Open Banking: AISP, PISP & ASPSP Explained
Open Banking has been driving a spectacular impact on the financial world since January 2018, disrupting everything from payment solutions and budgeting tools to lending applications and credit analyses.
But what exactly do Open Banking providers do? Regulated providers construct and maintain the digital pipes that enable banks to securely request data and payments.
Open Banking is currently being used by individuals, lenders, and financial institutions to substitute the legacy manual and increasingly complex processes. The ability to collect and view insights derived directly from bank transaction data in real-time is extremely powerful, but it can be overwhelming for businesses that have never worked with this data before. Understanding how the technology works and what technology companies are doing with it can help you come up with new uses for it.
Open Banking relies on third-party providers (TPPs) who can provide two core Open Banking services through two separate FCA authorizations:
- Account Information Service Provider (AISP): a person who is authorised to retrieve account information from banks and financial institutions.
- Payment Initiation Service Provider (PISP): a person or entity who is authorised to initiate payments into or out of a user’s account.
Companies that want to be regulated as an AISP or PISP must go through a rigorous application process with the FCA. Some Open Banking providers can be regulated as both an AISP and a PISP, but many only have one.
AISPs and PISPs manage client consent required for Open Banking data access. This implies that each AISP and PISP explicitly state to the end-user what data will be handled, for how long, and with whom it will be shared. This digital consent journey also serves as the foundation for GDPR information processing for AISPs and PISPs.
Account Information Service Providers (AISPs) explained
An AISP is a company that has been granted permission to access an individual’s or SME’s financial institution account data. The UK’s nine largest banks are required by law to comply with the AISPs’ requests. The framework and technical specifications of Open Banking allow for the retrieval of years of transaction history in seconds.
What are AISPs capable of?Being an authorised AISP means that a company can request permission to connect to a bank account and use the information from that bank account to provide a service.
Some AISPs do not have permission to access the bank account information as they are granted “read-only” permission. They can look but not touch, which means they can’t move a customer’s money.
AISP-related services and tools include price comparison, money management tools, faster and more accurate access to financial products, and speeding up manual processes such as applying for a mortgage or a loan, among others.
Examples of AISP applications include:
- Money management tools: some AISPs collect financial data and disseminate it in a way that allows people to easily understand their financial situation, create a budget, and track spending. These new personal finance tools combine data from multiple bank accounts so that users can see their entire spending history in one place.
- Loan applications: Some AISPs, such as Credit Kudos, use this same capability to allow customers to share financial information securely and quickly with a lender or broker. Lenders also use account information-derived data and metrics to improve credit and affordability decisions. This procedure expedites traditional underwriting by eliminating the need for lenders to manually compile and verify bank statements. Better insights benefit the lenders and can provide a better customer experience to the borrower.
Payment Initiation Service Providers (PISPs) explained
PISPs are authorised to make payments on behalf of customers rather than just viewing account data. PISPs accomplish this by initiating direct transfers to or from the payer’s bank account using the bank’s tools.
What are PISPs capable of?Businesses that are authorised PISPs may request permission to connect to a bank account and initiate payments from the customer’s bank account.
There are a variety of reasons why you might want a business to initiate payments for you. For example, an app that helps you handle money in your multiple savings and current accounts to ensure you never go overdrawn and don’t have to pay potentially substantial overdraft fees. This type of capability is possible in retail, where you allow a company that you shop with frequently online to connect to your bank, so you get fast checkout and don’t have to re-enter card details for every transfer of funds.
Examples of PISP applications include:- Financial management tools: A few new money management and savings apps transfer a small proportion of someone’s balance each week to a savings account according to a predetermined process. Open Banking has also facilitated new tools that automatically transfer money between accounts on behalf of customers to avoid overdraft fees.
- Business solutions: New tools integrate with back-office systems, allowing businesses to securely manage payments and collections, make real-time bank transfers, and gain greater payment visibility.
Account Servicing Payment Service Providers (ASPSP) explained
Account Servicing Payment Service Providers provide and manage payment accounts for payment service users (PSUs). ASPSPs have typically been banks and similar financial institutions including building societies, and payment companies.
The number of banks and building societies providing open banking services is increasing. Only the UK’s nine largest banks and building societies are required to make your data available through open banking now. Smaller banks and building societies also can participate in open banking.
ASPSPs release Read/Write APIs as part of Open Banking. These allow consumers to share their account transaction data with third-party providers, who can then initiate payments on their behalf. PSD2 requires all ASPSPs in Europe to participate in open banking and provide data access.
How do open banking and screen scraping compare?
Screen scraping (also known as credential sharing) is an old technique for gaining access to a customer’s bank account to retrieve transaction data. Screen scraping works as stated below:
The customer provides their login information to a third-party provider (TPP). The TPP uses these details to log in to the customer’s bank account. The TPP then copies or “scrapes” the customer’s bank data for use outside of the customer’s banking app.
Before open banking, the only way for apps to access customers’ bank accounts was through screen scraping. Online accounting software packages made extensive use of it. Open banking, on the other hand, is a more secure method because it does not require the customer’s credentials and is thus much more secure.
eIDAS certificate
Electronic signatures can have the same legal validity as handwritten signatures under a 2016 EU regulation. However, such signatures must meet the requirements of eIDAS (electronic Identification, Authentication, and Trust Services). eIDAS certificates enable ASPSPs such as banks in European open banking to identify and authorise API connections from Third Party Providers such as PISPs and AISPs. This is critical in preventing unauthorised access to bank accounts. Since Brexit, only UK-authorized Third-Party Providers can use eIDAS certificates.
Open Banking API providers and their requirements
There is no ‘official’ API for Open Banking. Instead, banks and Technical Service Providers provide their APIs that must adhere to the Open Banking Standard specifications released by Open Banking Implementation Entity (OBIE) which is an official organisation that supervises the Open Banking implementation in the UK. The Open Data API Specification governs how banks develop access endpoints for Third Party Providers (TPPs). It defines how TPPs can use a bank’s Read/Write API. You can find the list of Open banking API specifications on the OBIE website.
Read/Write API specifications
The Read/Write API specification is the primary API specification that governs how third-party providers should connect to banks. It enables Third Party Providers (TPPs) to obtain access to bank accounts for both read and write purposes, for example, fetching account balances and transaction details to make authorised payments. Through the Dynamic Client Registration process, banks allow the Third-Party Providers to enrol automatically without the need to authenticate each one manually. API performance, uptime, and reliability are critical for open banking. Since there is no single official open banking API and each bank develops APIs on its own as per OBIE specifications, the performance of the API of each bank may differ.
Macro Global’s Tavas Open Banking Product Suite and Solutions offers a bundle of solutions to any ASPSPs to extend beyond the scope of monetisation tore-engineer the bank’s portfolio and business model.
- Identity and Access Management
- Developer Portal and Sandbox Environment
- Financial Grade Open Banking APIs
- Strong Customer Authentication
- Administration Portal
- Modified Customer Interface- Fallback Arrangement
- App2App Authentication
- Regulatory Reporting
To learn more about how Macro Global can assist you in monitoring, managing, and mitigating the aforementioned challenges, please visit Tavas – Open Banking Product Suite and Solutions.
Open Banking: Pushing the banks into new innovative water post COVID-19
The importance of digitalization for banks and financial institutions cannot be overstated. Even before COVID-19, when customer contacts could take place in branch offices and in-person settings, the sector was wrestling with the necessity to fulfill the digital expectations of a changing market. The events of 2020, as well as our reliance on digital interactions and banking self-service, have only served to highlight the need and necessity for banks to become more digital.
Consumers aren’t the only ones who stand to benefit. The shift towards Open Banking has resulted in the emergence of hundreds of new fintech platforms and solutions that are pushing the boundaries of innovation and economic development in their countries. Together, they are forming a new ecosystem for small, medium, and big enterprises that can gain directly from connecting to financial institutions via APIs, or harness the ecosystem between banks, fintech, and consumers to adapt their commercial services to their clients.
As banks map their path to digitization, open banking is developing as a competency that institutions will need to tackle to remain competitive and keep up with an increasingly digital economy.
As a result, there has been a surge in consumer-facing finance innovation using the mandatory API standard. The use of third-party fintech apps for personal money management exploded during COVID-19 in the UK, where open banking has taken off the fastest, with 20% of all UK people utilising FinTech platforms.
According to the same poll, the use of Fintech platforms among young individuals increased to 50% during the pandemic. In the United States, Visa and Mastercard are working quickly to integrate FinTechs onto their platforms to enable open banking and build a network-agnostic payment technology system.
More broadly, open banking will make it easier for retail and business clients to choose from a broader range of goods and services, as well as consolidate ties to adjacent accounts and programmes. This connectivity has the potential to significantly benefit bank clients by allowing them to more easily share information with financial advisors, accelerate loans, decrease costs, and secure data transfer.
Banks who do not embrace open banking, in our opinion, will not only limit their ability to connect with clients in meaningful ways but will also limit their opportunity to remain at the forefront of innovation. Instead of being caught off guard by UK legislation or losing a competitive position in an emerging market, banks should begin planning their strategy and investing in the infrastructure required to fully exploit open banking.
To discover more on how Macro Global can help you to monitor, manage and mitigate the above challenges, please reach us out on salesdesk@macroglobal.co.uk (or) +44 0204 574 2433.
Leveraging the Open Banking as a Strategic Plan for Banks
“Adapting open banking Not only from a compliance perspective, leveraging the OB as a strategic plan for banks for their growth.”
Open banking has significantly grown over the years in the financial services sector due to the dynamics of financial technology. With the integration of customer banking information and application programming interfaces, a bionetwork is created that is conducive to generating effective business processes for the growth of these entities, which includes efficiency in transactional processing systems.
The Transactional processing system is not limited to monetary transactions, but on a broader spectrum, it entails a system of collection, storage, modification, and retrieval of data transactions of a given entity. This in entirety signifies a strategic roadmap for growth in the banking sector as it leverages the data for further complex financial modeling for banking growth in a number of ways. This notwithstanding, open banking ensures sound compliance with regard to technological regulations within this dynamic space.
To drive this point home, I bring into perspective TAVAS, a Payment Service Directive 2 (PSD2) solution, which is an open banking product suite that has made a significant impact on the strategic planning for banking growth in a myriad of ways.
To begin with, TAVAS has integrated customizable application programming interfaces that have been effective in fostering customer service experience and engagement. A good online customer experience may improve the entire customer journey and is a critical differentiator for practically any organization. This can only be done by third-party companies who assist merchants in realizing their full potential.
Centralization of services is another key contribution of TAVAS to open banking. This has come about in a number of facets, the key being seamless onboarding that is so streamlined for online service sign ups, coupled with cutting-edge technology that facilitates efficient account information services, payment initiation services, and confirmation of fund services. These pretty much enhance robust customer centricity.
TAVAS has firmly taken into account the aspect of regulation technology on open banking, as RegTech is what seems to seal financial technology. This has been done by taking into account the security of the online platforms as a means of curbing potential threats from such aspects as cybercrimes and other unauthorized access to these effective platforms. These products and suits are highly secure and safe with full compliance with regulatory technical standards. Secure access to these application programming interfaces gives customers confidence in operating these systems.
RegTech and fintech are ideal ways to leverage open banking for strategic growth in this technologically dynamic era.
To discover more on how Macro Global can help you to monitor, manage and mitigate the above challenges, please reach us out on salesdesk@macroglobal.co.uk (or) +44 0204 574 2433.
Explained: What is Open Banking and PSD2?
What is Open Banking?
Open Banking, a concept of democratising the customer data fastened with the banks, stimulates an increased competition within the financial services market by bringing more innovation to the quality of the products and services delivered to the customers. Open Banking requires the banks to expose their data in a secure, standardised format, allowing information to be exchanged more freely online between authorised organisations.
This data comprises some simple facts, such as branch locations and specific details about banking products. It enables the customers to easily discover banks that provide disabled access, or to compare the features of various personal and corporate accounts to get the best price. The more significant release concerns the data contained in transactions. Banks have a definitive record of everything we spend, lend, and borrow. Open Banking allows this valuable information to be shared with third companies, who can then utilise it to develop new products.
How does Open Banking work?
Open banking can help businesses accept online payments from customers, speed up new customer onboarding, and provide value-added services to customers. Open Banking enables users to grant secure access to their bank account so that their financial information such as earnings and expenses can be used to provide them with value added services such as budgeting advice or recommendations for other financial products, they may be eligible for. It can help the customers to manage their money in a variety of ways and make secure payments more easily than traditional online banking. Also, it brings new business opportunities to the banks and create a healthy competition in the marketplace in delivering the better customer experience. Open banking can help businesses cut costs, reduce risk, and improve the customer experience. Currently more than 3 million people started using open banking apps and we expect an exponential growth in the usage of open banking by 2023.
Adapting open banking Not only from a compliance perspective, leveraging the OB as a strategic plan for banks for their growth
The Open banking wave provides a new revenue opportunity by creating improved experiences, frictionless banking journeys and customised services that help them to stay ahead of the competition by opening up the shutters for collaboration with innovative fintech firms.
Banks unlock the promise of open banking by revisiting their existing customer authentication and consent management mechanism enabling the safe and secure exchange of data and services for customers. Banks adopting open banking can monetise their infrastructure by exposing different APIs to a wider range of fintech and other financial institutions that will be mutually benefitted from connecting these APIs for building their service offerings.
What is PSD2 in Open Banking?
Open banking differs by country, but in general, it entails banks or financial institutions revealing their financial data to third-party providers via open Application Programming Interfaces (APIs). The scope and format of that data vary and are frequently determined by a country’s specific regulations and implementation standards. In the United Kingdom, open banking began in 2018 with regulations allowing nine of the country’s major banks to implement standards for enabling secure access to customer data. This was accompanied by EU Regulations (PSD2) requiring all banking institutions and payment service providers (PSPs) to grant authorised service providers access to their customers’ financial data with their customers’ consent.
Through Open Data APIs, banks grant access to their financial data available in the UK in a secure, standardised manner. This makes it easier for businesses to use data to create consumer-friendly services. Third Party Providers (TPPs) are companies that use open banking data and should be controlled by the Financial Conduct Authority in the United Kingdom (FCA).
PSD2 (Payment Services Directive Two) is European Union legislation that came into force in January 2016, with a deadline of January 2018 for its incorporation into national legislation. PSD2 is governed by the Financial Conduct Authority (FCA) in the United Kingdom.
PSD2 is designed to make open banking possible and secure by:
- Using multi-factor authentication, we can enforce greater security standards for online transactions (MFA).
- Making it mandatory for banks and other financial institutions to allow account holders to offer third-party applications access to their account and payment data.
PSD2 is a statutory necessity for all payment service providers (PSP) in Europe. It requires banks and all payment providers to open up their data to third-party providers if an account holder consents. It also mandates banks to utilise strong customer authentication (SCA) to improve payment security and reduce fraud.
Open Banking is also a component of the second Payment Services Directive (PSD2). Sometimes these two are confused: Open Banking is essentially the UK version of PSD2. The distinction is that, whereas PSD2 mandates banks to make their data available to third parties, Open Banking requires them to do so in a standard way.
Integrate with TPPs to deliver customer-centric services in the competitive world
Open Banking provides the customers with more ways of managing their money, lending, and making payments. It has also created a plethora of chances for financial innovation.
Open Banking has obliged banks to give customers more control over their financial data by letting them connect their data to other regulated providers, such as a third-party financial management application that can display their transaction data and balances in one location.
Accessing customer bank accounts through a single integrated platform along with open APIs play a vital role within the banking ecosystem interfacing between the banks, third-party providers (TPPs) and payment service users (PSUs). Customers with their consent can leverage the benefits of open banking by securely exposing their data to any of the trusted third-party providers to avail of bespoke financial products and services.
By adopting Open Banking, the TPPs (e.g., Account and Payment Aggregators) offer predominant customer-centric services with enhanced agility accelerated upon obtaining the user’s consent to access their bank accounts.
Benefits of Open Banking for consumers
Open Banking simplifies the consumer’s life by consolidating all their financial information into a single app, allowing them to manage their finances more easily. This may assist consumers in budgeting more effectively and saving money. For example, such apps may help them see their overall financial picture and identify areas where they are overpaying for a utility bill, credit card, or overdraft.
Open Banking enables secure faster payments in the most convenient way. Open banking payments are faster than traditional online payments, especially on mobile. It doesn’t require any credit card details and no need to log in to bank account. Consumers can simply choose the bank from the list shown on the screen and make the payment securely after fingerprint or face ID verification. This can be done in few seconds and the receiver gets the money immediately. It’s as simple as using a contactless credit card in person, and it’s protected by bank-grade security.
Through Third Party Providers apps, consumers can generate their financial statements for rental agreements, mortgages, loans, and investments. Regulated companies can use open banking with consumer’s consent to get an overview of their income and expenses, for example, to make a quick decision on loan or rental application. Also, it is not required to upload or print any bank statements as the consumers can directly give access to certain services to the financial institutions through the apps more quickly you can sign up for certain services and apps more quickly.
Benefits of Open Banking for Businesses
Open Banking facilitates online accounting by providing safe and secure access to the financial records. It can even assist in classifying business expenses for tax and accounting purposes.
It can make it easier to obtain capital. Potential lenders can use open banking with the consent to gain an overview of the business finances to make a quick decision on loan application.
Open Banking enables online payments at low transaction fees and reduce fraudulent transactions and increase the conversions. Any business that transacts online can use open banking can accept instant bank payments without the use of card networks.
It can assist you in accelerating customer onboarding. If you need to collect financial information from your customers at signup, such as proof of income or bank account ownership for a payment, open banking can assist you in doing so in a secure, automated manner.
Macro Global offers 40+ compelling use cases for businesses around open banking. Pls reach out to us to explore more.
Open Banking APIs Endpoints
Open Banking relies extensively on the use of Application Programming Interfaces (API) to securely share customer data among banks, as well as allow third-party providers (TPPs, e.g, Account and Payment Aggregators) to access the bank’s technology environment to build innovative applications and services.
Banks expose the Account Information Services (AIS) and Payment Information Services (PIS) through various API endpoints.
Account Information Services (AIS) through which the bank account-related information of the user such as account holder name, account type, account balance, account statement, etc. are displayed within the TPP application.
Payment Initiation Services (PIS) through which the users can initiate a payment to the different beneficiaries from their multiple bank accounts through the TPP’s application without accessing their dedicated online banking applications.
Some of the AIS & PIS data endpoints are set to be mandatory in the Open Banking Framework (example: accounts, balances, transactions) which means these data should be exposed by banks through specific API endpoints.
There are some data endpoints (example: supplementary account info, offers, events subscription) which are optional hence banks can decide whether to expose or hide these data. Optional APIs can be integrated subject to the bank’s requirements.
Conditional APIs are the data endpoints that should be exposed if the banks have certain services available in their net banking environment. (example: beneficiary data, future payments, standing orders). These data endpoints are exposed only if the bank offers these services.
Note these mandatory, conditional & optional APIs for all the TPPs vary for each country subject to their local Open Banking Framework and regulations.
Adoption of Open Banking in the UK and Europe
The efficacy of Open Banking has always been dependent on the large financial services providers, who ultimately control the data. It was dependent on them allowing third-party providers to use their Open APIs, as well as assisting in the promotion of the new options and benefits to consumers. Is this what happened?
It appears so, despite lethargic beginnings marked by a lack of customer awareness and traditional institutions that were hesitant to get the system up and running. And, with the collapse of conventional banks and the advent of challenger banks that have organically connected with fintech, Open Banking has been a stimulus for the expansion of fintech in Europe.
Open Banking in the global perspective
Open banking has already emerged in various countries having different regulations but open banking as a concept goes well beyond the regulatory environment and is applicable globally to uplift the existing landscape of the financial industry.
Countries like UAE, Saudi Arabia and Qatar are driven by the market where the third-party providers and banks are allowed to develop their API platforms as they are conscious of the strategic importance of Open Banking to attract new customers and to gain a competitive advantage.
Countries like the UK, Bahrain, Egypt and Kuwait are driven by the regional regulations where the APIs are developed as per the government specifications and sharing of data between entities is controlled & monitored by the government. These regulator-driven countries should perceive open banking as a chance to promote innovation in their financial services rather than a compliance burden as it embraces a more inclusive financial culture and brings all categories of individuals and businesses into an ecosystem where they can further integrate and flourish as a broader economy.
Is Open Banking safe?
Security is the most important concern in Open Banking for all the parties involved. Would it render banking data exposed to attack? Can consumers put their trust in new fintech providers?
So far, no PSD2-related cyber incidents have occurred, however, the Financial Conduct Authority is probing opaque marketing and data used by some digital companies, particularly considering GDPR, which went into effect this year.
Open banking has lowered the risk to customer data by reducing the popularity of scraping, the original method used by many fintech businesses to acquire users’ account information. In addition, AISPs and PISPs must be registered, licenced, insured, and controlled under PSD2.
The ultimate responsibility is on third-party providers (TPPs) to protect their infrastructure from cyber-attacks, while banks are concerned with limiting fraud risk because they are the first party accountable for unauthorised financial transactions from a customer’s bank account. Therefore, banks should invest in a diverse set of analytical technologies to validate authorized customers and spot threats.
Insurance security also has been improved, as PSD2 regulations mandate PISPs and AISPs to have a specified type and degree of technology-based professional indemnity and cyber insurance. One of the reasons this is critical for fintech is that if a third-party provider is breached, it is required to repair the situation and restore any money to the customer via their bank within 72 hours. This can be covered by PSD2 insurance.
To discover more on how Macro Global can help you to monitor, manage and mitigate the above challenges, please visit Tavas – Open Banking Product Suite and Solutions.
Open Banking – Unlocking New Possibilities Accelerating Financial Inclusion
Open Banking fosters an increased competition within the financial services market to accelerate financial inclusion by acquiring and addressing the financial needs of the unbanked, underbanked and ‘unhappily-banked’ populations. It acts as a catalyst for digital transformation while bringing in more innovation to the traditional banking practices and makes the financial offerings affordable to the unbanked community. As the term suggests, Open Banking believes in democratising access to banking services and making them available in real-time to the customers so that they can better manage their finances.
According to the research data published by World Bank, it is estimated that the banks could generate over $380 billion by acquiring the unbanked population only around the MENA region, as almost 69% of adults continue to remain unbanked. Globally, 1.7 billion adults (or 31% of adults) are estimated to not have even a basic transaction account. The transition to the new open ecosystem builds a profound opportunity to forecast a surge in the bank’s revenue. The perks of adopting a well-defined Open Banking platform extends beyond the scope of monetisation to re-engineer the bank’s portfolio and business model to accelerate into new market space by automating the customer onboarding, digital KYC/AML verification and real-time transaction monitoring processes.
Open Banking has the potential of promoting financial inclusion to the unbanked population by making it seamless for them to create an accurate and reliable financial profile which in turn makes them eligible to access the mainstream financial products and services. For the banks, it aids in widening the pool of potential customers by having a deeper understanding of the prospect’s financial history in a quick and effective manner significantly reducing the operational expenditures.
Open Banking strives to remove the barriers that exclude people from participating in the banking services. Thus, Financial inclusion built on sustainable business models such as open banking embraces a more inclusive financial culture and brings all categories of individuals and small businesses into an ecosystem where they can further integrate and flourish as a broader economy.
With Macro Global by your side, Transformation into Open Banking is no more a ‘Big Bang’ or ‘Rocket Science’ for the banks. Click Here, to know more about how MG empowers the banks with its “ Tavas- Open Banking Product Suite and Solutions ” to be both transparent and secure when engaging with third-party providers (TPPs) in their journey of Open Banking transformation. Macro Global has several use cases around this and can assist FIs to implement with right combination of APIs and technologies leveraging from existing OB ecosystem to achieve the desired business results.
To discover more on how Macro Global with its subject matter expertise can help you address the challenges, please reach us out on salesdesk@macroglobal.co.uk (or) +44 0207 993 2009
