Open Finance Customer Consent Flows

Consent management is a key component of Open Finance ecosystems, including Open Finance initiatives and more broad Open Finance initiatives like Consumer Data Right (CDR) or Financial Data Exchange (FDX). It refers to the process of obtaining and managing consent from consumers for the collection, use, and sharing of their financial data.

In Open Finance ecosystems, financial institutions and other organizations are required to implement APIs that allow consumers to manage their consent preferences for their data. This includes APIs for requesting consent, granting consent, and revoking consent.

Open Finance allows for transparent and controlled financial operations while ensuring the maximum data security and privacy. There are a number of processes and mechanisms behind it with the most evident but perhaps also the most powerful one being the use of consents. The use of consents, which are fundamental for privacy assurance, guarantees that the access to data is always consciously granted by the data owner, with the time and the scope limited as needed. To enable the proper flow of contents in the ecosystem, its participants are required to create and manage specific consents types as defined in OF standards. Properly-processed consents are means of communication between different Open Finance parties allowing for the information exchange between them and, ultimately, their integration.

As specified in Open Finance standards, consents are created and provided by Open Finance actors to request the users' access to specific scopes of data.

The user can manage their consents themselves in the self-service application. Such as application is usually available from the bank website as a customer portal. The use can visit the portal, log in to the account, and check what applications they share access to their accounts with and can revoke some consents.

The bank administrator can manage users' consents granted to the Fintech applications in the admin application. Such as application is usually built and provided to the admins by the bank (developers) as an admin portal. In the portal, the administrator can preview all the users' consents and their statuses. If needed, users' consents can be also revoked by the bank administrator in the portal.

SecureAuth provides a set of features that not only allows the maximum privacy and security of financial operations but also enables Open Finance. SecureAuth provides rich APIs both for creating and managing consents in accordance with Open Finance standards.

Consent pages built for Open Finance authentication and authorization purposes use internal APIs of SecureAuth to accept or reject the consents.

The APIs for creating and managing consents are provided by SecureAuth out-of-the-box along with complete applications serving the same purposes. Installing SecureAuth, you get a set of easily-integrated APIs to create and manage the user consent.

You can see how consents are processes in the Open Finance Quickstart that SecureAuth provides on GitHub. Specifically, there are two applications to help you understand the flow and the lifecycle of consents in the Open Banking environment: the admin portal and the customer portal. Exploring the two sample application in the sandbox, you can learn how SecureAuth enables the integration for consent-management purposes.

Another mock application available in the sandbox is the SecureAuth portal itself. It is configured so that its features are in line with Open Finance standards. For example, in the openbanking workspace, the Consent screen function is preconfigured to use the Open Banking consent type.