Account Information Services (AIS)
A service that enables businesses and institutions to share data with other financial providers, banks, and Third-Party Providers (TPPs).
AIS can be used to analyse financial information and gain insights into account ownership and financial behaviours.
e.g. We use account information services to easily verify potential customers’ identities.
AISP - Account Information Service Provider
An online service provider that collects financial information from end users’ accounts, balances, and transaction information.
It collects from one or more of its users’ banks, either in the format originally provided by the bank or after processing. This is so it can legally display this data back to the end user or to another business entity as instructed by the user.
e.g. Thanks to Account Information Service Providers (AISP) like Emma, I can easily track my spending habits to save more money every month.
Agent of AISP/AISP Agent
An organisation that has FCA permissions to ask for user data from banks. They sometimes do this on behalf of other businesses.
ASPSP - Account Servicing Payment Service Provider
A service that enables payment initiation and access to account information for TPPs. As a result of PSD2, all ASPSPs are required to participate in open banking.
e.g. Account Servicing Payment Service Providers (ASPSP) provide and maintain payment accounts for anyone using payment services.
Application Programming Interface (API)
A type of software interface that provides a set of definitions, communication protocols, and tools to help developers easily build applications. APIs offer a way for two or more computer programs to “talk” to each other (i.e. share data).
e.g. Yapily provides high-performance open banking APIs, helping third-party providers connect to banks.
API Access Tokens
A unique identifier of an application requesting access to data. It is the machine-level representation of an end-user’s permission to access their bank account.
It unlocks secure communication with the bank API for accessing users account information or permission to initiate payments.
CBPII - Card Based Payment Instrument Issuer
Payment service providers that issue cards, which can be used to make purchases online and in person. These payments are taken via the card from one account, and sent to another account held by the merchant.
e.g. When the user tries to make a card payment, the CBPII uses open banking to confirm available funds before processing the payment.
CMA - Competition and Markets Authority
A non-ministerial government department responsible for strengthening business competition and preventing and reducing anti-competitive activities.
The CMA conducted a retail banking market investigation to improve how banks serve businesses and consumers. Open banking was born as a result of the investigation to decentralise banking information and open up banking services to TPPs.
e.g. The CMA and the Treasury on the future of open banking regulation will set up a working group on account-to-account payments.
Abbreviated from Competition and Markets Authority 9 (CMA 9)
The nine largest banks and building societies in Great Britain and Northern Ireland, based on the volume of personal and business current accounts. The CMA 9 includes:
- AIB Group (UK) plc trading as First Trust Bank in Northern Ireland
- Bank of Ireland (UK) plc
- Barclays Bank plc
- HSBC Group
- Lloyds Banking Group plc
- Nationwide Building Society
- Northern Bank Limited, trading as Danske Bank
- The Royal Bank of Scotland Group plc
- Santander UK plc (in Great Britain and Northern Ireland)
e.g. The CMA 9 are required to provide API access to third-party providers.
Directory (The Open Banking Directory)
A directory that provides a “whitelist” of participants permitted to operate in the Open Banking ecosystem, as required by the CMA Order.
The Read/Write Directory also provides identity and access management services for parties wishing to participate in payment initiation and account information transactions through APIs.
A test instance of the Directory. It may be used to support testing applications with test API endpoints, and testing integration with the Open Banking Directory.
EBA - European Banking Authority
A regulatory agency in the European Union Established in 2011. Its objective is to maintain EU financial stability and safeguard the banking sector.
e.g. The European Banking Authority (EBA) issued its newsletter covering the guidelines on the role and responsibilities of compliance officers.
ECON - European Parliament Economic and Monetary Affairs Committee
An agency in charge of everything from the regulation of financial services to taxation and competition policies.
EBA RTS - European Banking Authority Regulatory Technical Standards
A set of detailed compliance criteria set for all parties involved in areas such as data security and legal accountability.
One example is strong customer authentication (SCA) guidelines, which require extra security steps to protect open banking users against fraud.
e.g. The proposed Regulatory Technical Standards on strong customer authentication and secure communication are key to achieving the objective of the PSD2 of enhancing consumer protection.
A European regulation that oversees electronic identification, authentication, and trust services. To participate in the open banking ecosystem, banks and TPPs need to prove their identity using secure communication operations based on these certificates.
e.g. By adhering to the guidelines set for technology under eIDAS, organisations are pushed towards using higher levels of information security and innovation.
Financial Conduct Authority (FCA)
A financial regulatory body in the United Kingdom that operates independently of the UK Government and is financed by membership fees. The FCA regulates the financial services industry and updates regulation as and when required, including PSD2.
e.g. The FCA’s role includes protecting consumers, keeping the industry stable, and promoting healthy competition between financial service providers.
Electronic Money Issuers (EMI)
Digital alternatives to banks that operate through online platforms and are licensed to manage transactions and issue debit cards. A number of household names are EMIs, including AirBnB, American Express, eBay, PayPal and, of course, Yapily.
e.g. Electronic Money Institutions (EMIs) are the digital alternative of banks, operating through an online platform and licensed to manage transactions and issue debit cards.
Electronic Money Regulations (EMR)
Regulations that affect electronic money issuers and their customers. They aim to encourage more firms to set up electronic money schemes and introduce new protections and safeguards for their customers.
E.g. Electronic money issuers need to ensure they are up-to-date and compliant with The Electronic Money Regulations 2011 to avoid issues with their governing body.
General Data Protection Regulation (GDPR)
A regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
It was designed to “harmonise” data privacy laws across all of its member countries and provide greater protection and rights to individuals, altering how businesses and other organisations can handle the information of those that interact with them.
e.g. GDPR gives individuals, prospects, customers, contractors, and employees more power over their data and restricts how organisations can collect, process, and store data.
Know Your Customer (KYC)
A set of standards banks are required to use during the onboarding processes to verify the identities of their customers.
It is for reducing the risk of illegal transactions such as money laundering. In some cases, TPPs are also required to conduct KYC to reduce those risks.
e.g. Yapily Validate can be used to speed up KYC and customer onboarding.
NCA - National Competent Authority
A governmental body, regulatory or supervisory authority having responsibility for the regulation or supervision of the participants permissioning.
For example in the UK it’s the FCA, in France the ACPR, Germany has BaFin and so on.
OBIE - Open Banking Implementation Entity
Also known as Open Banking Limited. A collective organisation that works with the CMA 9 and other stakeholders to define and develop the required APIs, security and messaging standards that underpin Open Banking.
Yapily works closely with the OBIE to ensure we are aligned with the latest standard, leading to the best possible experience for our customers.
e.g. The future entity would build on the significant progress made to date by the OBIE to encourage innovation and support competition.
An Open API or Public API is a free-to-use, publicly available application programming interface (API) that provides developers with programmatic access to a proprietary software application.
Open Banking Ecosystem
This refers to all the elements that facilitate the operation of Open Banking. This includes the API Standards, governance, systems, processes, participants, security and procedures.
Data that anyone can access, use or share.
Information such as:
- ATM and branch locations
- Product information for Personal Current Accounts
- Business Current Accounts (for SMEs) Unsecured Lending
- Commercial Credit Cards.
Open Banking Payments
Payments that bypass traditional payment networks by directly transferring funds between bank accounts.
They are enabled by APIs and secure authentication. And they reduces fees, speeds up transactions, and enhances transparency compared to other payment systems.
Open Banking Working Group (OBWG)
This is a formal business point of contact and senior member of staff nominated by an organisation to have access to the Open Banking Directory. They are responsible for systems and controls related to open banking.
These contacts keep information up-to-date and allow banks, infrastructure providers, and TPPs to operate securely within the open banking ecosystem.
e.g. We need to reach out to the PBC to ensure that details on the directory are up-to-date.
Personal Finance Management (PFM)
Software that helps users manage their money. It often lets users categorise transactions and add accounts from multiple institutions into a single view, and typically includes data visualisations such as spending trends, budgets, and net worth.
e.g. The rise in budgeting apps and PFM software like Emma benefit consumers by giving them more control of their finances.
Payment Initiation Services Provider (PISP)
Provides the ability to make account-to-account payments. Unlike card or bank transfers, PISPs simplify payments by initiating them directly from the user’s bank account to another account.
This cutting out the middleman and reducing associated costs.
e.g. Yapily Payments is used by PISPs to offer account-to-account payments, while bypassing the middleman.
The Second Payment Services Directive (PSD2)
An updated piece of legislation that was designed to force payment service providers to improve the customer authentication process and regulate third-party involvement.
PSD2 mandates that banks must make it possible for a third party to access financial information that was traditionally only available to the banks. It brought forth open banking.
e.g. It was planned that PSD2 would reduce fraud and make payments easier.
Payment Services Provider (PSP)
A Payment services provider is an entity which carries out regulated payment services. Comma is an example of a payments service provider that enables small businesses to access bulk payments through open banking, a service banks traditionally only offered to larger organisations.
e.g. Rather than relying on your bank there are PSPs available that offer specific payment solutions.
Payment Services Regulations (PSR)
Regulations in 2017 that set out the rules relating to all payment services including the services provided by banks, building societies, and debit card providers.
PSR provided several outlines, including what consumers can expect their bank to do if there has been unauthorised use of their account details or debit card. It also brought PSD2 into UK law, providing rules that all service providers must follow.
e.g. PSPs must comply with conduct of business requirements set out in the PSRs.
Payment Services User (PSU)
More commonly known as customers, a PSU is a person or business that uses a payment service including AISPs, PISPs, CBPIIs and ASPSPs to view, send or receive money.
e.g. The PSU paid their credit card bill through open banking, without the need to remember their card details.
Primary Technical Contact (PTC)
An individual nominated by their organisation to have access to the Open Banking Directory, they are also able to nominate other Directory technical users.
Unlike the PBC the PTC is the main technical contact for any matter that concerns the Open Banking Directory, whereas the PBC is the point of contact for any business query.
e.g. “Do you need access to the directory? Reach out to Dan, he’s our PTC”.
Strong Customer Authentication (SCA)
A form of two-factor authentication, involving extra steps to reduce card fraud.
e.g. Updated legislation now means that apps are only required to gather SCA every 180 days, half as frequent as the previous 90 day mark.
Third-Party Providers (TPP)
An organisation that is regulated to communicate between banks and consumers or businesses to either initiate payments or retrieve and analyse financial information through an API.
Traditionally, consumers and businesses would have to rely on banks to do what’s best for them, but open banking has given rise to a range of providers that offer tailored solutions built to solve specific problems.
TPPs fall into one of two groups: payment initiation service providers (PISPs) or account information service providers (AISPs). Sometimes they could be both.
You can view the full list of TPPs on the Open Banking Directory. e.g. There are a number of TPPs available to help businesses access more tailored financial solutions that better meet their needs than traditional solutions.
Technical Service Providers (TSP)
Companies that work with regulated providers to deliver open banking products and services.
e.g. TSPs collaborate with regulated providers to securely provision the financial data.
Access to Accounts (XS2A)
Access to account services enables third-party providers to gain access to the bank accounts of EU consumers.
e.g. The format of certain request fields are not matching the XS2Arequirements.