AISP Open banking

What is an AISP and why are they so important for open banking?

| Article by: Abílio RodriguesProfile Image Abílio Rodrigues 5 min

After an initial period where open banking was seen only as a novel concept with a lot of potential, we can now understand that it is already shaping the future of financial services. 

This technology relies on third-party providers (TPPs), institutions that are capable of elevating the quality of financial products and services in the financial market. 

We can divide TPPs in two main types of institutions, each one with a particular licence that allows them to operate in different key aspects of the financial sector: Account Information Service Providers (AISP) and Payment Initiation Service Providers (PISP). 

AISPs and PISPs are fundamental elements ofopen banking, and both of them were introduced into the regulatory framework with the revised Payment Services Directive (PSD2)

But what does AISP mean? In short, we can say that an AISP is authorised to retrieve account data that is provided by banks and other financial institutions. 

So, what is a PISP, you may be asking. A PISP is authorised to initiate payments into or out of a user’s account, on his behalf. 

What is an Account Information Service Provider (AISP)?

An authorised AISP can access a user’s bank account data via their financial institution, but this only happens when the user provides explicit consent. 

This access is, however, defined as “read-only”, which means that they can only see the information, but cannot access the account. Therefore, it is not possible for the AISP to, for example, move money from that account.

A company that has an AISP licence also relies on other regulated companies that offer accounts. These are known as Account Servicing Payment Service Providers (ASPSPs), and include banks, credit card providers, payment institutions or building societies. 

In the United Kingdom (UK), these types of companies have to register with the Financial Conduct Authority (FCA) to provide Account Information Services, and are referred to as Registered Account Information Service Provider UK (RAISP UK).

What is the difference between AISP and PISP?

One of the main differences between these two sides of the same coin is that AISPs only manage data. A company with an AISP licence is limited to collecting data and presenting it to the user licence, and therefore cannot provide services that lead to transactions.

An AISP’s main goal is to democratise access to financial data, aiding customer’s in taking control of their financial lives. Data is consolidated with the user’s convenience in mind, usually by offering a single interface.

PISPs are service providers that can process payment transactions on behalf of a customer. 

These companies are able to withdraw money directly from your bank account, but have to get your consent first. 

Practical examples AISP - Open banking

Practical examples of AISP 

There is a wide variety of companies that can provide account information services, and they can do so because of a number of reasons. 

E-money institutions can choose to get an AISP licence in order to provide their users with a service that aggregates all their accounts in just one place. 

Other players in the industry can opt to provide services to help customers to better manage their finances. Accounting companies can use this licence to offer tailored financial advice, by connecting and analysing their accounts.

The possibilities are endless, and use cases can be adapted for various business models. Here are a couple of common AISP applications:

  • Loans: some AISPs create tools that allow customers to securely share financial information with lenders. Lenders benefit from adequate insights, while customers benefit from a more streamlined process; 
  • Money management: several AISPs collect and refine financial data from various sources, so that people have a better understanding of where they are financially. 

Practical examples of PISP

  • Financial management: PISPs can provide saving apps that transfer a percentage of your balance every month to a savings account;
  • Business solutions: companies can now better manage their payments and transfers, by integrating their back-office systems with these new tools. This also improves security and payment visibility;

How does a company become an AISP?

A company needs to undergo a very strict application process with its corresponding national authority, in order to become an AISP.

This application must include detailed information about key aspects of the intended business model. You can find below a comprehensive list of the documentation that you have to provide in order to register an AISP:

  • Business plan
  • Financial model for 3 years
  • Operational programme
  • IT risk management policy
  • AML/CTF policy
  • Financial crime prevention policy
  • Data protection policy
  • Statistical data collection policy
  • Incident reporting policy
  • Counterparty risk management policy
  • Complaints handling policy
  • Internal audit policy
  • Risk matrix
  • Business continuity plan
  • Terms and conditions

It is worth mentioning that this registration does mandate a professional indemnity insurance or similar guarantee. This calculation should take into consideration the risk profile, type of activity and size of activity. 

In order to benefit from a much faster onboarding process, companies can alternatively choose to become an AIS agent with a regulated AISP. 

The regulated AISP is responsible for providing agents with a single API to access banking information, while also taking responsibility for PSD2 compliance. This should cut permission access to four to six weeks. 

Who regulates an AISP’s activity?

As it was mentioned before, AISP regulations are based on the PSD2. For this reason, a licence in the European Union (EU) is obtained from the corresponding regulatory authority, usually the European Central Bank. 

This regulator can also be a local institution, working in the name or under the ECB’s authority.

In the UK, for example, AISP status is awarded and regulated by the Financial Conduct Authority (FCA). This institution has the power to ban certain products, services and practices if there is any suspicion of misconduct. 

Recommended articles