90-day reconfirmation: giving lenders ongoing access to the data they need

Discover the benefits of the 90-day reconfirmation policy in open banking. Learn how it simplifies access to financial data, enhances credit risk decisions, and benefits both consumers and lenders.
Published on
October 19, 2023
Latest News


One of the major changes in open banking over the last year has been the introduction of the 90-day reconfirmation. Previously, if a lender wanted ongoing access to a customer's transactional data, the customer would have to reauthenticate every 90 days. This process added unnecessary friction and complexity to the experience, contradicting the very purpose of open banking, which is to reduce friction, risk, and manual assessment through the credit risk process.

The background

Let's rewind a bit to the inception of PSD2 (Payment Services Directive 2), which introduced the concept of Strong Customer Authentication (SCA) for reconsenting to data sharing with financial providers. While SCA was a crucial security measure, it inadvertently introduced complications into the open banking landscape. Customers were required to go through a cumbersome reauthentication process every 90 days to maintain access to their financial data, creating frustration and potential obstacles to the adoption of open banking.

The Financial Conduct Authority (FCA) recognised these challenges and took action. They released a statement introducing changes in the Regulatory Technical Standards on Strong Customer Authentication and Secure Communication. In their own words, the FCA explained that:

Customers will not need to reauthenticate when they access their account information through a Third-Party Provider (TTP). Instead, TPPs will be required to obtain explicit consent from customers at least every 90 days.

Now, let's delve into how this change impacts Account Information Service Providers (AISPs) and why it is a significant step forward for consumers and businesses.

How open banking reconsent worked before

The previous reconsent process was time-consuming and potentially frustrating for customers who wanted ongoing access to financial products and services powered by open banking. Reauthenticating every 90 days added friction to the customer experience, making it less user-friendly and potentially discouraging adoption.

  1. Customer starts the open banking journey with a TPP
  2. The TPP redirects to the customers selected bank – they then authenticate using SCA
  3. Customer gives consent to share their transactional data for 90 days
  4. The entire process is then repeated every 90 days to maintain connection

This means that every 90 days, a consumer has to go through the open banking journey in order to continue using the product or service. For the financial provider, it makes it challenging to attain an ongoing, real-time picture of a customer’s financial profile.

How open banking reconfirmation works now

  1. Customer starts the open banking journey with a TPP
  2. The TPP redirects to the customers selected bank – they then authenticate using SCA
  3. Customer gives consent to share their transactional data for 90 days
  4. Instead of going through the entire process again after 90 days, users simply have to confirm access by selecting “yes” or “no”
  5. Every 90 days, users repeat the same “yes” or “no” blueprint to extend consent

The value for consumers

  • More targeted products: With easy, ongoing access to financial data, customers can receive more personalised financial product recommendations.
  • Less friction in process: The simplified reconfirmation process reduces the hassle of maintaining open banking connections.
  • Fairer decisions made: Lenders can make more informed decisions based on up-to-date data, leading to fairer lending practices.
  • Help intervene before financial distress: Timely data updates enable financial institutions to identify customers at risk of financial distress and offer assistance before it's too late.
  • Opt-out at any time: If a customer no longer wants to share their data, they can simply disconnect their account.

How this helps lenders

The introduction of 90 day reconfirmation into the open banking landscape enhances credit risk decisioning across the entire customer lifecycle. Here’s how:

1. Streamlining onboarding processes ✅

By regularly refreshing customer data, institutions can ensure that they have the most up-to-date information, reducing the risk of lending to individuals who may have experienced a significant change in their financial circumstances. This agility in data updates helps lenders make informed decisions and minimise the chances of extending credit to high-risk individuals.

2. Improved credit scoring models 📈

Credit scoring is the backbone of credit risk assessment. Accurate credit scores are crucial for making informed lending decisions. 90-day reconfirmation ensures that lenders have access to recent financial data, allowing them to create more precise credit scoring models.

With timely updates, credit scoring models can factor in changing financial behaviours, providing a dynamic assessment of a borrower's creditworthiness. This helps lenders identify shifts in a borrower's risk profile and adjust their lending criteria accordingly.

3. Dynamic portfolio management 📊

Managing a diverse portfolio of loans and credit lines is a complex task. Financial institutions need to monitor their portfolios continuously to mitigate potential risks. 90-day reconfirmation enables dynamic portfolio management by providing ongoing insights into customer behaviour and financial health.

With this feature, lenders can proactively identify deteriorating creditworthiness among their existing customers. This early warning system allows them to take corrective actions such as adjusting credit limits, offering financial counselling, or restructuring loans, ultimately reducing the risk of defaults and delinquencies.

4. Enhancing collections strategies 💪

Collections is an area where timely information is critical. The ability to identify accounts at risk of default early can significantly improve collections success rates. 90-day reconfirmation helps in this regard by providing lenders with real-time data updates on customer finances.

Lenders can use these updates to prioritise collections efforts, focusing resources on accounts that are more likely to default. By tailoring collection strategies based on the most recent financial data, financial institutions can reduce losses and improve overall collections efficiency.


The introduction of 90-day reconfirmation in open banking is set to enhance credit risk management across various use cases, including onboarding, credit scoring, portfolio management, and collections. This feature empowers financial institutions with ongoing real-time access to customer financial data, enabling them to make more informed decisions, adapt to changing customer circumstances, and proactively manage credit risk.

As the open banking ecosystem continues to evolve, financial institutions should seize the opportunity to leverage 90-day reconfirmation to enhance their risk management practices. By doing so, they can not only reduce risk but also improve customer satisfaction by offering more personalised and responsible lending services. This change aligns with the core principles of open banking—better decisions, minimal friction, and the creation of a modern financial services market that is more accessible and secure for all.

Stay up to date with the latest
Atto news

Get the latest news, thought leadership, product updates and customer stories straight to your inbox - subscribe to our blog today.