Financial industry innovation and competition are driven by open banking. It is premised on Third Party Providers (TPPs) enhancing access to new financial products and services. Meanwhile, TTPs fall into two categories-Account Information Service Providers, companies with AISPlicences, and Payment Initiation Service Providers, companies with PISP licences.
What Exactly is an AISP?
A Licensed Account Information Service Provider acts as a middleman between the financial institutions and the third parties, allowing them access to the consumers’ account information for analysis and aggregation functions. As such, whilst open banking refers to a banking practice that securely shares financial information, such as consumer banking transactions and other financial data, to a third-party financial service provider, application programming interfaces (APIs) are used to share data, and only with customers’ consent.
A similar service provider, the payment initiation service provider, facilitates the consumer’s payment to and transfer of their online bank account, whereas AISPs cannot initiate payment or move money in the account. Most importantly, AISPs can use and share account data only with third parties with the explicit consent of consumers, not the financial institution.
How to become an Account Information Service Provider (AISP)?
Firms can be named AISP by including the provision of the service in their applications as a PI or EMI, or by requesting that their authorization be changed to include the service if already authorised. If a company only wants to provide AIS, it must register with a national competent authority.
The requirements for Account Information Service Providers are less stringent than those for fully authorised E-money or Payment Institutions since they are registering, not authorizing. However, for successful registration with the supervisory authority, you will need to provide a detailed description of your expected business model and procedures for addressing risks.
The prerequisite policies are similar to those required for applying for an EMI or an PI authorization but differ slightly. As a minimum requirement for registering as an AIPS, the following items must be prepared:
- Regulatory business plan;
- Financial model for 3 years;
- Programme of operations;
- IT risk management policy;
- AML/CTF policy;
- Financial crime prevention policy;
- Data protection policy;
- Statistical data collection policy;
- Incident reporting policy;
- Counterparty risk management policy;
- Complaints handling policy;
- Risk matrix;
- Business continuity plan;
- Internal audit policy;
- Terms and conditions.
In the case of AISP registrations which are obtained on their own (without securing authorization for other services), no initial capital is required. There is, however, a requirement that professional indemnity insurance or comparable guarantee be obtained. This is calculated as follows:
- Risk profile;
- The type of activity;
- The size of the activity.
- Among the options the EBA has stipulated in its guidelines are:
According to the policy, the coverage and related premiums are subject to fluctuation depending on the complexity of the current (or anticipated) operations and their scale as well as the complexity of the envisaged services. Fortunately, the EBA itself has created a tool that can help determine whether an insurance policy is applicable. It should be noted that both EMIs and PIs must have AIS insurance or a similar guarantee.
Following are more insights on AISPs:
- When selecting an AISP, be aware that a license for providing account information services is required.
- Internet search engines display a list of local and global companies with AISP licenses.
- Secondly, an AISP must comply with data protection regulations.
- Generally, the providers of account information services are not permitted to access, collect, and transfer your personal and financial data to other third parties without your explicit consent.
- AISPs must allow you to control who has access to your data, for how long, and for what purpose.
- Your AISP should be able to give you a convenient and easy-to-understand picture of your financial situation while ensuring maximum security. These providers cannot also initiate payments into or out of your account, as previously noted.
Finally, select AISPs that provide detailed descriptions of services, including details, features, benefits, legal and technical limitations, and service rules.