Your Open Banking questions answered
Get to know more about PSD2 compliance, Open Banking and the changes to Xero bank feeds with answers to our frequently asked questions.
Overview
Open Banking includes the practice of securely sharing financial information electronically with customer consent. It was set up by the Competition and Markets Authority (CMA) in conjunction with the largest nine UK banks on behalf of the UK Government to bring more competition and innovation to financial services. Open Banking complies to PSD2 legislation and provides the technical framework (gateways or APIs) for the sharing of bank account information with customer consent.
The second Payment Services Directive, or PSD2, is legislation adopted by the European Union in 2015 to promote the development and use of new financial technologies.
Open Banking moves us from a world where your bank controls the data they hold about you, to one where you own your data and can control how it’s used.
At Xero we’ve been delivering on the principles of Open Banking for more than 10 years. Our bank feeds have enabled small businesses to connect their bank accounts to Xero so that transaction data automatically flows in – meaning easy reconciliation and greater visibility of cash flow.
Open Banking will continue to provide this data automation to Xero small businesses and partners. In addition, the new bank feeds allow you to connect directly through a completely digital process. This means transactions are transferred through a direct connection between your bank and Xero, rather than using screen scraping.
On 14 September 2019, new standards under PSD2 were introduced. These new standards impose changes to the way third parties access data from banks. Under the new requirements, existing Xero bank feeds with Barclays, and all UK and EU bank feeds set up using Yodlee, will no longer be available. Most of these feeds are being replaced by new direct bank feeds to ensure they’re compliant with Open Banking standards.
While the new requirements came into effect on 14 September 2019, a six month adjustment period was provided by the UK’s Financial Conduct Authority in early August, which means most UK banks can continue to allow customers to use Yodlee feeds up until 14 March 2020. Barclays feeds will also continue up until 14 March 2020. Refer to this list to see the latest status of each bank feed.
As new direct feeds become available over the coming months, we’ll let affected customers know so they can switch.
Xero is registered by the Financial Conduct Authority (FCA) as an Account Information Service Provider (AISP), which means we are authorised to access our customers’ bank account information when they ask us to. As an AISP we have ‘read-only’ access to bank account information, so we are simply retrieving a customer’s bank transaction data to provide an automated feed of transactions into Xero. Rest assured we do not have the ability to move a customer’s money.
Businesses that are authorised to use Open Banking, like Xero, are listed on the FCA’s Financial Services Register and on the Open Banking directory. To get listed, businesses need to go through a stringent assessment by the Financial Conduct Authority (FCA) and have systems, processes and security standards in place that meet the FCA’s requirements.
On 14 March 2020, standards introduced under PSD2 took effect. These new standards impose changes to the way third parties access data from banks. Under the new requirements, old Xero bank feeds with Barclays, and all UK and EU bank feeds set up using Yodlee, are no longer available. Most of these feeds have been replaced by new direct bank feeds to ensure they’re compliant with Open Banking standards.
Security
Security is at the heart of the Open Banking design. Here’s how:
It’s regulated – only apps and websites regulated by the Financial Conduct Authority or European equivalent can use Open Banking.
Bank-level security – Open Banking uses rigorously tested software and security systems. You will only ever interact with your bank directly, so you’ll never be asked to give your bank login details to anyone else.
You’re in charge – you choose when you want to share your data, and for how long.
Your bank will only allow authorised and regulated financial services providers to connect with your bank account. They will also let you remove access to any business you’ve connected with from within your online banking. For security, customers will also be asked to re-authenticate their Open Banking connection every 90 days.
Yes, you can rest assured that your data is secure. Both Xero and OpenWrks have been through a stringent assessment by the Financial Conduct Authority (FCA) to become authorised Account Information Service Providers (AISPs). Each organisation has robust systems, processes and security standards in place.
When you authorise the bank connection, both Xero and OpenWrks have ‘read-only’ access to your bank account and securely move bank transaction data from your bank to Xero. Neither Xero nor OpenWrks can move your money or see your online banking credentials.
We’re committed to the security of your data and provide multiple layers of protection for the personal and financial information you entrust to Xero. To help you understand how we protect and secure data, we encourage you to read our policy on security at Xero. It includes the option to request Xero’s Service Organisation Control (SOC 2) report for formal reviews of compliance obligations and for evaluating controls relating to security, availability and confidentiality.
Due to new requirements around strong customer authentication, the new Xero feeds can only be authorised by the bank account holder or someone with authorised access to online banking.
Bank Feeds
If you have affected bank feeds that need to be changed, we’ll notify the person that manages your Xero subscription by email. There will also be notifications on your Xero dashboard under the bank accounts that are affected by the new requirements.
Refer to this page for a list of impacted bank feeds.
Existing Xero bank feeds with Barclays, as well as all UK and EU bank feeds set up using Yodlee, will be impacted by the new requirements. Refer to this list to see exactly which banks and account types will be impacted. Xero partners and small businesses who are currently connected to these feeds will be notified over the coming months with what action they need to take.
Refer to this list which shows which bank feeds will have a replacement, and which banks will not.
Refer to this list which shows the list of available direct feeds.
Xero (UK) Limited is a UK incorporated company and a registered Account Information Service Provider (AISP) with the Financial Conduct Authority (FCA) in the UK. As such, we’re able to access bank account information from UK banks in accordance with PSD2 and Open Banking. Xero is not incorporated in any other EU country and, therefore, is not authorised to provide AISP services by any regulator in any other EU country, except for the UK.
During the Brexit transition period, we’re able to ‘passport’ our UK regulated AISP status into other EU countries. Passporting basically means we can use our UK regulated status to access bank account information in other EU countries without needing to be authorised by the local regulator. Xero only passports into the Republic of Ireland currently and has no immediate plans to passport into other EU countries. Unfortunately, this means that customers in the EU outside of Ireland will not have a feed available. Customers who have been using a Yodlee feed with a bank based in the EU can manually import transactions into Xero to keep their accounts up to date and reconciled.
We have new direct bank feeds for Ulster Bank and AIB (for business and personal accounts) available to connect for our Irish customers. Bank of Ireland feeds, along with AIB credit card feeds, are imminent and we’ll let customers know as soon as they are ready to connect.
You’ll be able to connect your bank accounts to Xero before 14 March 2020 for supported banks and account types.
Check this list to see the latest status of each bank.
Log in to Xero HQ and open the Explorer tab to see which of your clients are affected and what action is required.
You’ll have an overview of how many clients are affected and what to do next. Plus, you’ll have the option to download a .CSV file which includes your clients’ contact details to help you communicate the changes with them. We recommend you download a new .CSV file to make sure you have the most up to date information. Visit Xero Central for more information.
Some bank feeds are now available to update to. Check this list to see the latest status of each bank. If you see your bank has a feed available, log in to Xero and refer to the notification under your affected bank accounts for next steps.
The new bank feeds will be made available in stages, so more feeds will become available over the coming months – keep an eye out on your Xero dashboard to see when you can switch.
We’ll let you know the deadline through the notification you’ll see on your Xero dashboard over the coming months. We recommend you update to the new feeds as soon as they become available.
Currently, Yodlee feeds with a bank based outside of the UK, and in the EU, will stop importing transactions into Xero from 14 September 2019. From this point on, customers can manually import transactions into Xero to keep their accounts up-to-date and reconciled.
If you miss the deadline, your existing bank feed will stop importing transactions into Xero and you will lose the benefits of having a bank connection, such as easy bank reconciliation.
But don’t worry. You can connect bank feeds at a later date – you’ll just need to make sure that you import historical transactions back to the date your bank feed disconnected so there isn’t a gap in transactions. For your convenience, we’ll pre-select this date for you when you connect a new bank feed.
Where new bank feeds are available, they will be free for all applicable banks and bank accounts. For existing direct bank feeds that are compliant under the new requirements, the cost will remain unchanged. Existing direct feeds can be changed to the new direct feeds using Open Banking over the coming months, and we’ll communicate to customers when they’re available.
This depends on the bank and account type in question. The new bank feeds will be made available in stages, based on their availability. If you have more than one bank feed with the same bank, you will be able to change the connections at the same time during the authorisation process, provided the connection for each account type is available. If you have more than one bank feed with different banks, or if you have different bank logins for different account types, you’ll need to change the connections separately.
We’ll notify you by email when more banks become available so you can change your existing connections. There will also be a notification on the dashboard when you log into Xero so keep an eye out.
If your existing bank feed is compliant under the new requirements, you don’t need to change the connection. But, if your existing bank feed is no longer available and you choose not to change the connection, your existing bank feed will stop importing transactions into Xero and you will lose the benefits of having a bank connection, such as easy bank reconciliation.
When you connect a new bank feed or change your existing bank feed connection, as part of the new requirements, your consent will last for 90 days. After 90 days, you’ll need to re-authenticate your bank connection. Xero will remind you when you need to do this – it’s as simple as re-entering your online banking credentials. Whilst it’s a little extra admin, this is a new standard under Open Banking.
You can re-authenticate your bank feed at a later date - you’ll just need to make sure you import historical transactions back to the date your bank feed stopped importing transactions so there isn’t a gap. You can only import 90 days of historical transactions when re-authenticating your bank feed. If you need more historic data you’ll need to manually import transactions into Xero.
Customers using old Barclays feeds, or bank feeds set up using Yodlee, will need to connect to a new feed, where available, to ensure transactions can continue to flow into Xero.
You’ll need your online banking credentials handy to connect the new feed. Once you’ve authorised this new connection, transactions will continue to flow seamlessly into Xero.
You’ll also need to re-authenticate your bank connection every 90 days. While it’s a little extra admin, this is an Open Banking requirement and Xero will be here to support you every step of the way.
If a new bank feed is not available, you’ll need to manually import transactions into Xero.
Refer to this list to see the latest status of your bank feed.
There will be replacement feeds for most Barclays account types, and most UK feeds set up using Yodlee. However, not all banks and account types will have replacement feeds straight away.
We will notify customers on the Xero dashboard with what action they are required to take and by when.
Some customers may not have a feed to connect to. In the interim, businesses without a feed to connect to will need to manually import transactions into Xero or wait until a feed is available and backdate transactions. We will let our customers know on the Xero dashboard when there is a feed available to connect to.
If there is no replacement for your bank feed, you can manually upload transactions into Xero. If this is the case, we will let you know on the Xero dashboard under your affected bank feed.
If you’re setting up completely new bank feeds in Xero, the new direct feeds using Open Banking are available. Refer to this page to see which bank connections are available. If your bank is not yet available, we recommend that you manually import transactions or backdate them when you connect the new feed.
The new bank feeds are free of charge, easy to set up and secure. They allow you to choose the start date, so you can import up to 12 months of historical transactions if you need to. We’re working with a new supplier, OpenWrks on the new direct feeds for Open Banking. OpenWrks establishes a connection between your bank and Xero and transactions are transferred through this direct connection, rather than using screen scraping.
Transactions will automatically import into Xero each business day, in the morning and at various times throughout the day. Please note they may import into Xero at a different time than that with which you’re familiar today on your existing feed.
No, you won’t need to manually refresh the new bank feed for your transactions to import. They will automatically import into Xero each business day. You will need to re-authenticate your bank connection every 90 days for security, which requires you to re-enter your online banking credentials. While it’s a little extra admin, this is a new standard under Open Banking.
You’ll be able to move away from existing, compliant feeds in the coming months. To begin with, we’ll be making new feeds available to customers whose feeds will no longer be available under the new requirements. This will enable Xero to provide the appropriate level of support.
Due to the way that the new bank feed is set up and mapped within Xero, you will likely need to review your bank rules to make sure they’re working. If your bank rule uses a condition of ‘Reference contains’ then you’ll need to edit the bank rule. A quick fix is to change this to ‘Any text field contains’. If the bank rule already uses a condition of ‘Any text field contains’ then there’s no action required. Visit Xero Central if you need a reminder on how to edit the bank rules.
As the new feeds will be set up and mapped differently within Xero, bank memorisation will likely be affected. This means the suggestions Xero automatically makes during bank reconciliation will need to be re-learnt by Xero for a few weeks. During this time you’ll need to manually match transactions to complete your bank reconciliation. Please also check your bank rules are working, as these are what generate some of the suggested matches.
General
OpenWrks has successfully delivered the first Open Banking connections in the UK and are now helping UK banks to deliver compliant Open Banking gateways for third parties to connect to.
OpenWrks is acting as a Technical Service Provider on Xero’s behalf to enable us to access Open Banking gateways. They act as a messenger between your bank and Xero. OpenWrks gets ‘read-only’ access to your bank account when you authorise the bank connection, and securely passes bank transaction data from your bank to Xero.
Neither Xero nor OpenWrks can move your money or see your online banking credentials. Your bank transaction data will remain secure. OpenWrks is fully approved by the UK’s Financial Conduct Authority.
An easy way to see if you’re connected to a direct or Yodlee feed is to check if there’s a bank logo next to your bank account on your Xero dashboard or Bank accounts screen. If there’s a bank logo, your feed is a direct feed. If there’s no logo, your feed is a Yodlee feed. Refer to Xero Central to learn more.
If you don’t have access to online banking, or you don’t know your online banking credentials, get in touch with your bank as soon as possible to set this up, otherwise you won’t be able to use Open Banking bank feeds. The process to set up online banking differs between banks but can typically take up to 10 business days.
Yodlee may continue to work with other service providers to provide Open Banking compliant bank feeds in the UK and EU. However, we’ve decided to partner with OpenWrks to bring you new direct feeds that are secure, easy to set up from inside Xero, and free of charge.
You can visit your online banking to remove any permissions that you’ve given to service providers. If you wish to disconnect your bank feed, you can do this in Xero’s Settings. However, this will not remove the permissions you have given to Xero and you will still see this in your online banking.
To view our complaints procedure please click here.
For more information, guides and instructions around changes to bank feeds visit our Open Banking resource centre.