Longer consent in the UK from March 2022

Changes to SCA-RTS in the UK from March 2022 and what it means for Nordigen customers and users.

• After authenticating on the bank’s page or app once (the SCA process), the users don’t have to go through the process again. Consent can be reaffirmed on AISP’s (Nordigen’s) page.
• One customer, one bank connection login, multiple accounts => one consent, not separate consents by account.
• Such reconfirmation can be done by another party, to which the customer has delegated account access (such as an accountant).
• When 90 days elapse the AISP must stop accessing the data until the customer reconfirms. Once they do, access can resume. This can also happen at a later time, after a period of inactivity.
• Banks can choose not to apply these relaxed requirements, but are strongly encouraged to.
• Banks can require SCA (login) again at any time if they have reasonable suspicions of fraudulent activity
• These changes come into force 26 March 2022

• Customers of UK banks can reconfirm their consent using one click on Nordigen page without going through the bank login after they have done it once (we will inform our clients once the change for UK banks has been applied)
• You can follow the exact same flow to reauthorize accounts at UK banks as before - redirect the user to the url returned under “link” in requisition and Nordigen will redirect them back to the the redirect url you’ve provided when creating the requisition. Except the user will not have to go through the bank login, making this journey so much more smooth.
• If you create a new requisition, the user will have to go through bank login either way.
• If a user has multiple banks connected, they will have to go through the flow for each bank (on requisition level)
• Keep in mind that some UK banks might still require a login every 90 days.