The term “TPP” or “third-party provider” is widely used in the open banking space, but it’s also often misunderstood. If you’re a payment service provider, financial institution, or fintech looking to explore open banking solutions, you might:
Feel confused about the role of TPPs in the world of open banking, how they compare to TSPs, and whether you should become a TPP or partner with one.
Be unaware of the compliance requirements and regulatory hurdles that partnering with a TPP solves.
Want to know more about how a partnership with an open banking TPP can lead to tangible results for your business, from faster and cheaper payments to quicker onboarding and improved customer experience.
Yapily is a licensed third-party provider that enables you to implement open banking-powered products across 19 countries, without having to apply for your own authorisation without having to apply for your own authorisation. Book a no-obligations call with an expert to discuss your business needs.
What’s a third-party provider (TPP)?
In open banking, a third-party provider is an entity regulated under open banking rules, such as the revised Payment Services Directive (PSD2) in Europe. As an authorised provider, the company in question can access bank account data or initiate direct account-to-account payments with the customer’s explicit consent.
To achieve this, the provider connects to banks’ secure APIs (Application Programming Interfaces), which must be shared with TPPs under strict open banking regulations.
To illustrate, imagine the TPP as sitting between the customer and the bank. The customer then consents to having their bank account data shared or payments initiated from their bank account, the TPP gains permission to perform those actions on the customer’s behalf.
TPPs must be authorised by a financial regulator, like the Financial Conduct Authority (FCA) in the United Kingdom. As a result, they are listed in official registers, and they legally can’t access banks’ APIs without the necessary licenses. What’s more, customers always authenticate their consent directly with their bank (via Face ID, a fingerprint, or an app confirmation, for example), which means that TPPs never see or store customers’ credentials. This makes open banking highly secure.
What’s an AISP and a PISP?
Open banking TPPs usually hold one or two authorisations: they are either an account information services provider (AISP), a payment initiation services provider (PISP), or both.
AISPs can access a bank user’s account data, such as balances and transactions, to help fintechs, PSPs, and financial institutions provide services like:
Budgeting insights
Cash flow overviews
Affordability assessments
AISPs support KYC and identity verification processes when used alongside appropriate controls
As for PISPs, they can initiate direct payments from one account to another. As such, they make it possible to bypass card networks and can reduce settlement times and avoid card-scheme fees in some use cases.
For example, PSPs who partner up with a PISP can include a Pay by Bank option at checkout. This makes the payment process faster and cheaper for merchants.
Read more: Open banking payments: The complete guide
TPP vs TSP: What’s the difference?
Whereas a third-party provider (TPP) is a regulated company authorised to offer payment initiation or account information services, a technical service provider (TSP) isn’t regulated. Their role is to provide the technology and bank integrations that TPPs can then make use of.
Generally, there are two ways that TPPs handle infrastructure:
Some TPPs build their infrastructure in-house. Yapily Connect, for instance, is a regulated TPP with both PISP and AISP authorisations. Behind the TPP sits Yapily’s infrastructure platform, which acts as a TSP by providing technical connectivity and backend systems.
Other TPPs outsource the technical work to TSPs. A smaller startup, for example, might get authorised as a PISP or an AISP, but instead of building and maintaining hundreds of bank connections on their own, they can plug into an external TSP (such as Yapily’s infrastructure platform) to seamlessly add the technology layer.
For banks, PSPs, or fintechs, this means you don’t always have to become a TPP yourself, which can be slow and complex. Instead, you can partner with a TPP (for the regulated activity) and a TSP (for the infrastructure).
And if the same provider can give you both, as Yapily does, it’s even simpler: with one partner, you gain access to regulated permissions and supporting infrastructure To discuss how Yapily can support your business and help you innovate with open banking, reach out to one of our experts.
How it all ties in together: a step-by-step example
Imagine you’re a PSP that is now offering Pay by Bank at checkout. Here’s what happens behind the scenes:
The customer clicks on “Pay by Bank” at checkout.
The PSP presents the user with a branded UI where they can pick their bank from a list of supported banks.
The TPP prepares a payment initiation service (PIS) request under its licence.
The TSP provides the technical connection to the bank’s API.
The PSP shows the customer that they are being redirected to their bank securely.
The customer authenticates with their bank using Strong Customer Authentication (SCA).
The TPP ensures the consent and payment request are valid and compliant.
The TSP maintains the secure API session with the bank and forwards authentication tokens.
The bank validates the request, confirms funds are available, and executes the transfer to the PSP’s merchant account.
To the customer, it looks like you are providing a frictionless service end-to-end. But the regulated handshake with the bank is done by the TPP, while the technical layer is handled by the TSP.
Is it worth becoming a TPP?
Many payment service providers, financial institutions, and fintechs choose to partner with a licensed TPP instead of becoming a TPP themselves.
Partnering with a licensed TPP*:
Significantly reduces regulatory hurdles
To become a TPP under PSD2 in Europe or Open Banking in the UK, you must obtain authorisations from the FCA (UK) or the relevant EU authority. Applications require detailed business plans, risk assessments, and compliance manuals, so it can take a long time to get approved.
And once you’re finally authorised, you need to submit periodic reports and be ready to undergo audits. If you’re a startup or a PSP looking to quickly enter the market, this is a major barrier: one that partnering with a licensed TPP* solves, as it enables you to skip over such hurdles and launch your product more quickly.
Outsources the complexity of building and maintaining bank connections
Building a reliable network of bank connections requires significant engineering resources and ongoing monitoring. If you don’t outsource the technical side of things to a TSP or a TPP with in-house infrastructure, you’ll need to invest heavily in technical teams, infrastructure, and other operational costs.
What’s more, bank APIs continuously evolve. Without a TPP and a TSP, it’s up to you to track these updates while maintaining high uptime. Plus, each bank has different API specifications, SCA mechanisms, error handling, and security requirements. It will take a lot of time and funding to build and maintain these connections.
If you partner with an infrastructure provider that also acts as a TPP, you kill two birds with one stone.
Eases compliance and operational overhead
Data protection, fraud management, and regulatory reporting: these are all responsibilities that come as part of being a TPP.
Even with a license and bank connections, you’ll still have to put resources toward monitoring of suspicious activities, secure handling of customer credentials, reporting of bank transactions to regulators, compliance with GDPR, and customer support.
This might distract you from focusing on your main business goals, hindering your progress. Outsourcing burdens like compliance to a TPP* means that you get to spend more time building great products and helping your customers achieve their end-goals.
How Yapily provides the regulatory authorisations and bank connectivity you need
At Yapily, we hold the authorisations that allow you to offer open-banking-powered services using Yapily’s regulated permissions. We also provide you with a robust infrastructure you can leverage to meet your business goals without building complex technical integrations yourself.
With us, you can access a range of services powered by open banking, from fast and cost-effective A2A payments to real-time account aggregation for better finance management or instant account verification that speeds up KYC and AML checks.
By partnering with Yapily, you can also:
Connect to over 2,000 banks via a single integration
Instead of integrating separately with hundreds of banks in order to make payment initiation and account information services possible, Yapily enables you to instantly gain secure access to thousands of bank accounts: all through a single integration.
Thanks to our PISP and AISP licenses, you can offer both payment and data services with the same provider (for instance, lenders using AIS for affordability assessments can turn PIS on later down the road for loan repayments).
Our wide geographic coverage connects you with over 2,000 banks in 19 European countries, including major markets like the UK, Germany, and France.
What’s more, we offer the strongest business account connectivity on the market, and we also provide connections to consumer, corporate, and wealth accounts.
This means our solution can be applied to multiple different use cases, from PSPs in B2C ecommerce to wealth management platforms, lenders, B2B fintechs, and more.
Leverage our enterprise-grade and scalable infrastructure
Yapily is an infrastructure platform first and foremost. This means we’ve poured our resources into making sure the technical foundations your business will stand on are solid, no matter if you’re a small company or a large enterprise.
We’ll be the ones maintaining bank connections across multiple countries, handling updates to banks’ APIs, managing API uptime, versioning, incident handling, and more. You’ll be the one innovating and scaling.
Our platform was built to handle large spikes in transaction volume. If you decide to branch into new territories or expand your customer base in your pre-existing markets, for example, we have the right tools to support you. As a result, you can grow your business with a single open banking provider instead of managing multiple integrations.
Our infrastructure is also fully white-labelled, making it possible for you to maintain your brand's visibility throughout the entire payment or onboarding process, as well as build your own flows and screens to fit your business needs.
And if you’re looking to enter the market quickly, our easily customisable Hosted Solutions are an easy option, while we develop your custom Direct Integration in the meantime.
Focus on your business while we keep things running in the background
With Yapily You can launch open banking-powered products quicker because we already have the necessary licenses and connections in place.
You get to remove the in-house technical and compliance burden from the process because we handle it for you.
You’re free to innovate and spend resources on building offerings that will differentiate you from competitors, like embedded finance products or personalised insights.
We’ll build and maintain the plumbing. You’ll build and grow your business.
Case study: How Yotta Pay makes payments ethical using Yapily’s authorisations and infrastructure
Yotta Pay, a UK-based ethical payments provider, is on a mission to provide merchants and customers with environmentally sustainable payment options that cut down on fees and extra resources, from paper receipts to payment terminals and debit cards.
Leveraging Yapily’s authorisations (TPP) and white-labelled infrastructure (TSP), Yotta Pay offers its own branded payment solutions to businesses and consumers. Thanks to Yapily Payments, businesses using Yotta Pay can provide frictionless checkout experiences on their website, face-to-face, or in-app. Taking cards out of the payment flow means that fund settlement is quicker, cheaper, and more environmentally-conscious.
Using Yapily Data, Yotta Pay can also safely access and verify account information for new merchants, speeding up onboarding.
According to the CEO and Founder of Yotta Pay, “As the UK’s first ethical payments processor, we needed a mission-oriented provider that offered more than ‘getting the job done’. We chose Yapily because of the flexibility and reliability of their platform, and the responsiveness of support and customer service.”
Since partnering with Yapily, Yotta Pay has improved online checkout conversions by 200%, enabled businesses to save up to 90% on operational costs, and experienced a consistent, 100%+ month-on-month growth in open banking payment volumes since launch.
Leverage Yapily’s TPP authorisations and robust infrastructure
In this guide, we explained the role of a TPP in the open banking ecosystem, how a TPP differs from a TSP, why it’s challenging to become a TPP yourself, and what the benefits of collaborating with a TPP are.
An infrastructure platform like Yapily already has the necessary authorisations and bank connections set up and running, which accelerates your time-to-market and frees up resources for innovation.
Instead of solving regulatory and technical challenges, your energy can go toward what matters most: your product.
To learn more about how to build new payment and account data solutions using Yapily’s licenses and infrastructure, speak to one of our experts.
FAQs: Open banking TPP
1. What is a TPP in open banking?
A TPP, or third-party provider, is a company regulated under open banking rules and authorised to access a customer’s payment account or initiate online payments with their explicit consent. TPPs connect to banks, building societies, and other financial services institutions using secure, standardised APIs. This allows them to deliver innovative banking services such as personal finance tools, account aggregation, or payment initiation through a mobile app or online banking platform.
2. What’s the difference between an AISP and a PISP?
An account information service provider (AISP) can access and analyse bank account data, while a payment initiation service provider (PISP) can initiate payments directly from a customer’s bank account. Some open banking platforms, such as Yapily, are both.
3. Are TPPs secure?
Yes, TPPs are regulated and licensed under strict open banking rules, such as the PSD2 in Europe. They adhere to security and data protection standards, and typically rely on SCA (Strong Customer Authentication) for obtaining explicit user consent.
4. Should I become a TPP or partner with one?
Becoming a TPP gives you full control over licensing and regulatory reporting, however, the process can be complex, lengthy, and costly. Partnering with a licensed TPP, especially one with in-house infrastructure, accelerates your time-to-market and allows you more space to focus on your business goals.
5. What should I consider when partnering with a TPP?
Check whether they’ve built their infrastructure in-house or if they’re outsourcing the technical layer to an external partner. You should also take bank coverage, data services, payment options, and the level of support provided into account.
*Partnering with a licensed TPP can remove the need to apply for PSD2 authorisation yourself. However, firms remain responsible for their own regulatory obligations, including AML, data protection, and customer outcomes
Important Information
Yapily Connect Ltd is authorised and regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 for the provision of Account Information Services and Payment Initiation Services (FRN 827001).
Yapily provides regulated open-banking connectivity and infrastructure services. Yapily does not provide financial advice or assume clients’ regulatory obligations, including AML/CTF, KYC, consumer protection, or data-protection compliance.
Clients remain fully responsible for ensuring their products, customer journeys, and controls comply with applicable laws and regulations.
Any benefits described (such as faster onboarding, cost reductions, or improved conversion) depend on each client’s implementation and are not guaranteed.