Bank Feed Provider Migration Checklist
1. Overview
- Risk Level: Medium (Operational impact on financial reconciliation)
- Timeline: 4–6 weeks
- Team Size: 2–4 (Finance Lead, IT Admin, Project Manager)
2. Phase 1: Pre-Migration Planning (Week 1–3)
Assessment & Strategy
- Identify the specific financial institutions (FIs) currently linked.
- Document all existing automated rules/categorisation logic in the current provider.
- Confirm the new provider supports the required API connections for all business bank accounts.
- Define the "Freeze Period" (the window where no manual reconciliations should occur).
- Establish a fallback plan if the new provider fails to authorise within 48 hours.
Data Mapping
- Extract a comprehensive audit trail of the last 12 months of bank transactions.
- Map existing account categories to the new provider’s naming conventions.
- Verify that transaction reference fields are compatible between the old and new systems.
- Document any custom API endpoints currently pulling data for bespoke reporting.
Golden Copy Backup
- Export all historical bank statements to CSV/PDF format.
- Generate a final trial balance report to serve as the baseline for post-migration reconciliation.
- Securely store the "Golden Copy" in an encrypted, off-site repository.
- Verify backup integrity by performing a sample import check.
Integration Audit
- List all third-party apps (e.g., Expense management, CRM) that consume bank feed data.
- Contact third-party support desks to confirm compatibility with the new provider.
- Update API authentication credentials (OAuth tokens) for the new provider.
- Review firewall rules if the new provider requires specific IP whitelisting.
3. Phase 2: Migration Execution
Pre-Cutover
- Notify all stakeholders of the scheduled downtime.
- Perform a final manual sync with the old provider to capture pending transactions.
- Suspend all automated invoice-matching rules in the accounting software.
- Revoke API access for the old provider to prevent duplicate data ingestion.
Cutover Day
- Enable the new provider’s integration within the accounting software.
- Authenticate bank credentials using Multi-Factor Authentication (MFA).
- Map individual bank accounts to the correct GL codes.
- Initiate the initial data fetch (limit to the last 30 days to avoid duplicates).
- Monitor the "Connection Health" dashboard for any handshake errors.
Verification
- Perform a spot check on the last 5 transactions against the bank’s web portal.
- Confirm the closing balance in the accounting software matches the live bank balance.
- Test the ingestion of new transactions (make a small test payment if necessary).
- Validate that transaction descriptions are parsing correctly into the accounting system.
4. Phase 3: Post-Migration Optimization
Stabilization
- Monitor feed latency for 72 hours post-migration.
- Re-enable automated categorisation rules one by one to avoid system strain.
- Review any "unmatched" transactions that occurred during the switch.
- Address any duplicate entries caused by the overlap period.
Cleanup
- Remove the old provider's integration plugin/connector from the system.
- Delete cached credentials for the legacy provider.
- Archive the project documentation for future audit purposes.
- Update the internal "Standard Operating Procedure" (SOP) for bank reconciliations.
Retrospective
- Conduct a team meeting to identify bottlenecks encountered during the process.
- Document "Lessons Learned" for future tool migrations.
- Review the cost-benefit analysis against original projections.
- Update the IT asset register with the new provider details.
5. UK GDPR Compliance Checklist
- Update the Data Privacy Impact Assessment (DPIA) to include the new provider.
- Ensure the new provider has a signed Data Processing Agreement (DPA).
- Verify that data residency for the new provider complies with UK-GDPR (or Standard Contractual Clauses are in place).
- Update the Privacy Notice to inform data subjects of the change in third-party processors.
- Confirm the new provider supports "Right to Erasure" (Right to be Forgotten) requests.
- Review the provider's security whitepaper for encryption-at-rest and in-transit standards.
- Ensure access to bank data is restricted via Role-Based Access Control (RBAC).
- Perform a data minimisation review: ensure the provider only accesses necessary transaction fields.
6. Troubleshooting Common Issues
- MFA Timeout: Ensure the mobile device is synchronised with the bank’s app notification settings.
- Duplicate Transactions: Clear the "pending" queue before the first sync.
- Data Mismatch: Check for timezone differences between the bank server and the accounting software.
- API Rate Limiting: If large volumes of data are requested, stagger imports by account.
- Connection Dropping: Re-authenticate the token; some banks require a 90-day re-authorisation cycle.
- Parsing Errors: Contact support to report specific merchant codes not mapping to categories.
- Permission Denied: Verify that the bank user profile has "Read-Only" API access enabled.
- Incomplete History: Use manual CSV import for historical data if the API limit is restricted to 90 days.
7. Downloadable Resources List
- Migration Project Plan (Excel Template)
- Stakeholder Communication Email Templates
- Data Mapping Schema (CSV Template)
- Post-Migration Verification Log
- UK-GDPR Compliance Audit Checklist
- Bank Feed Troubleshooting Guide (PDF)