Brexit

Yapily's recommendations and information about the upcoming Brexit changes.

The upcoming Brexit deadline of the 31st December means that there are numerous changes required by each Institution, Yapily and our clients.

Key Changes

  • Every Institution with the GB country tag will continue to work with no changes required until July 2021
  • Every Institution with a non-GB country tag will cease to work using a UK registration after December 31st
  • For SafeConnect Customers: Yapily's temporary Fintecture eIDAS registration will be used for all European Institutions from January 1st 2021
  • For SafeConnect Customers: Yapily is expected to obtain its Lithuanian eIDAS registration which will be used in the UK and to passport into all existing and future European countries in Q1 2021

Our plans

December 2020

Yapily is currently going through the process of migrating and testing the Fintecture eIDAS registration with each European Institution. Yapily plans to start migrating SafeConnect customers before the end of 2020.

January 2021

Yapily plans to have migrated all SafeConnect customer applications to use the Fintecture registration for banks in Europe.

Q1 2021

For SafeConnect Customers: Yapily anticipates that it will recieve the go ahead to passport into each of the European countries that it has Institution integrations for in Q1 2021. As each country is approved, Yapily will be testing the registrations for each Institution internally to ensure that it can seamlessly switch SafeConnect customers over to the new certificate.

While certain countries may be approved, tested and ready earlier than others, Yapily's plan is to wait for all major countries to be ready for passporting using our Lithuanian registration. This is so that Yapily can minimalise the number of code changes required for its SafeConnect clients.

July 2021

This is the deadline for when each Institution with the GB tag must stop using the legacy certificates (transport + signing) and be using the OBWAC + OBSEAL certificates. For direct customers, see the Registration details for more information on the required changes. For SafeConnect, Yapily plans to do this for you before the deadline.

Unlike the registration changes, this change will not result in losing any consents.

Changes to Institutions

UK Institutions

There are no required changes for applications that contain GB-only Institutions until July 2021. From July 2021, Institutions in the UK will stop accepting the Open Banking legacy certificates (transport + signing). If you are a direct customer check the required steps to prepare for this change. If you are a SafeConnect customer, Yapily will make this change for you before the deadline.

European Institutions

From January 1st 2021, every European Institution will require a European-based eIDAS certificates for continued Open Banking connectivity. From this date, each Institution will no longer accept UK-based eIDAS certificates due to the impending changes regarding Brexit.

Special Cases

  • PayPal: Paypal account holders can be both UK and non-UK. As a result, we are introducing a new Institution paypal-eu in order to split UK and European accounts. From 1st January, you will require both intergrations if you have PayPal customers in both the UK and across Europe.
  • Revolut: We anticipate Revolut to require a similar solution to PayPal
  • AMEX: We also expect the AMEX integration to require a similar solution to PayPal

Changes you need to make

There are a different number of things to bear in mind depending on whether you are a direct customer or a SafeConnect customer:

Direct Customers

Registration

  • As a direct customer, you will need to obtain your own eIDAS license if you wish to connect to banks in Europe
  • If you are only interested in GB Institutions, there are no other changes required until July 2021 when the UK banks will stop accepting the Open Banking legacy certificates (transport + signing). Before this deadline, you will need to generate a new key pair of OBWAC + OBSEAL certificates in the Open Banking Directory under your existing organisation and upload them to them to the Yapily Dashboard certificate store. For each Institution, you will then need to edit the credentials in the Institutions tab of your appropriate application(s) in the Yapily Dashboard and update the Key Id, Sigining Certificate and Transport Certificate

SafeConnect Customers

Registration

  • Yapily will be switching every non-GB Institution to use the Fintecture license before January 1st 2021. If you have Institutions in both Europe and the UK, this will mean using the Fintecture registration in Europe and the SafeConnect registration in the UK. For your Institutions in Europe that will be moved to the Fintecture registration, this will result in some disruption for your consents so you will need to prepare accordingly
  • Once Yapily's Lithuanian registration is complete and can passport into all the European countries, Yapily will revert to using one registration for every Institution. You will then be able to revert to using only the SafeConnect guidelines for each GB and non-GB Institution. This change will once again result in some disruption for your consents

Consent Guidelines

Up until now, the redirectUrl has been set to https://auth.yapily.com/ but for all Fintecture registrations (every non-GB bank after 1st January), the redirectUrl will be https://auth.fintecture.com/. Inline with this change, the SafeConnect guidelines will have to be adjusted so that the existing consent screen containing the SafeConnect logo, T&Cs and name when Institution.countries array contains the countryCode2=GB. For each Institution that has a countryCode of any other value, you will need to replace the SafeConnect wording to "Fintecture" and use the following T&Cs and logos:

  • Fintecture T&Cs
  • Fintecture Privacy Policy
  • Logo Dark Blue
  • Logo White
    • Consent Guidelines Example

      Non-UK banks (before Brexit):

      What happens next

      SafeConnect will ask to securely authorise and execute a payment from your bank and provide the payment details to [YOUR APP].

      Who is SafeConnect

      SafeConnect Ltd is authorised and regulated by the Financial Conduct Authority under the Payment Service Regulations 2018 for Account Information and Payment Initiation Services.


      Non-UK banks (after Brexit):

      What happens next

      Fintecture will ask to securely authorise and execute a payment from your bank and provide the payment details to [YOUR APP].

      Who is Fintecture

      Fintecture SAS is registered with the ACPR under the number 17248 for the provision of Account Information and Payment Initiation Services.

      If you are a GB-only customer, then these changes do not apply.

Customer Impact

Regardless of whether you are a direct customer and are currently in the process of obtaining your own eIDAS license or you are a SafeConnect customer, obtaining a Brexit-ready registration to accomodate for European banks will have some implications for the consents within your application(s).

AIS

Once you change to your Brexit-ready registration for each Institution, you will lose all AIS consents for each Institution. You will have to request the user's to authorise their consents for your applications again.

PIS

Once you change to your Brexit-ready registration for each Institution, you will lose all PIS consents for each Institution. While the impact is less significant for PIS since you must obtain a user authorisation for every payment, you will no longer be able to check on the status of payments.

Make sure you leave enough time to switch over to your European banks so that you are able to verify that all payments transition from PENDING to COMPLETED.