πŸ’° FinTechOn TimeπŸ“‹ Fixed Price

FinTech Open Banking PFM App -- FCA and Consumer Duty

UK6 min readUpdated June 2026
Region
UK
Contract
Fixed Price
Tech Stack
8 Technologies
IP
100% transferred

Project Overview

UK FinTech building Personal Finance Management app (iOS + Android, 280,000 users year one) using Open Banking...

Technology Stack

React Native (Expo)Node.js/FastifyPostgreSQLTrueLayer AISPXGBoost (ML)AWS SageMakerGOV.UK NotifyAWS eu-west-2

Compliance & Standards

FCA AISP (TrueLayer)FCA Consumer Duty (PS22/9)Open Banking 90-day consentICO DPIAPECRICO AADCUK GDPRWCAG 2.1 AACyber Essentials
Step 01

The Challenge

UK FinTech building Personal Finance Management app (iOS + Android, 280,000 users year one) using Open Banking. TrueLayer AISP, 90-day re-consent management, ICO DPIA (financial behaviour profiling), FCA Consumer Duty, PECR, UK GDPR, ICO AADC (some users under-18). Budget GBP110,000.

Step 02

Our Approach

TrueLayer AISP Integration

  • 1Bank connection flow (React Native TrueLayer Link SDK),
  • 2bank data retrieval (balance, transactions, direct debits, standing orders),
  • 390-day re-consent management (GOV.UK Notify reminder 7 days before expiry -- not dark pattern),
  • 4multi-bank aggregation (current, savings, credit card),
  • 5real-time balance (TrueLayer webhook). TrueLayer holds FCA AISP -- client operates as registered agent.

Transaction Categorisation ML

  • 1Merchant identification from TrueLayer,
  • 2XGBoost classifier (UK merchants -- Tesco, Waitrose, Deliveroo, ASOS -- custom UK training data),
  • 3category correction (customer correction used as training signal),
  • 4budget tracking (category budget vs spending alert).

ICO AI fairness

categorisation accuracy tested for demographic bias.

ICO DPIA for Financial Profiling

DPIA mandatory (Article 35 -- systematic financial behaviour monitoring): (1) lawful basis (legitimate interest for core PFM), (2) no third-party sharing without explicit consent per category, (3) credit risk inference gate (if inferring creditworthiness from spending -- FCA Consumer Credit authorisation required), (4) sensitive spending (gambling, healthcare visible -- extra care), (5) consent-first architecture throughout.

FCA Consumer Duty PFM Design

  • 1Product designed to genuinely help customers manage money (not data harvest),
  • 2nudges must be in customer interest (not engagement maximisation),
  • 3financial promotions (if PFM promotes products -- FCA financial promotion rules apply),
  • 4vulnerability signals (financial distress UX -- what to show a customer in difficulty),
  • 5data portability (UK GDPR Article 20 -- customer can export all their data).
Step 03

The Results

FCA AISP confirmed (via TrueLayer).

Consumer Duty confirmed.

Platform live at 18 weeks, GBP102,000. 280,000 iOS + Android users.

Bank connections 84.2%.

Categorisation accuracy 94.2%. 90-day re-consent rate 82.4%.

ICO DPIA filed.

PECR marketing consent 68.4%.

Zero third-party sharing without consent.

The 90-day re-consent reminder sent 7 days before expiry -- not the day before -- was the Consumer Duty feature that maintained trust.

Customers who feel in control of their data use the product more.

Open Banking consent should feel like permission freely given, renewable freely.

Not an emergency renewal forced on the last day. -- CEO, UK PFM FinTech

Project Details

Sector
FinTech
Country
UK
Status
On Time
Contract
Fixed Price
Tech Stack
8 Technologies
Reading Time
6 min
IP Ownership
100% transferred
Last Updated
June 2026
Written By
ClickMasters Case Study Team
Reviewed By
James Whitmore, CTO

Related Case Studies

View All

Ready to Transform Your Business?

Let's discuss how our technical expertise can help you achieve remarkable results.