/
TPP Consent Management Interfaces

This space is deprecated and no longer supported. Please use the latest available version here.

TPP Consent Management Interfaces

1. Overview

TPPs MUST provide Users with Consent Management Interfaces (CMIs) to view and revoke ongoing Consents that they have given to the TPPs. This section describes:

  • How to make these Consent Management Interfaces (CMIs) effective tools for Users

  • How the revocation journey should be constructed

Consent Management Interfaces (CMIs) play an important role in clearly and transparently setting out what Consents a User has provided for a TPP. Therefore, Consent Management Interfaces (CMIs) play a role in multiple user journeys, including:

  • Checking that the Consent is live (i.e. valid)

  • Reminding a User where they are providing Data Sharing or Service Initiation access from and for how long

  • Informing a User how long the access will continue for

  • Clarifying what level of access the TPP has

  • Revoking access

The TPP Consent Management Interface (CMI) SHOULD therefore be easy to find and easy to understand, which plays a key role in building trust with Open Finance-enabled services.

2. TPP Consent Management Interfaces (CMIs) examples

2.1 Wireframes

The following are example wireframes of TTP Consent Management Interfaces (CMIs), illustrating information that must be provided to Users for Data Sharing and Service Initiation Consents.

2.1.1 Data Sharing Consent Management Interface (CMI)

 

image-20240308-121935.png
Data Sharing Consent Dashboard - Details

 

image-20240308-122110.png
Data Sharing Consent Dashboard - History

2.1.2 Service Initiation Consent Management Interfaces (CMI)

 

 

2.2 Rules & Guidelines

ID

Rules & Guidelines

ID

Rules & Guidelines

1

The User-facing TPPs that offer both Data Sharing and Service Initiation MUST keep these Consent types separated to ensure clarity and prevent any misunderstandings by Users.

2

To aid clarity whilst providing detailed information when Users need it, Consent Management Interfaces (CMIs) MUST provide an Overview page that lists high-level information for all Consents, and a Detailed page for each Consent.

3

The User-facing TPPs MUST provide Users with sufficient information to enable them to make informed decisions on the Consent Management Interfaces (CMIs) Overview page.

As a minimum, TPPs MUST show the following details:

Consent Summary:

  • Consent State (“Awaiting", "Authorized", "Rejected", "Canceled" or "Finished")

  • Account Provider Name (Trading Name/nickname if used)

  • Account type and the last 4 digits of account number (if provided)

  • The expiry date for when the Consent will end (Note: A countdown is an optional element. If provided, it SHOULD be used in addition to an expiry date and not instead of it)

  • The date and time of the last occasion when Data Sharing or Service Initiation occurred from the connected account

  • Warnings or alerts if the Consent is close to expiry. TPPs can define how close to the expiry date they SHOULD start to alert Users depending on their business models.

4

The User-facing TPPs MUST provide Users with sufficient information to enable them to make informed decisions on the Data Sharing or Service Initiation Consent given.

These details MUST include all the values which are defined within the specific Data Sharing or Service Initiation Consent, when it was requested. These details are covered within the Rules & Guidelines for each of the areas of functionality covered by the Standard.

5

The User-facing TPPs MUST offer functionality (such as search, sort, filter etc.) to enable Users to search for the relevant Consent. This will be of particular benefit as the number of Consents for different LFI accounts given by Users to TPPs increases.

6

The User-facing TPPs MUST provide the following minimum set of filters in the Consent Management Interface (CMI) Overview page:

  • Users' LFI Name

  • Connected Account Number

  • Consent Type

  • Consent State

  • Consent Date

7

The User-facing TPPs SHOULD allow Users to edit their LFI account names by replacing the account name with a nickname such as "Household Account" or "Holiday Savings Pot."

8

The User-facing TPPs SHOULD provide extra explanatory text to help Users understand complicated topics like how to cancel their Consent. Using information bubbles helps to keep information manageable.

9

TPPs offering Service Initiation MUST provide the Service Initiation transaction details within the transaction log depending on the type of Service initiated. For details see the Rules & Guidelines for each of the areas of functionality covered by the Standard.

10

The Consent ID that is presented at the User-Interface (UI) MUST be user-friendly. TPPs MUST present the first and last four digits of the consent ID: 1234…….6789.

11

TPPs MUST offer a copy option that allows Users to copy the complete consent ID easily.

12

The User-facing TPPs MUST provide Users with a Transactions Log for every Service Initiation Consent. The Transactions Log SHOULD be easily accessible to Users by placing it on the Consent Management Interface’s Detailed page.

13

The User-facing TPPs MUST also provide a cancel (disconnect) button that allows Users to revoke their Consent. This is not applicable for irrevocable single-use Consents for Service Initiations such as Single Immediate Payments.

14

The User-facing TPPs MUST provide records of all past connections, including any previously granted Consents which had previously been:

  • Canceled at the LFIs or TPPs

  • Expired

  • Authorization Time Window Elapsed

  • Rejected

  • Finished

 3. Consent Revocation Journey

One of the most important functionality of the Consent Management Interfaces (CMIs) is to cancel a Long-lived Consent. The below journey illustrates the main steps involved:

Additionally, it is essential that TPPs make clear to Users of what will happen to the already-obtained data in their possession once the Consent is cancelled by the Users.

3.1 Wireframes

The below are example wireframes of the Consent Revocation journeys for Data Sharing and Service Initiation.

3.1.1 Data Sharing Consent Revocation Journey

3.1.2 Service Initiation Consent Revocation Journey

3.1.3 Rules and Guidelines

ID

Rules & Guidelines

ID

Rules & Guidelines

1

The Consent Management Interface (CMI) Detailed page MUST allow Users to cancel the Consent they have provided easily and without obstruction or excessive barriers.

2

Once Users have clicked “Cancel” in the Consent Management Interface (CMI) Detailed page, TPPs MUST only provide one page before canceling/revoking the Consent, which clearly sets out the implications of cancelling to ensure that Users want to proceed with the cancellation. The Consent Cancellation Confirmation page MUST be provided after this to confirm that the connection is no longer active.

3

The User-facing TPPs MUST make the exact consequences of canceling the Consent clear to Users in the Consent Cancellation Confirmation page (i.e., they will no longer be able to provide the specific service to Users).

4

For Data Sharing Consents, the Consent Cancellation Confirmation page MUST confirm what happens to any existing data that TPPs have already retrieved. TPPs MUST ensure that they are fair and transparent about how existing data is processed and that no longer required data is deleted, where appropriate, in accordance to any relevant laws and regulations.

For Data Sharing Consents, TPPs MUST present the data at a Data Cluster level and allow Users to expand the level of detail to show each Data Permission.

For Service Initiation Consents, TPPs MUST present the conditions and controls related to the Consent and allow Users to expand the level of details to show each Service Initiation Consent details.

5

The User-facing TPPs MUST inform LFIs that Users have withdrawn their Consents, and the Consent state “Canceled” MUST be reflected to the User in the Consent Management Interface (CMI) Overview page.

6

In the Consent Cancellation Notification page (i.e. the last page) the User-facing TPPs MUST inform Users that the connection to their account has been canceled and no further Data Sharing will be provided or no further Service Initiations are to be performed by the LFIs as the LFIs have withdrawn the Consent given to the TPPs.

After TPPs set the state of the Consent to ‘Canceled’, the LFIs are advised to inform Users via their own channels (for example via SMS or a notification on their mobile phone) that TPPs will no longer have Data Sharing or Service Initiation access to their account.

4. Consent Management Interfaces (CMIs) when customer-facing service provider and TPP are different entities

If there are customer-facing service providers (e.g. Merchants) who are not TPPs but have commercial relationships with TPPs, the TPPs MUST ensure that the Consent reflects this information correctly so that it can be displayed accurately to Users on the LFI Consent Management Interfaces (CMIs).

These entities are referred to as customer-facing service providers, as they are providing the end service to the end-Users, whereas TPPs in these cases are only undertaking the Data Sharing or Service Initiation activities. This could occur in merchant journeys for example, where a merchant contracts with a TPP to provide Variable Recurring Payments as a payment option on their platform.

4.1 Examples

TPP Trading Name 
(Client Name in the APIs)

Registered Legal Entity Name (Company Name/Organisation Name)

Customer-facing entity name (‘via’ field in the APIs)

What to display on Dashboards

TPP Trading Name 
(Client Name in the APIs)

Registered Legal Entity Name (Company Name/Organisation Name)

Customer-facing entity name (‘via’ field in the APIs)

What to display on Dashboards

ABC Trades

ABC Company Ltd

 

ABC Trades

ABC Company Ltd

ABC Company Ltd

 

ABC Company Ltd

ABC Company Ltd

ABC Company Ltd

OBO Ltd

OBO Ltd via ABC Company Ltd

[TPP Trading Name]

[TPP Company name]

[Merchant Trading name]

[Merchant Trading name] via [TPP Trading Name]