Open banking is a banking practice that securely shares financial information, such as consumer banking transactions and other financial data, to third-party financial service providers. Sharing data is done through the use of application programming interfaces (APIs) and only with the consent of customers.
Open banking is the driver behind both innovation and competition in the financial industry. There are two general types of TTPs- Account Information Service Providers, companies that have an AISP licence, and Payment Initiation Service Providers, companies with a PISP licence. Both were introduced to the regulatory framework when the Payment Services Directive came into force in 2015.
A PISP and an AISP license cost depends on the country and goes for upwards of €5,000.
So, what is AISP? Account Information Service Providers (AISPs), or companies with an AISP license, are financial institutions that provide access to financial data from accounts held with other financial institutions. A company with an AISP licence is the go-between for different institutions. AISP open banking provides “read-only” access to financial information. AISPs rely on other regulated forms that offer Account Servicing Payment Service Providers (ASPSPs). These firms include banks, payment institutions and e-money issuers.
An AISP API is needed to access open banking AIS data. APIs are connections to banks and open banking AISP data can only be accessed with the consent from customers. The PSD2 account information service provider handles customer consent during this process. The PSD2 AISP will explain to the user what data is accessed and who it will be shared with.
Payment initiation service providers (PISPs), or companies with an PISP license, offer services that use online banking to make instant online payments without using a credit or debit card. PISP open banking provides “read-and-write” access to financial information. This means that rather than only viewing data on an account, PISPs are authorised to make payments on behalf of customers.
PISPs use a bank’s own tools to transfer directly to and from customers' accounts. As with AISPs, access is only given with consent from customers. Customers are also able to choose which account the transactions occur in.
There are two types of companies that can provide open banking services- an account information service provider (AISP) and a payment initiation service provider (PISP). In order to become regulated as an AISP or PISP, companies must go through an extensive application process. A company can get both an AISP license or PISP license, but usually they have only one. A PISP and an AISP license cost depends on the country and goes for upwards of €5,000.
Open banking AISP data is accessible both by account information service providers (AISPs) and payment initiation service providers (PISPs). While the former is authorised to retrieve PSD2 account information provided by banks, the latter is authorised to initiate payment into and out of a user’s account. Both types of solutions are known as third-party solutions. They gain access to open banking data securely and with the consent of customers. AISPs have "read-only" access to a customer's bank account, whereas PISPs have "read-and-write" access.
PISPs are regulated under Open Banking rules and can make transactions on your behalf but AISPs cannot. Their “read-only” access to your different bank accounts, allowing them to see your transaction data.
A selection of companies types can provide account information services- e-money institutions, payment institutions, and pure AISPs). There are many reasons why a company would want to provide account information services. E-money institutions use AIS to enable their users to be able to have all their accounts in one place, increasing time spent in their applications.
Furthermore, personal finance companies would use AIS to let users understand their spending habits and accounting firms would use AIS to provide better financial advice by getting the full view of their customers' finances. Regulations differ from country to country regarding AISP licensing. For example, in some places, when data is not provided to a payment service user but just to a third party it is not seen as AIS.
The requirements for becoming an AISP are not as strict as for PISPs. AISPs were introduced to the regulatory framework when the Payment Services Directive (PSD2) came into force in 2015. The PSD2 enforces what must be considered by each AISP. PSD2 legislation on AISPs covers account access, data protection, security requirements, open communication, data storage, information sharing, and insurance requirements.
Generally, AISPs are subject to all rules relating to payment service providers. AISPs must also take data protection into consideration. The UK national data protection legislation and the EUs General Data Protection Regulation are of great importance.
Thanks to PSD2 and AIS, banking transactions that used to be paper-based are now able to be digitalised. Digitalisation benefits customers by simplifying processes that spare time and effort. For example, customers no longer have to tediously send and receive account statements, salary slips and other documents needed for credit checks when applying for a loan. Once consent has been granted by the customer, the lending institute receives all the relevant information from an AISP. This information is already analysed and aggregated. This process empowers customers to have control over their bank data and allows them to make informed decisions about which providers can access their data.
AISPs are able to leverage open banking data in order to improve their customer service as well as customer satisfaction. AISPs can use the enriched data to gain insights into spending behaviours and financial health of their customers and offer customised services and suggestions that are tailored to specific customer needs. Customers are again empowered as they can pick and choose between services and decide what’s best for them.
Ultimately, an AISP puts all your account information in one place, lets customers track their finances more easily, provides offers that are personally tailored to their customers and aims to help customers save more money.
Examples of AISP PSD2 applications include money management tools and loan applications. Money management tools are created by AISPs that collect financial information and display it in a way that makes it easy for users to understand their financial health, track their spending habits and create a budget.
Data can be collected from multiple bank accounts, giving a holistic view of a user's financial state. Loan applications use the ability to collect financial information to share it with a lender or broker quickie and safely. PSD2 account information services can be used by lenders to enhance credit eligibility decisions. Lenders benefit from better insights and borrows benefit from a seamless customer experience.
At the end of June of 2021, there were 279 registered AIS providers in Europe, not including the UK. This number refers to companies with at least one AIS. Overall, the total number of AIS within all European countries reached 2219. Out of 30 countries, 28 (93%) EU countries have more than 50 authorised AIS providers. And all countries have more than 40.
There are 3 countries with over 100 AIS providers- Germany (113), Sweden (104) and the Netherlands (104). In Germany, incumbent banks and insurance companies are actively funding fintechs so it is no surprise that, with 113, Germany has the most authorised AIS providers in Europe. Tied in second place are Sweden and the Netherlands, both with 104 AISPs.
The Nordics have three countries in the top 10- Sweden (104), Finland (90), and Denmark (80). Norway is behind with 63 AISPs and Iceland has the least of all EU countries with 42. According to the 2020 Digital Economy and Society Index, Finland ranked 2nd and Denmark ranked 5th of all EU countries in integration of digital technologies. The region has a highly digital society and quick adoption of new technologies meaning the Nordics have the potential to become the most successful open banking market in Europe.
Regarding Europe, the UK and Nordic countries have a high number of open banking APIs, progress regulators and consumer readiness. The P27 initiative as well as collaborative models are helping with the Nordic region’s open banking readiness. As a result, they are placed to make the most of open banking as well as the most progress regarding innovation.
In France, Italy and Spain open banking is being used as a vehicle for digital transformation in domestic payment ecosystems. Germany is taking a collaborative approach between fintechs and banks to develop open banking. Poland and Hungary are using open banking as a way to get away from legacy banking institutions.
Outside of the EU, a number of countries, like India, Japan, Singapore and South Korea, do not have formal open banking regimes but policy makers introduced measures to promote and accelerate shared data frameworks in banking, taking a market-led approach to open banking. The US has also gone for a market-led approach but without any government initiatives to support the development of open banking products and services.
Hong Kong and Australia have chosen to use a regulatory-driven approach, like the EU. The Hong Kong Monetary Authority issued an Open API Framework in 2018. The framework outlined a four-phase approach for banks to implement open APIs.
Australia has implemented the Consumer Data Right Act (CDR) that allows customers to share their data with whichever authorised TPP they want. The difference between the EU and Australia is that the regulations are not specific to just financial services. Although the CDR will apply to banks first, it will later be applicable to energy and telecom sectors as well. It could even be applied to any sector in the future.
In total, 36 countries and the EU are now home to either regulatory-driven or industry-led open banking initiatives.
Open banking initiatives are in early stages of implementation. There is still a way to go in order to raise consumer awareness and reach a global scale. A safe and fully functioning cross-industry data sharing ecosystem will also take some time. Regulators will need to put protection and fair use of customer data as the priority.
In order for AISPs to be successful in the new climate, they will need to review their long-term strategy as well as their capabilities as a business. Giving customers full control of their data is crucial for both in terms of regulations and business success.
So, what is AISP? Account Information Service Providers (AISPs), or companies with an AISP license, are financial institutions that provide access to financial data from accounts held with other financial institutions. A company with an AISP licence is the go-between for different institutions. AISP open banking provides “read-only” access to financial information. AISPs rely on other regulated forms that offer Account Servicing Payment Service Providers (ASPSPs). These firms include banks, payment institutions and e-money issuers.
An AISP API is needed to access open banking AIS data. APIs are connections to banks and open banking AISP data can only be accessed with the consent from customers. The PSD2 account information service provider handles customer consent during this process. The PSD2 AISP will explain to the user what data is accessed and who it will be shared with.
A PISP and an AISP license cost depends on the country and goes for upwards of €5,000.
We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.
By providing your email, you accept
Nordigen's Privacy Policy.