import into Xero at a different time than that with which you’re familiar today on your existing feed.
If you’re moving from a Yodlee feed, you won’t need to manually refresh the new bank feed for your transactions to import anymore. They will automatically import into Xero each business day.
Update your bank rules
Due to the way that the new bank feed is set up and mapped within Xero, you will likely need to review your bank rules to make sure they’re working. If your bank rule uses a condition of ‘Reference contains’ then you’ll need to edit the bank rule. A quick fix is to change this to ‘Any text field contains’. If the bank rule already uses a condition of ‘Any text field contains’ then there’s no action required.
How the new bank feeds will affect bank reconciliation
As the new feeds will be set up and mapped differently within Xero, bank memorisation will likely be affected. This means the suggestions Xero automatically makes during bank reconciliation will need to be re-learnt by Xero for a few weeks. During this time you’ll need to manually match transactions to complete your bank reconciliation. Please also check your bank rules are working, as these are what generate some of the suggested matches.