Managing Account Information with Open Banking in the United Kingdom

As part of the second Payments Services Directive (PSD2) within the European markets in 2018, new regulations are being rolled out in order to offer more competitive financial service offerings while overseeing the secure sharing of financial account information across all business entities providing these services. As of January 13, 2018, any company wishing to participate in providing new financial services offerings which access and manage financial account information are regulated in their country of origin. In the UK, this is the Financial Conduct Authority. The FCA is bound by the Financial Services and Markets Act 2000 (FSMA) to regulate certain financial activities. In order to become an authorized financial service provider, please follow the instructions listed on the FCA's website on how to become either a Registered Account Information Service Provider (RAISP) or an Authorized Payment Institution if you are intending to provide account information services alongside other payment services. (https://www.fca.org.uk/firms/apply-become-registered-account-information-service-provider).

The most time consuming part of the FCAs registration process, is the assembling of required information around the business, risk, security, and insurance information required to become a Registered Account Information Service Provider (RAISP). This information assembly process therefore, becomes a critical path to a timely implementation and rollout of services to your target market. In order to help you prepare for this step, the following is an outline of the FCA requirements for documentation across the following areas: legal business entity, a business plan for the delivery of account information services, organizational structure, governance arrangements, security policies and procedures, and lastly professional indemnity insurance.

Business Entity Documents:

• Certificate of Incorporation
• Articles of Association
• Copy of Partnership agreement deeds (if applicable)
• Copy of Limited Liability Partnership agreement deeds (if applicable)

Business Plan Documents:

• Marketing Plan
• 3 Years of Certified Annual Accounts – summary of the financial situation
• Forecast Budget Calculation – Income Statement & Balance Sheet forecast for next 3 years

Organizational Structure Documents:

• Organization Chart
• Draft copies of relevant Outsourcing Agreements (if applicable)

Governance and Internal Controls:

• Risk Management Policies and Controls
• Corporate Governance Guidelines
• Audit Standards and Guidelines

Security Procedures:

• Security Policies
• Incident Response Plans
• Customer Complaint Procedures
• Policies and Procedures – Restricting Access to sensitive payment data Insurance Information
• Proof of Professional Indemnity Insurance (PII) – to be in place
• Proof of Calculated Minimum Amounts

After the application to become an RAISP with the FCA is complete in its entirety, the FCA will make a decision within 3 months. This approval is required in order for a financial service provider utilizing the Envestnet | Yodlee Financial Data platform to go live with connectivity through Envestnet | Yodlee. Once your firm has been approved by the FCA, your business entity will be added to the Financial Services Register published on the FCA's website (https://www.fca.org.uk/firms/financial-services-register).

One of the main goals of the Open Banking ecosystem is to enable transparency and share responsibility among all parties involved in the sharing of financial data. Envestnet | Yodlee’s Financial Data Platform enables you to seamlessly connect to all Financial Institutions participating in Open Banking with the direct consent of the consumer. Our goal is to enable this connectivity, while never coming between your Brand and consumers. Additionally, use of Envestnet | Yodlee’s Financial Data Platform will expedite your time and cost to market by eliminating the need to individually implement and test connectivity as each new Bank (ASPSP) becomes active within Open Banking. Because Envestnet | Yodlee will never engage directly with consumers without your Brand, we will be known to the FCA as an outsourced technology provider. When you register with the FCA to become an active participant in Open Banking, you must declare Evestnet | Yodlee as your outsourced technology provider. Yodlee will then be recognized in conjunction with you while fulfilling the necessary risk, security, and audit requirements associated with all transparent actors in the Open Banking ecosystem.

Specifically, Envestnet | Yodlee must be mentioned in the following sections of the FCA’s application to become a RAISP.

• Section 4.b: Structural Organization – Outsourced Technology Provider. Envestnet | Yodlee will provide technology and infrastructure in providing Account Information Services to consumers. A copy of your license agreement with Envestnet | Yodlee will need to be attached to the application as part of Section 4.c.
• Section 5.g: Governance Arrangements – a description of how the outsourced technology providers are monitored and controlled from within your organization.
• Section 6.1: Procedures on Security Incidents and Complaints. You can utilize Envestnet | Yodlee’s Security FAQ as attached collateral in this section.

In conclusion, every financial service provider participating in Open Banking within the UK is required to register with the FCA and OBIE, while Envestnet | Yodlee will act as a reliable and secure technology partner focused on helping you expedite benefit directly to consumers.

While the FCA is the Regulations body charged with overseeing financial service providers, the Open Banking Implementation Entity was created by the UKs Competition and Markets authority to create software standards (APIs) and industry guidelines that drive competition and innovation for Retail Banking in the UK. This implementation entity also maintains an Open Banking Directory where all financial services providers can enroll and maintain a record of the technology applications created to enable consumers to better manage finances, while also keeping a record of the digital certificates needed to transact securely in the Open Banking ecosystem. This directory is required by businesses playing the following roles in the Open Banking ecosystem:

• Account Serving Payment Service Providers (ASPSPs) – Banks, Credit Unions, Institutions holding financial accounts
• Account Information Service Providers (AISPs)
• Payment Service Providers (PISPs)

Further information on the Open Banking Implementation Entity and its Directory can be found at https://www.openbanking.org.uk/directory/. Once again, in order for a financial service provider utilizing the Envestnet | Yodlee Financial Data platform to go live with connectivity through Envestnet | Yodlee, they must be registered with the Open Banking Directory.

Engagement can begin immediately with Envestnet | Yodlee to begin evaluating our aggregation capabilities. If your organization is not accessing Current Accounts through participation in Open Banking, you can proceed directly to https://developer.yodlee.com and follow the developer registration process to get immediate self service access to aggregation capabilities. If you plan to participate in Open Banking by registering with the FCA, and enrolling in the Open Banking directory, we have made arrangements to expedite your ability to make progress in your development lifecyle while waiting for your registration process and enrollment to be confirmed. Beginning January 25, 2018, we will have specialized Open Banking environments which will establish connectivity to the OBIE model bank utilizing Envestnet | Yodlee’s Open Banking enrollment credentials and security protocols.

Please reach out directly to your Sales Representative, Customer Success Manager, or Technical Account Manager for more information, and we will get you immediately set up.