Open Banking lets UK financial businesses read customer bank data and initiate payments directly from bank accounts, using regulated APIs built on the Faster Payments rails. As of 2025 it serves over 11.7 million active users, processed more than 351 million payments across the year, and contributes around £4 billion to the UK economy. The two core capabilities are Account Information Services (AIS), which power affordability checks, cash-flow forecasting and reconciliation, and Payment Initiation Services (PIS), which power Pay by Bank and account-to-account transfers at a fraction of card costs. Bank-transfer fraud through Open Banking runs at just 0.013 percent, well below the 0.045 percent industry average. To act on it you either become FCA-authorised as a Third Party Provider or integrate through an authorised aggregator such as TrueLayer, Yapily or GoCardless. This guide covers the opportunities, costs, FCA rules and the 2026 roadmap.
Last updated: June 2026
Open Banking is a regulated framework that lets authorised third parties access a customer's bank account data and initiate payments on their behalf, but only with that customer's explicit consent. It was created by the Competition and Markets Authority order of 2017 and underpinned by the second Payment Services Directive (PSD2), which forced the UK's nine largest banks to open secure APIs. What used to require screen-scraping or manual bank statements now happens through standardised, encrypted connections governed by the Open Banking standard.
There are two functional pillars, and understanding the split is the single most useful thing for a business owner researching this space. Account Information Services (AIS) let you read data: balances, transaction history, account holder details. Payment Initiation Services (PIS) let you move money: you instruct a payment that the customer approves in their own banking app. AIS accounts for roughly 80 percent of all API calls, because reading data has more use cases than moving it, but PIS is where the fastest commercial growth is happening.
The plumbing matters. Open Banking payments settle over the Faster Payments scheme, which means money typically arrives in seconds rather than the days that card settlement and BACS can take. There is no card network in the middle, no interchange fee, and no 16-digit number to be stolen. The customer authenticates inside their trusted banking app using Strong Customer Authentication, usually a fingerprint or face scan, so the merchant never touches the credentials.
Our view: the term "Open Banking" undersells what it is. It is not a feature you bolt on, it is direct, consented access to the UK banking system as a programmable utility. Once you frame it that way, the opportunity becomes obvious.
Here is the core distinction at a glance:
| Capability | Account Information (AIS) | Payment Initiation (PIS) |
|---|---|---|
| What it does | Reads account data with consent | Initiates a payment with consent |
| Typical use | Affordability, forecasting, reconciliation | Pay by Bank, account-to-account transfers |
| Share of API calls | Around 80 percent | Around 20 percent and rising fast |
| Settlement | Not applicable (read only) | Seconds, via Faster Payments |
| Authorisation needed | AISP permission from the FCA | PISP permission from the FCA |
You can hold one permission, both, or neither and rely on an authorised partner. That choice shapes your cost, your compliance burden and your time to launch, which we break down later in this guide.
Open Banking unlocks at least six concrete revenue and cost opportunities for UK financial businesses, ranging from cheaper payment acceptance to faster lending decisions. The right ones for you depend on whether you are a lender, an accountant, an e-commerce operator, a subscription business or a payments firm. The strongest pattern we see is firms layering AIS for underwriting and PIS for collection, so a single bank connection does double duty.
Adoption proves this is not theoretical. Around one in five UK consumers and small businesses now use Open Banking, with the active user base passing 11.7 million in early 2025 and API calls exceeding two billion by mid-2025. Momentum like that turns "interesting technology" into "competitive disadvantage if you ignore it".
The sector-by-sector opportunity breakdown looks like this:
| Sector | Primary opportunity | Capability used |
|---|---|---|
| Lenders and brokers | Real-time affordability and income verification | AIS |
| Accountants and bookkeepers | Automated reconciliation and live cash-flow feeds | AIS |
| E-commerce and retail | Pay by Bank checkout, lower fees, no chargebacks | PIS |
| Subscription and SaaS | Variable Recurring Payments for flexible billing | PIS (VRP) |
| Wealth and fintech apps | Account aggregation and personal finance dashboards | AIS |
| Payments and PSPs | Account-to-account rails as a card alternative | PIS |
Take lending first. Instead of asking applicants to upload three months of PDF statements, an authorised feed pulls categorised transaction data in seconds. You see real income, real spending, real existing debt obligations, and you make a decision while the customer is still on the page. Decisioning that took two days can take two minutes, and the data is harder to fake than a doctored PDF.
For accountants and the firms they serve, the win is reconciliation. A live AIS feed matches bank transactions to invoices automatically, which is the kind of repetitive work that business process automation was built to remove. Cash-flow forecasting becomes continuous rather than a monthly scramble.
For e-commerce, Pay by Bank moves money instantly from the customer's account to yours with no card fees and no chargeback exposure, because the payment is authenticated by the bank, not disputed weeks later. The trade-off is that Open Banking has no built-in chargeback mechanism, which we treat honestly in the limitations section.
The honest rule here: do not chase every opportunity at once. Pick the single use case where the maths is most obviously in your favour, ship it, measure it, then expand. Firms that try to boil the ocean stall in procurement.
Open Banking payments are typically a fixed low fee per transaction rather than a percentage of the basket, which makes them dramatically cheaper than cards on higher-value payments. Where a card payment might cost 1.2 percent to 2.9 percent plus a fixed fee, a typical Open Banking payment in 2026 costs in the region of 10p to 40p flat, or a low fixed amount through an aggregator. On a £500 transaction the difference is the gap between roughly £8 and roughly 20p.
The reason is structural. Card payments carry interchange paid to the issuing bank, scheme fees paid to Visa or Mastercard, and the acquirer's margin. Open Banking removes all three by going account to account over Faster Payments. There is no interchange because there is no card.
Here is an illustrative comparison on a single £500 payment using plausible 2026 UK pricing:
| Method | Typical fee model | Cost on £500 | Settlement |
|---|---|---|---|
| Credit card | ~1.8% + 20p | ~£9.20 | 1 to 3 days |
| Debit card | ~0.9% + 20p | ~£4.70 | 1 to 3 days |
| BACS Direct Debit | ~£0.20 to £1 fixed | ~£0.50 | 3 working days |
| Open Banking (PIS) | ~10p to 40p fixed | ~£0.25 | Seconds |
Now scale that. A business taking 2,000 payments of £500 a month pays roughly £18,400 a year in credit card fees versus roughly £6,000 a year through Open Banking, a saving of more than £12,000 annually before you count the cash-flow benefit of instant settlement. For high-ticket or high-volume merchants the case writes itself.
There is more than headline fees, though. Consider the full economics:
Our stance: cards are not going away, and you should keep them as an option because some customers expect them and want the consumer protections cards offer. The smart play is to present Open Banking as the default for higher-value payments, often with a small incentive, and let cards remain the fallback. Do not force it; nudge it.
Variable Recurring Payments (VRPs) are the headline 2026 opportunity because they finally give Open Banking a way to handle recurring, variable-amount billing with a single consent, closing the one gap that kept it behind Direct Debit and card-on-file. A VRP lets a customer authorise a business to pull payments within agreed limits, so a subscription, utility bill or variable invoice can be collected automatically without re-authorising each time. VRPs already account for around 16 percent of Open Banking transactions, and the first commercial VRP (cVRP) wave is rolling out from the first quarter of 2026.
Until now there were two flavours. Sweeping VRPs move money between a customer's own accounts, for example automatically topping up a current account from savings, and these have been mandated and free. Commercial VRPs let a customer pay a third party, such as a gym, an energy supplier or a SaaS vendor, and these are the commercially significant ones now arriving under agreed pricing frameworks.
Why does this matter so much? Because recurring revenue businesses have lived with two imperfect tools. Direct Debit is cheap but slow, indemnity-exposed and clunky to set up. Card-on-file is fast but expensive, exposed to expiry and card fraud, and suffers involuntary churn when cards are replaced. VRP combines the best of both: cheap like Direct Debit, instant like a card, and resilient because it is tied to the account, not a card that expires.
Here is how the three recurring options compare:
| Feature | Card-on-file | Direct Debit | Commercial VRP |
|---|---|---|---|
| Cost per collection | High (percentage) | Low fixed | Low fixed |
| Settlement | 1 to 3 days | 3 working days | Seconds |
| Involuntary churn | High (card expiry) | Low | Very low |
| Variable amounts | Yes | Yes | Yes, within limits |
| Consumer control | Limited | Moderate | Strong, app-level limits |
The customer experience is the quiet superpower. With cVRP, a subscriber sees and controls the maximum amount and frequency inside their banking app, and can cancel in one tap. That transparency builds trust and, counterintuitively, reduces cancellations because customers feel in control rather than trapped.
If you run a subscription, membership or usage-based business, our advice is blunt: start scoping VRP now. The firms that integrate cVRP early will have a structural cost advantage over competitors still paying card fees on every monthly charge. A well-built GoHighLevel automation or billing workflow can sit on top of VRP to handle dunning, retries and notifications automatically.
To provide Open Banking services directly you must be authorised or registered by the Financial Conduct Authority as an Account Information Service Provider (AISP), a Payment Initiation Service Provider (PISP), or both, and you must comply with UK GDPR and the Data Protection Act 2018 for the personal data you handle. There are currently around 145 live Third Party Providers operating in the UK market, which tells you the bar is real but achievable. If you do not want that burden, you operate as an agent of an authorised provider or simply consume an aggregator's licence, which we cover in the next section.
The authorisation route is not trivial. The FCA expects a credible business plan, evidence of adequate capital, fit and proper senior managers, robust IT and security controls, professional indemnity insurance, and a clear consent and data-handling framework. Timelines vary, but you should plan for several months from application to permission, plus the cost of legal and compliance support.
On data, the obligations stack up. Consent must be explicit, specific, time-bound and easy to withdraw. AIS access is capped: you cannot pull data indefinitely without re-consent. You must minimise what you collect, secure it properly, and be transparent about how it is used. The Information Commissioner's Office enforces UK GDPR, and the FCA enforces the conduct rules, so two regulators are watching.
Here is a practical compliance checklist for firms entering the space:
| Requirement | Owner | Why it matters |
|---|---|---|
| FCA AISP/PISP permission or agent status | FCA | Legal basis to provide the service |
| Strong Customer Authentication flows | Bank and provider | Mandatory consent and security |
| Explicit, withdrawable consent records | Your firm | UK GDPR lawful basis |
| Data minimisation and retention policy | Your firm | ICO compliance |
| Professional indemnity insurance | Your firm | FCA condition |
| Incident and breach reporting process | Your firm | Regulatory obligation |
Be sceptical if a vendor tells you compliance is "handled" without explaining the split. When you build on an aggregator, they typically hold the regulated permission and you operate within their consent framework, but you remain a data controller for the personal data you process and store. You cannot outsource accountability under UK GDPR, even when you outsource the licence.
The regulatory ground is also shifting in your favour. The Data (Use and Access) Act 2025 puts Open Banking on a long-term statutory "smart data" footing, the FCA is setting out a Long-Term Regulatory Framework during 2026, and a Future Entity is replacing the Open Banking Implementation Entity as the standards body. Translation: the rules are becoming more stable and more permanent, which de-risks investment.
For the overwhelming majority of UK financial businesses, the right answer is to integrate through an aggregator rather than build direct bank connections in-house. Building direct integrations to dozens of banks, each with its own API quirks, certificate management and uptime profile, is a multi-year engineering commitment that only makes sense at very large scale or where you intend to become an Open Banking provider yourself. An aggregator gives you one API, broad bank coverage, and their regulatory licence, which is why firms like TrueLayer, Tink, Yapily, GoCardless and Finexer exist.
Think of it like email: you could run your own mail servers, but almost no one should. The aggregators have already solved the hard, boring, ongoing problems of maintaining connections to every bank as those banks change their systems.
Here is the decision framework we use with clients:
| Factor | Build direct | Use an aggregator |
|---|---|---|
| Time to launch | 12 to 24 months | 4 to 12 weeks |
| Upfront cost | Very high (£250k+) | Low (integration only) |
| Bank coverage | Whatever you build | Broad, maintained for you |
| Regulatory licence | You must hold it | Often provided by partner |
| Ongoing maintenance | You own every bank API | Handled by the aggregator |
| Best for | Banks, large PSPs, scale players | Almost everyone else |
The aggregators differ in focus. Some lean towards data and AIS use cases, some towards payments and PIS, some towards specific verticals like lending or recurring billing. Choosing well means matching the provider's strength to your primary use case, then checking commercials, bank coverage for your customer base, support quality and roadmap for VRP and Open Finance.
Where the build-versus-buy decision gets nuanced is the layer above the aggregator. The aggregator gives you raw connectivity and data; it does not give you your underwriting logic, your reconciliation rules, your checkout experience or your customer-facing workflows. That is the part worth building well and tailoring to your business, and it is exactly where a bespoke software development partner or custom CRM development earns its keep. Our consistent advice: buy the connectivity, build the differentiation.
One more honest point. Aggregator pricing models are still maturing. Some charge per call, some per active user, some per payment, and the commercial model for Open Banking generally is one of the genuine uncertainties in the market. Negotiate, model your volumes carefully, and avoid contracts that punish you for growth.
Open Banking is powerful but not perfect, and the honest limitations are bank coverage gaps, consent friction, the absence of chargebacks, refund handling complexity and ongoing commercial-model uncertainty. Most vendor pages skip this section because it is not a sales pitch. We include it because pretending the risks do not exist is how integrations fail in production and customers churn.
Start with coverage. While the major UK banks are well supported, smaller banks, building societies and business account providers can have patchy API reliability, slower performance or missing features such as VRP. If a meaningful slice of your customers bank somewhere with weak support, the experience degrades for exactly the people you need to convert. Always check real coverage against your actual customer base, not the marketing list.
Then consent friction. Every Open Banking payment or data pull requires the customer to be redirected to their banking app, authenticate, and approve. That is secure and trustworthy, but it adds steps compared with a saved card, and some customers drop off. Good UX design narrows this gap considerably, but it never disappears entirely.
The chargeback gap cuts both ways and deserves a clear-eyed look:
Refunds deserve their own mention. Because a payment is a push from the customer, refunding means initiating a new payment back to them, which requires you to hold or capture their account details and run a clean process. It is manageable, but it is not automatic the way a card refund feels.
Finally, commercial uncertainty. The pricing of commercial VRP and the long-term economics of the ecosystem are still settling under the new regulatory framework. This is not a reason to wait, but it is a reason to keep contracts flexible and to model a range of cost scenarios.
Our blunt stance: Open Banking is a fantastic fit for affordability checks, account-to-account payments on higher-value or recurring transactions, and data-driven onboarding. It is a weaker fit, today, as a total replacement for cards on low-value impulse purchases from unfamiliar sellers. Match the tool to the job and it rarely disappoints.
Softomate Solutions delivers Open Banking integrations as a fixed-quote, five-stage project that takes a typical UK financial business from idea to live in roughly 6 to 12 weeks, depending on scope. We are a London-based AI automation agency in Stanmore (HA7), and we build the differentiating layer on top of authorised aggregators, so you get speed to market without taking on the wrong risks. We do not sell you a licence you do not need or a 24-month build when a 6-week one will do.
Our process is deliberately structured so you always know what happens next and what it costs before we start:
Indicative timeline and pricing for a typical engagement:
| Stage | Typical duration | Indicative cost |
|---|---|---|
| Discovery and scoping | 1 to 2 weeks | From £1,500 |
| Provider selection and architecture | 1 week | Included in build |
| Build and integration | 3 to 6 weeks | From £8,000 |
| Compliance and testing | 1 to 2 weeks | Included in build |
| Launch and optimisation | Ongoing | From £600 per month |
A focused single-use-case integration, for example AIS affordability checks feeding a lending decision, typically starts from £8,000 as a fixed quote. A broader build combining AIS and PIS with VRP-ready billing and CRM integration sits higher depending on scope. Every project is quoted as a fixed price after discovery, so there are no surprise day rates and no open-ended billing. If you also need the surrounding workflow automated, our process automation and CRM development teams build that in the same engagement.
Our honest promise: if Open Banking is the wrong fit for your use case, we will tell you in discovery and recommend the better tool, rather than sell you a project you do not need.
Yes. Open Banking is regulated by the FCA, uses bank-grade Strong Customer Authentication, and never exposes login credentials to merchants. Fraud on Open Banking bank transfers runs at just 0.013 percent, well below the 0.045 percent wider industry average. Customers approve every action inside their own trusted banking app.
Through an authorised aggregator, a focused single-use-case integration typically takes 4 to 12 weeks from scoping to live. Building direct bank connections in-house takes 12 to 24 months and rarely makes sense unless you are a bank or large payments provider operating at significant scale.
Open Banking payments usually cost a low fixed fee of around 10p to 40p per transaction, versus card fees of roughly 0.9 percent to 2.9 percent plus a fixed amount. On a £500 payment that is roughly 25p versus several pounds, so savings grow fastest on higher-value or higher-volume transactions.
Only if you provide the regulated service directly. To do that you need AISP or PISP permission from the FCA. Most businesses instead integrate through an authorised aggregator that holds the licence, so you launch faster while remaining responsible as a data controller under UK GDPR.
Account Information Services (AIS) read bank data with consent, powering affordability checks, forecasting and reconciliation. Payment Initiation Services (PIS) move money with consent, powering Pay by Bank and account-to-account transfers. AIS is about 80 percent of API calls; PIS is the faster-growing payments side.
Variable Recurring Payments (VRPs) let a customer authorise recurring, variable-amount collections within agreed limits using a single consent. Commercial VRP is rolling out from early 2026 and matters because it is cheaper than card-on-file, instant unlike Direct Debit, and resilient against card-expiry churn for subscriptions and bills.
Increasingly, yes, through commercial VRP. Until cVRP matured, recurring billing relied on Direct Debit or card-on-file. VRP combines low fixed cost, instant settlement and strong customer control, making it well suited to subscriptions, memberships and usage-based billing for UK businesses adopting it from 2026.
There is no built-in chargeback mechanism, which removes friendly fraud and dispute fees but means you must run your own refund process by initiating a payment back to the customer. For high-trust account relationships this is fine; for one-off purchases some buyers still prefer card protection.
Match the provider's strength to your primary use case. Some aggregators specialise in data and AIS, others in payments and PIS, others in lending or recurring billing. Then compare bank coverage for your actual customers, commercial model, support quality and VRP roadmap before committing to a contract.
The Data (Use and Access) Act 2025 puts Open Banking on a statutory smart-data footing, the FCA is setting out a Long-Term Regulatory Framework during 2026, an Open Finance roadmap is due in March 2026, and a Future Entity is replacing the OBIE as the standards body, making the rules more stable.
Open Banking has moved from emerging technology to UK financial infrastructure, with 11.7 million-plus active users, 351 million payments in 2025 and fraud running at just 0.013 percent. For your business the decision is not whether it works but where to apply it: AIS for affordability checks and reconciliation, PIS for Pay by Bank at around 25p versus several pounds on cards, and commercial VRP for recurring billing from 2026. For almost everyone the path is to integrate through an authorised aggregator in 4 to 12 weeks rather than build direct over 12 to 24 months, then build your own differentiating logic on top. Mind the honest limitations: bank coverage gaps, consent friction and no chargebacks. With the Data (Use and Access) Act 2025 and the FCA's Long-Term Regulatory Framework arriving, the ground is more stable than ever. The firms that pick one high-value use case and ship it now will hold a structural cost advantage over those still waiting.
If you are ready to turn Open Banking into lower payment costs, faster lending decisions or VRP-powered billing, talk to our team about a fixed-quote integration through our London AI automation agency or get in touch via our contact page.
Written by Deen Dayal Yadav, Founder of Softomate Solutions, a London-based AI automation and software development agency in Stanmore (HA7). With over 12 years building software, payment integrations and automation systems for UK businesses, he leads a team that delivers FCA-aware Open Banking integrations, custom CRMs and process automation as fixed-quote projects. Softomate Solutions is registered at Companies House and works with lenders, accountants, e-commerce operators and fintechs across the UK. Learn more on our about page.
We protect the real names of all clients featured in examples and case studies. Every testimonial is from a real client.
More from the blog
Work with us
Every project we take on has a measurable outcome. Talk to our London team and we will show you exactly how we would approach your challenge.
Softomate Solutions Limited
Deen Dayal Yadav
Online
