What is Open Banking?
Open Banking means you can choose to share your bank account information securely and electronically with companies like Xero. It was designed to encourage competition in the banking industry, giving you more choice, as well as greater control of your data and how it’s used.
More questions answered
Open Banking includes the practice of securely sharing financial information electronically with customer consent. It was set up by the Competition and Markets Authority (CMA) in conjunction with the largest nine UK banks on behalf of the UK Government to bring more competition and innovation to financial services. Open Banking complies to PSD2 legislation and provides the technical framework (gateways or APIs) for the sharing of bank account information with customer consent.
The second Payment Services Directive, or PSD2, is legislation adopted by the European Union in 2015 to promote the development and use of new financial technologies. Open Banking complies to PSD2 legislation and provides the technical framework (gateways or APIs) for the sharing of bank account information with customer consent.
From 14 September 2019, new standards under PSD2 are scheduled to be introduced. These new standards impose changes to the way third parties access data from banks. As a result, some of Xero’s bank feeds will be replaced by new direct bank feeds to ensure they’re compliant by using Open Banking.
For bank feeds that are impacted by the new requirements, you may be required to change the way your bank connects to Xero. We will provide more detailed instructions to you over the coming weeks so you can prepare for this process.
We will share more information and dates over the coming weeks. The new bank feeds will likely be made available in stages, so if you have bank feeds with numerous banks, new feeds will likely become available at different times.
The new feeds will initially be available for most banks in the UK, including the nine largest. Often referred to as the CMA9, these include banks Xero already has a direct bank feed within the UK – like Barclays, HSBC, Santander and RBS – as well as banks Xero doesn't already have a direct feed with like Lloyds.
For a complete list of the CMA9 banks, visit the Open Banking Implementation Entity.
Where new bank feeds are available, they will be free for all applicable banks and bank accounts. For existing direct bank feeds that are compliant under the new requirements, the cost will remain unchanged.
Open Banking moves us from a world where your bank controls the data they hold about you, to one where you own your data and can control how it’s used.
At Xero we’ve been delivering on the principles of Open Banking for more than 10 years. Our bank feeds have enabled small businesses to connect their bank accounts to Xero so that transaction data automatically flows in for easy reconciliation and greater visibility of cash flow.
Open Banking will continue to provide this data automation to Xero small businesses and partners. In addition, the new bank feeds allow you to connect directly through a completely digital process. This means transactions are transferred through a direct connection between your bank and Xero, rather than using screen scraping.
Xero is registered by the Financial Conduct Authority (FCA) as an Account Information Service Provider (AISP), which means we are authorised to access our customers’ bank account information when they ask us to. As an AISP we have ‘read-only’ access to bank account information, so we are simply retrieving a customer’s bank transaction data to provide an automated feed of transactions into Xero. Rest assured we do not have the ability to move a customer’s money.
Businesses that are authorised to use Open Banking, like Xero, are listed on the FCA’s Financial Services Register and on the Open Banking directory. To get listed, businesses need to go through a stringent assessment by the FCA and have systems, processes and security standards in place that meet their requirements.
Security is at the heart of the Open Banking design. Here’s how:
- It’s regulated – only apps and websites regulated by the Financial Conduct Authority or European equivalent can use Open Banking.
- Bank-level security – Open Banking uses rigorously tested software and security systems. You will only ever interact with your bank directly, so you’ll never be asked to give your bank login details to anyone else.
- You’re in charge – you choose when you want to share your data, and for how long.
Your bank will only allow authorised and regulated financial services providers to connect with your bank account. They will also let you remove access to any business you’ve connected from within your online banking. For security, customers will also be asked to re-authenticate their Open Banking connection every 90 days.