How to communicate 90-day reauthentication changes to your customers

If you’re an Account Information Service Provider (AISP), the UK Financial Conduct Authority’s (FCA) amendment to the 90-day rule has probably been a point of discussion for your developers, product teams, and designers for the last several months.

But, with the FCA encouraging UK banks to offer users the option to re-confirm their consent by September 30, 2022, the clock is ticking for AISPs to roll out new processes. Coordination with banks, technical workflows, and user experience should all be top of mind…and communication with customers shouldn’t be an afterthought.

Want to learn more about 90-day reauthentication changes? Check out this blog.

How to keep your customers up-to-date on changes

To help you clearly communicate how these changes will impact user experience for your customers, we’ve put together email templates to help you explain what’s changing, when, and what could happen if users don’t re-confirm their consent.

Note: These should be adapted to suit your customers, and it’s essential all customer comms are easy to understand. That means you should skip the technical complexity and avoid too much policy-related jargon. It’s also essential all comms are run by your internal legal and compliance teams to ensure you’re fulfilling your obligations.

Email #1: Explaining what’s changing and when

Using [insert app name] is about to get even easier.

Soon, you’ll be able to re-confirm your consent right here in the app, instead of re-authenticating with your bank every 90 days.

What does that mean for you? Secure, continued access to [insert services/solutions] without the hassle of redirects or MFA.

You’ll notice a few small changes in the app starting [insert date]. Don’t worry, we’ll give you a sneak peek beforehand so you know what to expect.

[CTA to get in touch with questions]

Email #2: Sharing updated user flows

You might notice a few changes in the app starting [insert date]. Don’t be alarmed! We think you’ll like it…

Currently, every 90 days, you’re redirected to your bank to ensure you have continued access to [insert services/solutions]. It looks something like this:

[insert image of CTA to re-authenticate via bank]

In [x days] it’ll look more like this:

[insert image of CTA to re-confirm consent]

Easy, right?

[CTA to get in touch with questions]

Email #3: Reminding customers to re-confirm consent

Uh-oh! Looks like you’re about to lose access to [insert services/solutions]. It’s easy to stay connected. All you need to do is re-confirm consent right here in the app.

[insert step-by-step guide]

[CTA to get in touch with questions]


The FCA have amended the 90-day reauthentication rule, consumers and businesses will now only have to rauthenticate their open banking connections through SCA every 180 days.


21st September 2022

6 min read

Everything you need to know about 90-day reauthentication changes

Since PSD2 was introduced in 2018, if users wanted to access their data via open banking, they had to provide their consent to every service provider, for each of their connected bank accounts, every 90 days through Strong Customer Authentication (SCA).

Image description


23rd September 2022

12 min read

Navigating open banking providers: 50 questions to ask

In this guide, you’ll learn how to evaluate open banking providers and what questions to ask to ensure you choose the right partner.

Glossary of open banking terms to help understand acronyms and jargons when navigating the open banking marketplace.


16th September 2022

11 min read

Yapily’s A-Z open banking jargon buster

One simple guide to help you navigate your AISPs, PISPs and more…

Build personalised financial experiences for your customers with Yapily. One platform. Limitless possibilities.

Get In Touch