Data with Consent

All data access via the UI requires the consent of the End-User

Overview

Underpinning all of our services is a Consent-based API access model. The ability to access read/write APIs is done so with the End-User's consent.


Consent Capture & Authentication

The End-User of your Application gives consent to FNZ to share personal financial data with your Application. This consent has to be authorised with the Account Servicer.

We provides a ready-made UX flow that can be launched from your Application to:

  1. Present to the End-User a list of Account Servicers that your Application is connected with.
  2. Capture the End-Users Consent to share their data with you.
  3. Redirect the End-User to their selected Account Servicer to authorise the consent request.
  4. Redirect the End-User back to your Application.

Once completed a Consent record with be created. This can be viewed, revoked and in some cases can expire after a set timeframe.

540

Consent - Authentication Flow

Access Control Models

Who is the End-User that is giving consent?

Your Application's End-User, is the real world person who executes the Consent Journey, authenticates with their credentials at the Account Servicer, and consents to allowing your Application to access their data on their behalf.

This End-User is known as the Authorising-user on the Platform. They will be an account holder with an Account Servicer and a user of your Application.

We supports different access control models that reflect the End-User's relationship with the data subjects in reality.

The End-User is the account holder. e.g. The End-User is an individual in the real world that has consented to give your Application access to Account Information from their bank account. In this scenario they are the customer that has a direct relationship with the account(s).

The End-User is an agent. An agent is someone that has a relationship with the customer that holds the accounts to which the account information relates. e.g. The End-User is a Financial Advisor or Wealth Manager that has consented to give access to their account on an Advisory Platform or Wealth Management System. Through that account they manage 1 to n customer(s) who each have relationships with 1 to n account(s).

1054

End-User Types