top of page

What else do you need to do to be compliant?

Whilst a dedicated interface - which can provide for you - is probably the largest and most complex part of the requirements, there are a number of other things that you'll need to do in order to fully comply with the open banking regulations.

Other areas that you will need to think about include:

Strong Customer Authentication ("SCA")

There are lots of articles available on SCA so we won't attempt to rehash them here, but in summary, an account provider is required to ensure that robust checks are made when a user accesses their account or undertakes certain activities including payments. In layman's terms, this means user authentication, much like a decent "login" experience.

Although SCA does form part of the open banking journey (when a user provides their consent), it is not specific to open banking. A decent SCA approach must be embedded throughout an account provider's solution, including within their main website and/or app.

Some Dedicated Interface providers choose to bundle SCA into the product mix, but at, we believe in specialism and embedding the right tools at the right time. We would always recommend that our clients develop or integrate an SCA solution which can work within their own systems rather than hanging off of the open banking elements. This makes for a far more robust solution in the long run.

For those account providers that have not already built SCA into their services as standard, we are happy to advise, assist, and make referrals to our specialist partner providers.

"PSU" Interface Reporting

A key requirement of PSD2 is the provision of quarterly reporting to the local regulator (National Competent Authority). For example, in the UK the FCA refer to this as a REP020 report. The data required includes uptime, error reporting and response times for all aspects of an account provider's dedicated interface, for every endpoint, by day. For account providers using a Professional or Enterprise license of the solution, this is all automatically generated as standard, so nothing to worry about!

In addition to the dedicated interface statistics, an account provider must provide the same data for its "PSU Interface", in other words, for its website and/or mobile app. This means that an account provider must monitor and record this data (uptime, error rates and response times) for its user applications in order to incorporate it into the regulatory reporting. Once again, can help here by gathering that data from an account provider and incorporating it into the REP020.

Do you have any questions?

We've got you covered. Take a look at our FAQs or get in touch with the team at


bottom of page