| Open Banking — Key Facts | |
|---|---|
| What it is | A regulated framework allowing third-party apps to access your bank data or make payments — with your explicit consent |
| Regulator | Financial Conduct Authority (FCA) and Open Banking Implementation Entity (OBIE) |
| Banks covered | All nine major UK banks and building societies mandated since 2018 (CMA Order) |
| Your protection | FCA-authorised providers only; you can revoke access at any time; banks liable for unauthorised transactions |
| Payment initiation | Apps can initiate bank transfers directly from your account — no card needed |
| Data never stored permanently | Regulated providers can only use data for the purpose you consented to |
Open Banking was introduced in the UK in January 2018 following a Competition and Markets Authority (CMA) Order requiring the nine largest UK banks to allow regulated third parties to access customer account data via secure APIs. It is now used by over 7 million UK consumers and businesses. The framework is governed by the FCA and the Open Banking Implementation Entity (OBIE) and gives you control over who can see your financial data and what they can do with it.
How Open Banking Works Technically
When you grant access to an Open Banking app, you are not sharing your username and password. Instead, you are redirected to your bank's secure login to authenticate directly, and your bank then issues a time-limited access token to the third-party app. The app uses this token to request only the data categories you consented to (e.g. account balances, transaction history). The token expires and must be renewed — you typically need to reconfirm access every 90 days under FCA rules. (Source: FCA — Open Banking and PSD2)
Two Types of Open Banking Service
| Service type | What it does | FCA authorisation needed | Examples |
|---|---|---|---|
| Account Information Service (AISP) | Reads your bank data — balances, transactions, spending patterns | Yes — AISP authorisation | Yolt, Emma, Snoop, Money Dashboard |
| Payment Initiation Service (PISP) | Initiates a bank transfer directly from your account with your permission | Yes — PISP authorisation | GoCardless, Trustly, Pay by Bank |
Is Open Banking Safe?
The key protections built into the framework:
FCA authorisation required. Any firm offering Open Banking services in the UK must be authorised or registered by the FCA as an AISP or PISP. Check the FCA register at register.fca.org.uk before connecting any app. Unregistered firms operating as AISPs or PISPs are illegal.
Read-only for data access. An AISP can only read your data — it cannot move money. Only a PISP can initiate payments, and only with explicit per-transaction consent from you.
You can revoke access instantly. You can withdraw consent at any time either through the app or directly through your bank's own consent dashboard. Your bank must stop providing data immediately on revocation. All major UK banks now have a consent dashboard within their app or online banking.
Bank liability. If an unauthorised payment is made via an Open Banking PISP and you did not authorise it, your bank is liable to reimburse you under the Payment Services Regulations 2017 in the same way as any other unauthorised payment. (Source: PSRs 2017, Regulation 75)
| ⚠ Warning: Only grant Open Banking access to firms listed on the FCA register. If an app asks for your bank login credentials directly (rather than redirecting you to your bank to authenticate), do not proceed — this is not Open Banking and is not regulated. |
What Open Banking Apps Can and Cannot Do
| Action | Possible via Open Banking? | Notes |
|---|---|---|
| View your account balance | Yes — AISP | Read-only |
| View transaction history | Yes — AISP | Read-only; consent required per account |
| Categorise your spending | Yes — AISP | App processes data; cannot alter your account |
| Initiate a payment | Yes — PISP | Per-transaction consent required each time |
| Set up a standing order | No | Not currently possible via Open Banking APIs |
| Access savings accounts | Depends on bank | Some banks exclude savings from Open Banking |
| Access credit card data | Yes for some providers | Amex, Barclaycard and others support this |
Popular Open Banking Apps in the UK
| App | Type | Primary use case |
|---|---|---|
| Emma | AISP | Subscription tracker; spending analysis; bill switching |
| Snoop | AISP | Personalised money-saving tips based on spending |
| Money Dashboard | AISP | Budgeting; net worth tracking across accounts |
| Cleo | AISP + AI chat | AI-powered spending coach and savings nudges |
| Yolt | AISP | Multi-bank account aggregation (check current status) |
| TrueLayer | PISP infrastructure | Underlying payment rails used by many fintechs |
App availability changes frequently. Always verify FCA authorisation before connecting.
Open Banking for Businesses
Open Banking has significant business applications: accountancy software (Xero, QuickBooks, FreeAgent) uses Open Banking to import bank transactions automatically, replacing manual bank feeds. Payment providers use PISP functionality to offer instant bank-to-bank payments as an alternative to card payments (lower transaction fees for merchants). HMRC's Making Tax Digital infrastructure is designed to support Open Banking data flows for self-assessment and VAT reporting. (Source: HMRC — Making Tax Digital)
How to Revoke Open Banking Access
Two routes: through the app (Settings > Connected Accounts > Disconnect); or through your bank directly. All major UK banks now provide a consent management dashboard: Barclays (app > More > Open Banking), Lloyds (app > Help > Manage Open Banking), HSBC (app > Menu > Connected Apps), NatWest (app > Manage > Open Banking). Revoking through your bank is the more reliable route if the app itself is inaccessible.
| Disclaimer: This article is for information only and does not constitute financial, legal or tax advice. Figures correct at date of publication but subject to change. Always verify with primary sources (gov.uk, HMRC, FCA register) and consult a qualified adviser before making financial decisions. |
Frequently Asked Questions
Can Open Banking apps see my PIN or passwords?
No. You authenticate directly with your bank — the app never sees your credentials. The bank issues a time-limited token to the app. Even if the app is compromised, it cannot access your bank login details.
Does connecting an Open Banking app affect my credit score?
No. Granting Open Banking access is not a credit application and does not trigger a hard search on your credit file. The app reads data; it does not apply for credit on your behalf.
What happens to my data if an Open Banking app shuts down?
FCA-regulated firms must have data retention and deletion policies. Under UK GDPR you have the right to request deletion of your personal data. If an app closes, revoke access via your bank immediately. The access token becomes invalid and the app cannot pull further data.
| Sources |
