How to Manage Consent in Open Banking
glass_element
Open Banking
Open Banking: How To Manage User Consent?
date Feb 11, 2024

Open Banking is setting new expectations for what we expect from European financial services, especially in France. This fresh approach lets customers hold more control over their financial data, which can be shared securely with third-party providers. With 86% of 25 to 34-year-olds in France reported to use online banking services, the French Open Banking market is expected to reach a CAGR of 25% by 2027, but it all hinges on one key factor: consent.

Managing consumer consent isn’t about ticking boxes, it’s the very bedrock of trust within Open Banking, and it needs to be treated with care and precision.

 

Why consent matters in Open Banking

Consent: The core of Open Banking

In the world of Open Banking, the consent factor isn’t an element –– it’s the foundation. Without it, everything built on that structure would crumble. This puts the sharing of financial data with third-party providers (TPPs) into the hands of consumers, enabling new and innovative ways in which financial products can be tailored to individual needs. However, with this power comes responsibility for businesses to handle consent in a clear, secure, and –– above all –– compliant way with regulations such as PSD2 and GDPR.

 

Regulatory safeguards with PSD2 and GDPR

Core to ensuring consumer consent is not reduced to a mere formality, PSD2 (the Revised Payment Service Directive) and GDPR (General Data Protection Regulation) ensure that banks share customer data with third-party providers only when explicit consent has been given. On the other hand, the GDPR complements this with strict rules about how personal data should be handled and sees that the consent is always clear, informed, and easy to withdraw. Together, these regulations lay down a robust framework for keeping consumer data safe and ensuring that consumers always remain in control.

 

The consent management process: A closer look

A step-by-step breakdown

Managing consent in Open Banking involves a few crucial steps, each designed to keep consumers informed and in control. Here’s how it typically works:

1. The consent phase

This is where the process begins. Relevant details of the data required, the purpose of such data, and the processing involved are supposed to be clearly outlined. All information must be jargon-free and well-explained, so all customers can understand what they’re agreeing to. If not, they can’t give true consent.

 

2. The authentication phase

Once consumers agree to share their data, the next step is to verify their identity. This is where authentication comes into play, often involving familiar methods like logging in with a username and password and supplemented by two-factor authentication. For Open Banking payments, the PSD2 demands Strong Customer Authentication (SCA), meaning that a user has to complete two out of the following three authentication methods:

  • Something they know: password, PIN, etc.
  • Something they own: mobile device, smartwatch, etc.
  • Something they are: fingerprint, face recognition, etc.

This step ensures that data sharing is secure and only the data owner can authorize access.

 

3. The authorization phase

Finally, we reach the authorization phase. Here, consumers get a last look at what data will be shared and with whom. They confirm their consent, but importantly, they also have the opportunity to revoke it if they choose. This ability to withdraw consent easily is crucial for maintaining trust in the Open Banking system​.

 

The challenges of managing consent

Though it may sound simple, managing consent is anything but. The complexity of the laws poses a huge challenge for businesses while seamlessly integrating consent management systems and consistently educating consumers on their rights. In addition, there is an increasing demand for dynamic consent models that allow consumers to adjust their consent over time. These models have been found to go a long way with consumer trust and engagement.

 

Understanding the regulations

PSD2: Setting the standard

PSD2 set the bar high for consumer protection and innovation in financial services. It compels banks to share data solely in instances where explicit consent is given to TPPs, in an attempt to expand the market with competition and innovation. But as technology advances, so do the regulations​.

PSD3: What’s next?

PSD3 is on the horizon and promises to raise the bar even higher. With the introduction of even tougher security requirements and more solid frameworks for consent management, everyone, especially in the French market, needs to be prepared to not only comply but also maintain consumer trust.

 

Building the right technological foundation

The role of technology in consent management

Laying the right technological foundation for effective consent management is far beyond just good intentions. It requires a strong technological foundation, including secure APIs for supporting data sharing, user-friendly interfaces for providing and recording consent, and systems that always comply with regional regulations. For example, Powens’ Bank product has an optimized consent management interface that increases user satisfaction and thereby boosts conversion rates.

That’s why companies like Brightweb partner with Open Banking platform providers such as Powens to leverage existing technology solutions that ensure full compliance with consent regulations –– while simultaneously improving the user experience. Laurent Galène, Co-founder of Brightweb, explains:

“Powens provides us with secure payment initiation technology. […] As an ACPR-approved actor, Powens is the ideal partner to enable us to gain the trust of French users and merchants in our solution.”

Keeping compliance at the forefront

Compliance is not something one sets and forgets; it needs to be a constant concern.

“Since bank data security is a highly sensitive issue, we rely on Powens’ know-how to guarantee our customers that their data will be protected and remain confidential,” says Jean-Yves Bernard, Co-founder of Capital Koala.

Businesses must ensure their consent management systems are secure and up-to-date on the latest requirements. This involves strong authentication mechanisms, strict audit trails, and updating of consent policies on a routine basis. Compliance also helps businesses protect their customer data and achieve a reputation for reliability through openness.

 

Transparency: The key to consumer trust

The importance of transparency

All consumers must understand exactly what their data will be used for, who will use it, and for how long it will be used. Such information can be rendered transparent and accessible to create trust. Tools like consent dashboards, which provide users with control and monitoring features, enhance transparency significantly.

Educating consumers

Transparency enjoys a strong relationship with education. Not only do businesses need to be informative, but they must educate consumers on how their data will be handled, what kinds of protection are put in place, and how their consent can be taken back if they ever change their minds. This will enable businesses to educate consumers and help build a closer, trustable relationship with all users.

 

Key practices for managing consent in Open Banking

A consumer-centric approach

To manage consent effectively, businesses need to focus on the consumer. Consent should be managed by understanding and addressing the consumer’s needs, providing clear and accessible information, offering flexible options for giving consent, and making it easy to revoke at any time.

“It is very important for us to have an extremely reliable banking aggregation service and an efficient bank transfer service,” says Cyril Garbois, Co-founder of Cashbee. “Powens brings both to us through a strong connection capacity, which works well with almost all French banks, and also offers us the possibility of carrying out transfer operations in a very simple way.”

Being driven by consumer needs ensures the consumer has more trust in the business and thus leads to more engagement in services related to Open Banking.

Keeping compliance and security in check

Compliance and security are bound at the hip. Businesses need to ensure their consent management systems are secure and compliant with all necessary regulations, including PSD2 and GDPR. This involves using stringent authentication mechanisms, including comprehensive audit trails, and regularly updating the consent policies. By focusing on compliance and security, businesses can protect consumer data and build a reputation for reliability.

 

The road ahead for Open Banking

For businesses, the path is clear: to become not just compliant but also trusted by customers, they have to offer transparency and keep abreast with regulatory changes. In the French market, these factors are particularly important as businesses navigate one of the most advanced Open Banking environments in Europe.

At Powens, we’re proud to enable financial institutions, Fintechs, and software vendors across Europe and LATAM to create innovative products and streamline their financial operations with the only platform that integrates Open Finance and Embedded Banking –– all while ensuring full regulatory compliance in managing user consent.

 

Our Open Banking platform empowers over 280 leading financial institutions and 7 million end-users with comprehensive embedded, frictionless, and fully automated banking and payment experiences.

 

Get started with Powens today to learn how Open Banking can transform your business.

How to Manage Consent in Open Banking

Leyla Vivanco