Open Banking, for some it is just a buzz word for others it is the representation of the future of financial services. Open Banking is underlined by the idea that so-called Third Party Providers (TPPs) will elevate access to new products and services in the financial sector. There are two general types of TPPs- Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). Both of them were brought into the regulatory framework with the enactment of the Payment Services Directive 2015 (PSD2). They have enabled “Access-to-Account” or XS2A which is considered by some to be the most crucial aspect of the PSD2.
What is Account Information Service Provider (AISP)?
Account Information Service Provider (AISP) or a company with an AISP license, is a type of financial institution providing access to the financial information of the user on the accounts that are held with other institutions. AISP is a broad term and it is sometimes also used to call EMIs and PIs that can provide Account Information Service upon getting permission from a national regulator. To avoid confusion in the UK a company that is registered with the FCA to provide only Account Information Service is called Registered Account Information Service Provider UK (RAISP UK).
A company with an AISP license acts as an intermediary between different institutions while offering “read-only” access to the information. AISPs rely on other regulated firms that are offering accounts (known as Account Servicing Payment Service Providers (ASPSPs)). ASPSPs include banks, building societies, payment institutions (PIs), e-money issuers, and credit card providers.
Account Information Service Provider (AISP) examples
Various companies can provide Account Information Service. According to EBA’s register, in the EU there are in total 358 PSPs (E-money Institutions, Payment Institutions, and AISPs) that can provide payment services related to AISP, out of which 153 companies can provide only AIS service (in the UK such companies are called Registered Account Information Service Providers or RAISPs). A table below summarises the number of firms currently providing AIS services within the EU and UK:
There are different reasons why a company wants to provide the services. For example, an EMI can use the service to allow its user to see all their accounts in one place, which is intended to increase the time a user spends in such an EMI’s app. Another example is a company that created an app that allows its user to control spending betters or a company that allows providing AI automation services for bookkeeping and finances. One more example is an accounting or auditing firm that uses an AIS license to provide better financial advice to its clients by connecting to its accounts and analysing them. Various business models possible, but whether a business model is covered by an AISP license may vary from jurisdiction to jurisdiction. For example, when data is not provided to a payment service user, but to a third party it is not regarded as AIS in some jurisdictions.
What is the purpose of AISP (the difference between PISPs and AISPs)?
Differently from another closely related type of PSP (i.e. Payment Initiation Service Provider) AISPs are solely managing the data. They cannot themselves provide services that will lead to the transactions taking place. Rather, they are collating the data and presenting it to the payment service user.
Primary AISPs’ purpose is to provide the user with more centralised access to the financial data that can include money management tools, financial forecasting, price comparison, etc. They can connect to multiple ASPSPs and give an overall overview of the financial position of the users hence enhancing user experience. In practice, it means that the information is consolidated for the user’s convenience within a single interface and allows seeing a whole picture in one place.
Notably, the information that should be made available to AISPs by the ASPSPs should be the same that the user can access by the means of the internet banking, apart from the information that is classified as sensitive payment data. The flow of information when the Account Information Service Provider is providing its services looks as follows:
Another important point to note is that AISPs cannot use user data or log on to user’s payment accounts for any purpose other than the provision of services.
How to become Account Information Service Provider (AISP)?
In order to become AISP, a firm can include the provision of the services in its application as a PI or EMI, or ask the regulator to include the services within its authorisation via variation of permission if the firm is already authorised. If a company is willing to provide AIS only (to become a RAISP), it must register with a national competent authority (e.g. FCA). Since it is a registration rather than authorisation, Account Information Service Providers have lower requirements than fully authorised E-money or Payment Institutions. However, to successfully register with the supervisory authority it is important to present a detailed explanation of the expected business model and risk management procedures.
The prerequisite policies are somewhat similar but a bit different from those that are required for authorisation as an EMI or PI. When speaking about the registration as an AIPS the following is the bare minimum that must be prepared:
Documents required for AISP
- Regulatory business plan;
- Financial model for 3 years;
- Programme of operations;
- IT risk management policy;
- AML/CTF policy;
- Financial crime prevention policy;
- Data protection policy;
- Statistical data collection policy;
- Incident reporting policy;
- Counterparty risk management policy;
- Complaints handling policy;
- Risk matrix;
- Business continuity plan;
- Internal audit policy;
- Terms and conditions.
The AISP registration does not require to have any initial capital if it is obtained on its own (i.e. without authorisation for other services). However, there is a prerequisite of having a professional indemnity insurance or comparable guarantee, which is calculated based on:
- Risk profile;
- The type of activity;
- The size of activity.
EBA has stipulated in its guidelines that the final formula looks as follows:
The minimum monetary amount of PII or comparable guarantee = Amount reflective of risk profile criterion + Amount reflective of the type of activity criterion + Amount reflective of the size of activity criterion
It means that depending on the complexity of the current (or expected) operations and their scale together with the complexity of the envisaged services the coverage will fluctuate and accordingly its premium. Fortunately, EBA itself has produced a tool that can assist in establishing applicable insurance coverage.
You should note that both EMIs and PIs must also have insurance or a comparable guarantee if they want to provide AIS.
How AISPs are regulated?
As already stated in the beginning, the AISP is based on the PSD2. It lays down the key points that must be considered by each Information Service Provider. Notably, apart from referring to the primary legislation that established this type of entity, Account Information Service Provider must consider data protection legislation. Such legislation as the UK national data protection legislation and General Data Protection Regulation are of great importance since it underpins the management of the data that lies at the core of the services provided by AISPs.
How can PSP Lab help to become Account Information Services Provider (AISP)?
PSP Lab knows in practice, not only in theory how FinTech business is managed and developed. We know the ins and outs of the regulatory approach and what must be present within the package that will be supplied to the regulator. We can assist you with the whole process of becoming a registered Account Information Service Provider (AISP) or to add this service to your portfolio if you are an authorised PI or EMI. Reach out to us today and we will gladly help you to turn your great idea into reality. Still unsure whether we are the right choice? In that case, we advise you to reach out to us for an initial free consultation to answer any questions that you might have.