Your Open Banking questions answered
Get to know more about PSD2 compliance, Open Banking and the changes to Xero bank feeds with answers to our frequently asked questions.
Overview
Open Banking includes the practice of securely sharing financial information electronically with customer consent. It was set up by the Competition and Markets Authority (CMA) in conjunction with the largest nine UK banks on behalf of the UK Government to bring more competition and innovation to financial services. Open Banking complies to PSD2 legislation and provides the technical framework (gateways or APIs) for the sharing of bank account information with customer consent.
The second Payment Services Directive, or PSD2, is legislation adopted by the European Union in 2015 to promote the development and use of new financial technologies.
Open Banking moves us from a world where your bank controls the data they hold about you, to one where you own your data and can control how it’s used.
At Xero we’ve been delivering on the principles of Open Banking for more than 10 years. Our bank feeds have enabled small businesses to connect their bank accounts to Xero so that transaction data automatically flows in – meaning easy reconciliation and greater visibility of cash flow.
Open Banking will continue to provide this data automation to Xero small businesses and partners. In addition, the new bank feeds allow you to connect directly through a completely digital process. This means transactions are transferred through a direct connection between your bank and Xero, rather than using screen scraping.
From 14 September 2019, new standards under PSD2 are scheduled to be introduced. These new standards impose changes to the way third parties access data from banks. As a result, Xero bank feeds with Barclays, as well as all UK and EU bank feeds set up using Yodlee, will no longer be available. Most of these feeds will be replaced by new direct bank feeds prior to 14 September to ensure they’re compliant with Open Banking standards.
Xero is registered by the Financial Conduct Authority (FCA) as an Account Information Service Provider (AISP), which means we are authorised to access our customers’ bank account information when they ask us to. As an AISP we have ‘read-only’ access to bank account information, so we are simply retrieving a customer’s bank transaction data to provide an automated feed of transactions into Xero. Rest assured we do not have the ability to move a customer’s money.
Businesses that are authorised to use Open Banking, like Xero, are listed on the FCA’s Financial Services Register and on the Open Banking directory. To get listed, businesses need to go through a stringent assessment by the Financial Conduct Authority (FCA) and have systems, processes and security standards in place that meet the FCA’s requirements.
Security
Security is at the heart of the Open Banking design. Here’s how:
It’s regulated – only apps and websites regulated by the Financial Conduct Authority or European equivalent can use Open Banking.
Bank-level security – Open Banking uses rigorously tested software and security systems. You will only ever interact with your bank directly, so you’ll never be asked to give your bank login details to anyone else.
You’re in charge – you choose when you want to share your data, and for how long.
Your bank will only allow authorised and regulated financial services providers to connect with your bank account. They will also let you remove access to any business you’ve connected with from within your online banking. For security, customers will also be asked to re-authenticate their Open Banking connection every 90 days.
Yes, you can rest assured that your data is secure. Both Xero and OpenWrks have been through a stringent assessment by the Financial Conduct Authority (FCA) to become authorised Account Information Service Providers (AISPs). Each organisation has robust systems, processes and security standards in place.
When you authorise the bank connection, both Xero and OpenWrks have ‘read-only’ access to your bank account and securely move bank transaction data from your bank to Xero. Neither Xero nor OpenWrks can move your money or see your online banking credentials.
We’re committed to the security of your data and provide multiple layers of protection for the personal and financial information you entrust to Xero. To help you understand how we protect and secure data, we encourage you to read our policy on security at Xero. It includes the option to request Xero’s Service Organisation Control (SOC 2) report for formal reviews of compliance obligations and for evaluating controls relating to security, availability and confidentiality.
Due to new requirements around strong customer authentication, the new Xero feeds can only be authorised by the bank account holder or someone with authorised access to online banking.
Bank Feeds
If you have affected bank feeds that need to be changed, we’ll notify the person that manages your Xero subscription by email. There’ll also be notifications on your Xero dashboard.
When you log into Xero, a notification will appear on the dashboard under the bank accounts that are affected by the new requirements. If you see this notification, simply follow the onscreen instructions to change your connection. You’ll need your online banking credentials to connect the new feed.
Existing Xero bank feeds with Barclays, as well as all UK and EU bank feeds set up using Yodlee, will be impacted by the new requirements. Refer to this list to see exactly which banks and account types will be impacted. Xero partners and small businesses who are currently connected to these feeds will be notified over the coming weeks with what action they need to take.
Refer to this list which shows which bank feeds will have a replacement before 14 September, and which banks will not.
For customers migrating existing feeds, the new feeds will initially be available for most UK banks. If you have existing bank feeds, refer to this list which shows which feeds should have a replacement before 14 September 2019.
You’ll be able to connect your current accounts to Xero before 14 September 2019 for supported banks. However, some credit cards and savings accounts will be made available at a later date. We’ll let you know when they’re available to connect to.
Log in to Xero HQ and open the Explorer tab to see which of your clients are affected and what action is required.
You’ll have an overview of how many clients are affected and what to do next. Plus, you’ll have the option to download a .CSV file which includes your clients’ contact details to help you communicate the changes with them. Visit Xero Central for more information.
The new bank feeds will be made available in stages, beginning August 2019, and we’ll let you know by email and on the Xero dashboard when you can switch. If you have bank feeds with numerous banks, new feeds will likely become available at different times.
If you’re currently using Barclays bank feeds, or any UK and EU bank feeds set up using Yodlee, we’ll notify you of the deadline by email and on the dashboard when you login to Xero over the coming weeks.
If you miss the deadline, your existing bank feed will stop importing transactions into Xero and you will lose the benefits of having a bank connection, such as easy bank reconciliation.
But don’t worry. You can connect bank feeds at a later date – you’ll just need to make sure that you import historical transactions back to the date your bank feed disconnected so there isn’t a gap in transactions. You can do this by selecting the start date of the feed when you authorise the connection.
Where new bank feeds are available, they will be free for all applicable banks and bank accounts. For existing direct bank feeds that are compliant under the new requirements, the cost will remain unchanged. Existing direct feeds can be changed to the new direct feeds using Open Banking over the coming months, and we’ll communicate to customers when they’re available.
This depends on the bank in question. The new bank feeds will be made available in stages, based on their availability. If you have more than one bank feed with the same bank, you will be able to change the connections at the same time during the authorisation process. If you have more than one bank feed with different banks, you’ll need to change the connections separately.
We’ll notify you when more banks become available so you can change your existing connections. Keep an eye out for a notification on the dashboard when you log into Xero.
If your existing bank feed is available under the new requirements, you don’t need to change the connection. But if your existing bank feed is no longer available, and you choose not to change the connection, your existing bank feed will stop importing transactions into Xero and you will lose the benefits of having a bank connection, such as easy bank reconciliation.
When you connect a new bank feed or change your existing bank feed connection, as part of the new requirements, your consent will last for 90 days. After 90 days, you’ll need to re-authenticate your bank connection. Xero will remind you when you need to do this – it’s as simple as re-entering your online banking credentials. Whilst it’s a little extra admin, this is a new standard under Open Banking.
Customers using existing Barclays feeds, or any UK or EU bank feeds set up using Yodlee, will need to connect to a new feed, where available, to ensure transactions can continue to flow into Xero.
It’ll be simple to connect to a new feed from inside Xero. Once logged in to Xero, follow the onscreen instructions under your bank account on the dashboard. You’ll need your online banking credentials to connect the new feed. Once you’ve authorised this new connection, transactions will continue to flow seamlessly into Xero. We’ll provide more detailed instructions over the coming weeks but in the meantime, you can watch this video to see the process.
As part of the new requirements, you’ll also need to re-authenticate your bank connection every 90 days. Whilst it’s a little extra admin, this is a new standard under Open Banking and Xero will be here to support you every step of the way.
There will be replacement feeds for most Barclays account types, and most UK and EU feeds set up using Yodlee. However, not all banks and account types will have replacement feeds straight away, so some customers won’t have a feed to connect to. In the interim, businesses without a feed to connect to will need to manually import transactions into Xero or wait until a feed is available and backdate transactions. We will let our customers know by email and on the Xero dashboard when there is a feed available to connect to.
Not all affected feeds will be replaced by September 2019 as some banks will only make feeds available at a later date. Until a new feed is made available by the bank, customers can manually upload their transactions into Xero. Alternatively, customers can wait until the bank feed is available and, during the connection process, import historical transactions back to the date that their existing feed disconnected to avoid a gap in transactions.
If you’re setting up completely new bank feeds in Xero, the new direct feeds using Open Banking will be available from mid-August 2019. Until the new feeds become available, we recommend that you manually import transactions or backdate them when you connect the new feed.
The process to set up a bank feed is the same – just login to Xero, navigate to Accounting > Bank accounts, add a bank account and follow the steps to connect a bank feed. Note that you won’t be able to connect a Barclays feed using the existing method from 6 August 2019 until the new Barclays feed is available.
The new bank feeds are free of charge, easy to set up and secure. They allow you to choose the start date, so you can import up to 12 months of historical transactions if you need to. We’re working with a new supplier, OpenWrks on the new direct feeds for Open Banking. OpenWrks establishes a connection between your bank and Xero and transactions are transferred through this direct connection, rather than using screen scraping.
Transactions will automatically import into Xero each business day. However, they may import into Xero at a different time to what you’re familiar with today with your existing feed. We’ll let you know more over the coming weeks.
No, you won’t need to manually refresh the new bank feed for your transactions to import. They will automatically import into Xero each business day. You will need to reauthenticate your bank connection every 90 days for security, which requires you to re-enter your online banking credentials. While it’s a little extra admin, this is a new standard under Open Banking.
You’ll be able to move away from existing, compliant feeds in the coming months. To begin with, we’ll be making new feeds available to customers whose feeds will no longer be available under the new requirements. This will enable Xero to provide the appropriate level of support.
Due to the way that the new bank feed is set up and mapped within Xero, you will likely need to review your bank rules to make sure they’re working. If your bank rule uses a condition of ‘Reference contains’ then you’ll need to edit the bank rule. A quick fix is to change this to ‘Any text field contains’. If the bank rule already uses a condition of ‘Any text field contains’ then there’s no action required. Visit Xero Central if you need a reminder on how to edit the bank rules.
As the new feeds will be set up and mapped differently within Xero, bank memorisation will likely be affected. This means the suggestions Xero automatically makes during bank reconciliation will need to be re-learnt by Xero for a few weeks. During this time you’ll need to manually match transactions to complete your bank reconciliation. Please also check your bank rules are working, as these are what generate some of the suggested matches.
General
OpenWrks has successfully delivered the first Open Banking connections in the UK and are now helping UK banks to deliver compliant Open Banking gateways for third parties to connect to.
OpenWrks is acting as a Technical Service Provider on Xero’s behalf to enable us to access Open Banking gateways. They act as a messenger between your bank and Xero. OpenWrks gets ‘read-only’ access to your bank account when you authorise the bank connection, and securely passes bank transaction data from your bank to Xero.
Neither Xero nor OpenWrks can move your money or see your online banking credentials. Your bank transaction data will remain secure. OpenWrks is fully approved by the UK’s Financial Conduct Authority.
An easy way to see if you’re connected to a direct or Yodlee feed is to check if there’s a bank logo next to your bank account on your Xero dashboard or Bank accounts screen. If there’s a bank logo, your feed is a direct feed. If there’s no logo, your feed is a Yodlee feed. Refer to Xero Central to learn more.
If you don’t have access to online banking, or you don’t know your online banking credentials, get in touch with your bank as soon as possible to set this up, otherwise you won’t be able to change your bank feeds. The process to set up online banking differs between banks but can typically take up to 10 business days. We suggest you contact your bank before August 2019 to ensure you can change your existing bank feeds.
Yodlee may continue to work with other service providers to provide Open Banking compliant bank feeds in the UK and EU. However, we’ve decided to partner with OpenWrks to bring you new direct feeds that are secure, easy to set up from inside Xero, and free of charge.
For more information, guides and instructions around changes to bank feeds visit our Open Banking resource centre.