Open Banking Glossary

AISP - Account Information Service Provider

An online service provider that collects financial information from end users, such as their accounts, balances, transactions information from one or more of their users’ banks, either in the format originally provided by the bank or after processing. This is so they can legally display this data back to the end user or to another business entity as instructed by the user.

Agent of AISP/AISP Agent

An Agent entity is business who is not regulated to ask for user data from banks, thus relies on a regulated AISP that has FCA permissions to do so. Read more on how your business is impacted or can benefit from this arrangement on our AISP perimeter blog here .

API - Application Programming Interface

A set of routines, protocols, and tools for building software applications. An API specifies how software components should interact.

API Access Tokens

An access token is a unique identifier of an application requesting access to data. It is the machine-level representation of an end-user’s permission to access their bank account. It unlocks secure communication with the bank API for accessing users account information or permission to initiate payments.

ASPSP - Account Servicing Payment Service Provider

These are banks or similar institutions that provide and maintain a payment account for a payer, as defined by the regulators. In the context of the Open Banking they are entities that provide dedicated interfaces to permit, with customer consent, payments initiated by third party providers and/or make their customers’ account transaction data available to third party providers via their API endpoints.

CBPII - Card Based Payment Instrument Issuer

A payment services provider that issues card-based payment instruments that can be used to initiate a payment transaction from a payment account held with another payment service provider.

CMA - Competition and Markets Authority

A non-ministerial government department in the United Kingdom, responsible for strengthening business competition and preventing anti-competitive activities. It regularly investigates the market, and has published reports such as “Making Banks work harder for you” to summarise its mission.


The nine largest banks and building societies in Great Britain and Northern Ireland, based on the volume of personal and business current accounts. Abbreviated from Competition and Markets Authority 9. Refer to the list here


The Open Banking Directory provides a “whitelist” of participants permitted to operate in the Open Banking Ecosystem, as required by the CMA Order. The Read/Write Directory also provides identity and access management services for parties wishing to participate in payment initiation and account information transactions through APIs. You can view the existing participants here and enrol to the directory here.

Directory Sandbox

The Open Banking Directory Sandbox is a test instance of the Directory. The Directory Sandbox may be used to support testing applications with test API endpoints, and testing integration with the Open Banking Directory.

ECON - European Parliament Economic and Monetary Affairs Committee

An agency in charge of everything from the regulation of financial services to taxation and competition policies.

EBA - European Banking Authority

Established in 2011, the EBA is a regulatory agency of the European Union. Its objective is to maintain EU financial stability and to safeguard the banking sector.

EBA RTS - European Banking Authority Regulatory Technical Standards

The European Banking Authority develops Regulatory Technical Standards which are submitted to the European Commission for endorsement. Regulatory Technical Standards are a set of detailed compliance criteria set for all parties that cover areas such as data security, legal accountability and other processes.

FCA - Financial Conduct Authority

The conduct regulator for 56,000 financial services firms and the financial markets in the UK. It is also the prudential regulator for over 18,000 of those said firms. Visit their website for more information

GDPR - General Data Protection Regulation

A regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).

NCA - National Competent Authority

A governmental body, regulatory or supervisory authority having responsibility for the regulation or supervision of the participants permissioning. For example in the UK it's the FCA, in France the ACPR, Germany has BaFin and so on.

OBIE - Open Banking Implementation Entity

The organisation working with the CMA9 and other stakeholders to define and develop the required APIs, security and messaging standards that underpin Open Banking. Otherwise known as Open Banking Limited.

Open API

An Open API or Public API is a free-to-use, publicly available application programming interface (API) that provides developers with programmatic access to a proprietary software application.

Open Banking Ecosystem

This refers to all the elements that facilitate the operation of Open Banking. This includes the API Standards, governance, systems, processes, participants, security and procedures.

Open Data

Information on ATM and branch locations, and product information for Personal Current Accounts, Business Current Accounts (for SMEs), Unsecured Lending and Commercial Credit Cards. Open Data is data that anyone can access, use or share.

PBC - Primary Business Contact

A Primary Business Contact is an individual nominated by an entity to have access to the Open Banking Directory, and able to nominate other Directory business users. This should be a formal business point of contact and a senior member of staff responsible for systems and controls relating to Open Banking.

PISP - Payment Initiation Services Provider

A Payment Initiation Services Provider provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.

PSD2 - Revised Payment Services Directive

The Payment Services Directive 2015/2366, as amended or updated from time to time and including the associated Regulatory Technical Standards developed by the EBA and agreed by the European Commission and as implemented by the PSR and including any formal guidance issued by a Competent Authority.

PSP - Payment Services Provider

A Payment Services Provider is an entity which carries out regulated payment services.

PSR - Payment Services Regulations

The Payment Services Regulations 2017, the UK’s implementation of PSD2, as amended or updated from time to time and including the associated Regulatory Technical Standards as developed by the EBA.

PSU - Payment Services User

A Payment Services User is a natural or legal person making use of a payment service as a payee, payer or both.

PTC - Primary Technical Contact

A Primary Technical Contact is an individual nominated by the entity to have access to the Directory and will be able to nominate other Directory technical users. This should be a main point of contact on technical configuration and a senior member of staff with responsibility for the management of the Open Banking digital identity.

Read/Write API

Read/Write APIs enable third party providers, with the end customer’s consent, to request account information, such as the transaction history, of Personal and Business Current Accounts and/or initiate payments from those accounts.

SCA - Strong Customer Authentication

Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows [for example, a password]), possession (something only the user possesses [for example, a particular cell phone and number]) and inherence (something the user is [or has, for example, a fingerprint or iris pattern]) that are independent, so the breach of one does not compromise the others, and is designed in such a way as to protect the confidentiality of the authentication data.

SMEs - Small and Medium-sized Enterprises

Small and medium-sized enterprises by scale of business, as defined by the CMA, with a turnover <£6.5m p.a.

TPP - Third Party Provider

Third Party Providers are organisations or natural persons that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. Third Party Providers are either/both Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs).

TSP - Technical Service Provider

The technical service providers are companies that work with regulated providers to deliver Open Banking products and services.

XS2A - Access to Accounts

Gives financial institutions, plus approved and regulated third parties, access to the bank accounts of consumers in the European Union.