What is Open Banking?
Open banking allows businesses and consumers to securely share financial data with authorised third parties. This guide explains how it works in the UK and what it means for business payments and accounting.
Open banking is a UK regulatory framework that allows bank customers — both individuals and businesses — to securely share their financial data with authorised third-party providers through standardised application programming interfaces (APIs). It was introduced in January 2018 following the Competition and Markets Authority (CMA) investigation into retail banking.
The framework requires the UK’s nine largest banks and building societies (the CMA9) to make customer data available through secure APIs, and many other banks have voluntarily adopted the standards.
How Open Banking Works
Open banking operates through two types of regulated providers:
Account Information Service Providers (AISPs)
AISPs can access and consolidate your bank account data with your permission. This allows:
- Viewing balances and transactions from multiple bank accounts in one place
- Automated bookkeeping and accounting by pulling transaction data directly into accounting software
- Credit assessments based on real transaction data rather than credit scores alone
- Cash flow forecasting using historical transaction patterns
Payment Initiation Service Providers (PISPs)
PISPs can initiate payments directly from your bank account on your behalf. This enables:
- Paying an invoice directly from the bank account without entering card details or using a payment gateway
- Collecting payments from customers at lower cost than card payments
- Instant account-to-account payments that settle in real time via Faster Payments
The Regulatory Framework
Open banking in the UK is regulated under:
| Regulation | Role |
|---|---|
| Payment Services Regulations 2017 (PSR 2017) | Implements PSD2 into UK law and establishes the legal framework for AISPs and PISPs |
| FCA | Authorises and supervises open banking providers |
| Open Banking Implementation Entity (OBIE) | Sets the technical standards and manages the API specifications |
| UK GDPR and Data Protection Act 2018 | Governs how personal and financial data is handled |
Any provider that accesses bank data or initiates payments must be authorised or registered with the Financial Conduct Authority (FCA). You can check the FCA Register to verify whether a provider is legitimate.
Customer Consent
Open banking is built on explicit consent. A third party cannot access your data or initiate payments without your clear, informed agreement. Key safeguards include:
- You choose exactly which accounts to share
- You can revoke access at any time
- Consent is typically renewed every 90 days for data access
- Each payment requires separate authorisation through your bank’s app (Strong Customer Authentication)
Open Banking for Businesses
Accepting Payments
Open banking payments offer an alternative to traditional card payments and direct debits . When a customer pays via open banking:
- The customer selects “pay by bank” at checkout or on an invoice
- They are redirected to their banking app
- They authenticate the payment (biometrics, PIN, or password)
- The payment is initiated as a Faster Payment or BACS transfer
- Funds arrive in your account, typically within seconds for Faster Payments
Cost Comparison
| Payment Method | Typical Cost to Merchant |
|---|---|
| Open banking payment | £0.01 to £0.50 per transaction |
| Debit card | 0.2% to 0.5% per transaction |
| Credit card | 0.6% to 2.5%+ per transaction |
| Direct Debit | £0.06 to £0.50 per transaction |
| BACS | £0.05 to £0.30 per transaction |
For businesses processing high volumes or high-value transactions, open banking payments can deliver significant savings compared to card payments through a merchant account .
Accounting and Reconciliation
Open banking transforms accounting by:
- Automatic bank feeds — Transaction data flows directly into accounting software without manual entry or CSV imports
- Real-time reconciliation — Payments are matched to invoices as they arrive
- Multi-bank visibility — See all business accounts in one dashboard
- Reduced errors — Eliminating manual data entry reduces the risk of mistakes in your accounting records
Most major UK accounting software providers (Xero, QuickBooks, FreeAgent, Sage) use open banking connections for their bank feed functionality.
Cash Flow Management
Open banking data enables better cash flow management by:
- Providing a consolidated real-time view of all business bank accounts
- Powering cash flow forecasting tools that analyse spending patterns and predict future balances
- Alerting you when balances drop below a threshold
- Helping identify patterns in customer payment behaviour
Open Banking and Lending
Open banking has changed how businesses access finance. Lenders can now:
- Assess affordability using real transaction data rather than relying solely on management accounts or credit scores
- Make faster lending decisions because data is available instantly
- Offer more accurate pricing because the risk assessment is based on actual cash flows
- Provide ongoing monitoring with the borrower’s consent
This benefits businesses seeking a business loan or other forms of debt financing , particularly those with limited trading history.
Security and Risks
How Data Is Protected
- All open banking communications use encrypted APIs with strong authentication
- Providers never see or store your banking credentials — authentication happens through your bank’s own systems
- Strong Customer Authentication (SCA) requires two or more factors (something you know, something you have, something you are)
- Data can only be used for the stated purpose and must be handled in compliance with the UK GDPR
Risks to Be Aware Of
- Fraudulent providers — Always check the FCA Register before granting access to any third party
- Over-sharing — Only grant access to the accounts and data a provider genuinely needs
- Consent fatigue — Regularly review which providers have access and revoke permissions you no longer need
- Phishing — Scammers may impersonate open banking providers to steal credentials
Open Banking vs Traditional Banking
| Feature | Open Banking | Traditional Banking |
|---|---|---|
| Data sharing | Standardised APIs with consent | Manual downloads or screen scraping |
| Payment initiation | Direct from bank account via third party | Card payment or manual bank transfer |
| Real-time data | Yes | Often delayed (batch processing) |
| Multi-bank view | Yes, through AISPs | Requires logging into each bank separately |
| Cost of payments | Low (pennies per transaction) | Varies (card fees can be significant) |
| Regulation | FCA-authorised providers only | Bank-specific terms |
The Future of Open Banking
The UK is evolving open banking into a broader framework called Smart Data. The Data Protection and Digital Information Act provides the legal basis for extending open banking principles to other sectors, including energy, telecoms, and insurance.
For businesses, this means the ability to share data across more providers, access more competitive services, and automate more financial processes.
The Joint Regulatory Oversight Committee (JROC) is overseeing the next phase of development, including:
- Expanding beyond the CMA9 to include all UK banks
- Improving the payment experience for consumers and businesses
- Developing Variable Recurring Payments (VRPs) that combine the flexibility of open banking with the convenience of direct debits