Consent – AIS (PSD2)

Granting ‘explicit’ consent to share personal or SME account and transactional  data under Open Banking must make it very clear why it’s needed, what’s being shared and for how long. This is where PSD2 is the regulatory driver.  

#Key parameter of agreementDescription
1Purpose Statement Why we need you to share your data for the provision of AIS.
2Direct Benefit StatementWhat you will get from us in return
3Data Request StatementWhat we need you to share
4Duration Period StatementHow long we will need access (unless you revoke consent with us or access with the ASPSP).
5AgreementDo you agree to share your data with us on the terms above?

Important: For the purposes of this section, the definition of “explicit consent” under PSD2 is not intended to be read as the definition of “consent” under GDPR. The guidance in this section refers to the definition under PSD2 for the provision of account information service only.

Purpose Statement for Personal Customer Use Cases

Clarity and consistency in the way that language is used is critical to comprehension. Depending on your proposition, the description of the Purpose Statement that we recommend uses the following structure

“To provide a [ Proposition Classification ] service, we need to access [specific types of account information]”

Examples for customer propositions in this table.

Proposition classificationWhy we need you to share your data
Personal Finance ManagementTo provide a [PFM], we need to [analyse your income, outgoing transactions, including regular outgoing expenses]
Consumer LendingTo provide a [Consumer Lending] service, we need to [analyse your income, spending and saving patterns]
Automatic overdraft borrowingTo provide an [Automatic overdraft borrowing] service, we need to [analyse your income, spending and saving patterns]
Debit AdviceTo provide you with [Debt Advice] service, we need to [better understand your income as well as you fixed and discretionary spending]

Important: These examples are intended to be illustrative only. Entities may require additional regulatory permission(s) to perform some of these services. It is the sole responsibility of entities to ensure they have the relevant regulatory permission for each service they undertake and meet any applicable regulatory requirement

Purpose Statement for SME Use Cases

Clarity and consistency in the way that language is used is critical to comprehension. Depending on your proposition, the description of the Purpose Statement that we recommend uses the following structure “To provide a [ Proposition Classification ] service, we need to access [specific types of account information]

Examples for SME Propositions in this table

Proposition classificationWhy we need you to share your data
Cashflow AnalysisTo provide an [Cashflow Analysis] service, we need to [analyse your income, spending and saving patterns]
Payment TrackingTo provide a [Payment Tracking] service, we need to [analyse your income patterns]
Automatic Overdraft BorrowingTo provide an [Automatic Overdraft Borrowing] service, we need to [analyse your income, spending and saving patterns]
v3.1.4