Connecting your bank to your accounting software: open banking and PSD2 in 2026

Quick answer. The PSD2 directive (2015/2366) requires banks to open access to your accounts via secure APIs. In 2026, you can connect your bank to your accounting software through aggregators approved by ACPR, enable strong customer authentication (SCA) and automate bank reconciliation. This connection secures your data and eliminates manual entry errors.

The PSD2 (second Payment Services Directive, EU directive 2015/2366) fundamentally changed access to bank data across Europe. Effective January 13, 2018, it requires banks to make account data available through secure programming interfaces (APIs) rather than older FTP or file-based methods.

At Hayot Expertise, we see more and more business leaders and accounting managers choosing to link their bank directly to their software. This automation saves hours per month, reduces errors and gives a much clearer cash-flow picture. But it raises three legitimate questions: Is it safe? Who can access my data? How exactly does it work?

Open banking relies on a trusted third party: a bank data aggregator. This service provider (called PSIC or AISP for Account Information Service Provider) acts as a secure intermediary between your bank and your accounting software.

Here is how it works:

1. You tell the aggregator which bank accounts you want to connect.
2. You confirm your identity with your bank through strong customer authentication (SCA).
3. The bank authorizes the aggregator to read your transactions (never to modify or make payments).
4. The accounting software retrieves updated statements from the aggregator every day.
5. Transactions are imported and automatically reconciled.

Security is built on multiple layers: data encryption in transit, temporary access tokens, no storage of your banking credentials, and traceability of access.

All bank data aggregators must be authorized or registered with the ACPR (Prudential Supervisory and Resolution Authority). This guarantees that the service complies with PSD2 regulations and the required security standards.

Bank data aggregators used in France include Powens (formerly Budget Insight), Bridge (by Bankin'), Tink and Linxo. Many accounting tools such as Pennylane, Tiime or Cegid integrate the open banking connection directly through one of these aggregators, with no separate step on your side.

The important thing is to check, before accepting a connection, that the service displays its ACPR authorization or registration number. You will find the list of authorized providers (REGAFI) on the ACPR website.

1. Choose your software and the aggregator#

If your accounting software already offers an integrated open banking connection (Pennylane, Tiime, etc.), it is simpler: the software manages aggregation itself.

Otherwise, select an aggregator registered with ACPR that is compatible with your bank and software.

2. Give your bank your consent#

You connect your account by entering your banking credentials, then you confirm a consent request with your bank. This validation is often done via OTP (one-time password) or biometrics.

3. Enable strong customer authentication (SCA)#

PSD2 requires two-factor authentication. Make sure your bank has activated SCA on your professional account. It is a temporary code sent by SMS, email or generated by your bank's app.

4. Let the software import transactions#

Once the connection is validated, the software automatically downloads each day (or according to your settings) bank statements from the last 90 days, then thereafter new daily transactions.

5. Configure reconciliation rules#

You define how the software should automatically reconcile transactions with your invoices and accounting documents. Some software offers AI to automatically recognize recurring vendors.

Time savings#

An accountant who enters 50 bank transactions a day pays a heavy manual bill. Automatic import eliminates this work.

Fewer entry errors#

Transcription errors (reversed amount, wrong date, misspelled vendor) disappear. Data comes directly from the bank.

Cash-flow visibility#

You see the status of your accounts in near real-time. Treasury management becomes more precise.

Faster reconciliation#

Closing bank statements becomes a 15-minute exercise instead of several hours.

Does my data remain confidential?#

Yes, as long as you choose an aggregator registered with ACPR. The aggregator has no right to resell or use your data for other purposes. The CNIL (National Commission for Data Protection) ensures GDPR compliance.

What if my aggregator disappears?#

You can revoke consent at any time with your bank and reconnect another aggregator. Your bank data remains permanently under your bank's control.

How do I secure my credentials?#

Never enter your banking credentials directly into accounting software. Always go through your bank's secure gateway (authenticated redirect). If the interface asks for your banking password directly, that is a warning signal.

What remains on the bank side?#

You must activate consent in your online banking space for each aggregator. You can view authorized access at any time and revoke it.

Self-employed and micro-businesses#

Many micro-businesses wrongly think open banking is reserved for SMEs. This is false. A self-employed person with a professional bank account can just as easily connect their bank via Qonto, Wise or even Pennylane if the administrative burden justifies it.

Foreign bank accounts#

PSD2 applies to all banks in the EEA (European Economic Area). If you have an account in Belgium, Germany or Switzerland, you can also connect them if the aggregator supports them.

Joint or mandate accounts#

If multiple people have access to the bank account (manager, administrative director), they must each validate consent with the bank. Strong authentication is personal.

Startups with investors#

An investor does not need direct access to the startup's bank account. Aggregation remains internal to the accounting firm or startup finance team.

The transition to PSD3 (open finance)#

The European Commission presented in June 2023 the "Digital Finance Package", which includes a PSD3 proposal (and a payment services regulation, the PSR). This evolution is not yet in force. PSD3 would extend open banking beyond payment accounts: insurance data, investment data, real estate data.

Caution: do not confuse the proposal (2023) with current law. Structure your 2026 architecture based on PSD2, not PSD3. You will update later if PSD3 comes into force (probably 2027-2028).

Audit and controls#

If you use open banking, document it in your accounting process note. An auditor or chartered accountant will be happy to see that your bank statements are imported from a reliable source, without manual intervention.

Technical developments#

Some aggregators cease operations or merge. Check each year that your aggregator is still listed with ACPR and that there is no official discontinuation communication.

Recently, a small SME in the construction sector told us that its accountant spent 3 days a month just entering bank statements from 5 accounts. Once connected via open banking to Qonto and their accounting software, this work disappeared. Three days saved, zero reconciliation errors, and better detection of suspicious payments.

On the regulatory side, we confirm that PSD2 has been in force since 2018 and that ACPR strictly supervises aggregators. Security incidents related to ACPR-registered open banking are rare compared to the risks of manual entry (identity theft, transposition errors, forgotten reconciliations).

At Hayot Expertise, we systematically recommend open banking for all structures with more than 5 bank transactions per day. The return on investment (ROI) of time saved is positive from the first month.

Hayot Expertise recommendation. Don't wait any longer. If your accounting software offers integrated open banking connection (Pennylane, Tiime, Zoho), activate it. If you are on legacy software, consider migrating: open banking is no longer a luxury, it is a basic standard of 2026 accounting. Just verify that the aggregator you choose is registered with ACPR — that is your only safety guarantee.