Consent and permissions
Make customer control verifiable
Open finance consent must be understandable, granular, revocable and synchronized with every customer relationship channel.
Describe the permission
Each permission should specify the data user, accessed data, purpose, duration, access frequency and withdrawal mechanism.
- Short, non-misleading customer text
- Unique permission identifier
- Compliance-readable log
- Withdrawal propagated to API gateway
Plan for disputes
Keep timestamped evidence of consent, screen versions and withdrawal actions. Support teams must be able to explain who accessed what, when and why.