AISP (Account Information Service Provider), are all those companies that, their condition allows them access to the banking information of the accounts of those users who have previously accepted that they can access their accounts. Therefore, through a data API (Application Programming Interface), these companies will be able to access and use bank information, but not operate with it, that is, access is exclusively for “reading”. It should be noted that this practice, in Spain and Europe, can only be carried out under the AISP license granted by the Bank of Spain or the Central Banks of other countries.

The PSD2 directive (Payment Service Directive 2) is key to understanding what the AISP is. In general, the PSD2 directive, with its launch in 2015 and entry into force in 2018, allowed “protected” access to users’ bank details to operate more directly; thus, generating a wave of new Fintech companies that provide financial services.

In addition, it meant a very big change of mentality in the financial ecosystem by determining that bank details became part of the client, and not of the bank. Thus, users were granted the power to authorize access to their accounts by Account Information Service Providers. In practice, this made it possible for any application or platform to access and exploit that information through these providers. This fact has totally changed the paradigm of the banking ecosystem, giving rise to the opening of this, originating the phenomenon called Open Banking or Open Finance, for that reference to the opening of consumer data.

The origin of Open Banking cannot be traced back to a specific moment in time, but rather it has been a process in constant evolution, and it is still ongoing. At first, Open Banking came to light via “Scrapping”.

This means that there were applications that automatically scanned different web pages and extracted the information they were looking for. In other words, they performed the main service provided by an Account Information Service Provider.

However, Open Banking has begun to be known, especially in Europe because of the European Union regulation PSD1 and PSD2. These have partially formalized and regulated Open Banking. In the United States, however, this process was born in a more natural way over time. Large banking institutions and startups in the Fintech sector have naturally collaborated over time and there has been no need to impose it through regulation. Companies like Plaid, or Envestnet Yodlee have been pioneers and success stories in the sector in the United States.

That the PSD2 directive has been key to the emergence of Open Banking, and everything related to it is clear. But what is PSD2? This directive, which was announced as an evolution of the PSD1 directive, gave another twist to the existing regulation and served even more to force the opening of customer banking information. The European banking paradigm changed, as banks were forced for the first time to open and offer their customers’ information publicly via API (Application Programming Interface). Until then, customer information had been exclusive to banks, and from then on, the information became the property of the customer. This means that by passing ownership of the information from the bank to the customer, the customer can authorize third-party companies or applications to use that information to provide innovative personalized financial services. This PSD2 regulation has been a game changer for the industry, and the effects of the regulation are still in their early stages.

As a consequence of PSD2, as we have previously mentioned, new formats for regulated entities and AISP and PISP licenses also emerged, which allow non-banking institutions to offer account aggregation and banking information, among other services.

Briefly reviewing what the two main terms in this article are, AISP and Open Banking, the AISP (Account Information Service Provider) license allows companies that provide financial services and that have it, to access customer banking information.

However, this license does not allow operating with that information, that is, making payments or any other action. It is a kind of consultation or information provider work that can be done by the entities that provide the account information service. The PSD2 directive plays a leading role in all of this, as it allows non-bank applications or platforms to access account information, among other things.

Open Banking, for its part, is synonymous with opening banking information and making it available to third parties (third party providers) via APIs for the development of financial applications or services through third parties. Generally, the banking institution will allow access to the information of a bank client via API, such as their bank balance, their movements, details of their transactions, etc. In fact, as a result of the PSD2 regulation, all European banks were forced by law to create and open their APIS to third parties and provide, through these, the same services that they provide in their banking interfaces. However, since it is not very precise and has a certain margin of interpretation, it has caused each bank to decide to open their APIs according to their own interpretation of the standard. In many cases, banks still do not offer all the services that could be understood to be provided via API, greatly delaying the evolution of open banking. It seems that some of the banks, seeing that this opening of the APIs can harm them in favor of third-party platforms capable of providing certain services in a more efficient way, or with an improvement in the user experience, are putting barriers to opening.

In Spain, to operate as an entity that offers paid information services and, therefore, to become such an entity, a license is required. These licenses are granted by the Bank of Spain in Spain or by the Central Bank of the country in which it is requested. One of the first steps to obtain the license is to define the business model, that is, what type of service do we want to provide?

It should be noted that EU member countries can operate within member countries with the same license. As for operating in Spain, all those international entities that want to provide their service must communicate their intentions to the Bank of Spain by the supervisory authority of the country of origin and, it will be the Bank of Spain who orders the start date of the activity.

In the case of the AISP, they would be all those entities that only offer information on accounts and that must be attached to the “Registry of service providers of information on accounts“.

Once the business model has been defined and the type of registration defined, the Bank of Spain recommends a step prior to the official request. Hold a meeting requested with the “authorization or registration pre-application form”. In this way, it will be possible to better expose the exact activity that you want to carry out as a payment entity just before the formal processing.

The procedure can be carried out in 3 different ways, but all of them lead to the same purpose:

-Electronically through the Electronic Registry of the Bank of Spain:

These are the steps that the Bank of Spain recommends:

1.-Access the Electronic Registry using one of the authentication systems accepted by the Bank of Spain.

2.-Select the option “Fill in the form” and then choose the option according to the applicant.

3.-Complete the requested data and, when appropriate, attach the necessary documentation.

4.-Once all the data has been filled in and the necessary documentation attached, press the “Send” button.

5.-The Electronic Registry shows a screen informing about the status of the request. If the shipment is completed successfully, the “Acknowledgment of receipt” document can be consulted. Optionally, it can be saved and/or printed as proof of the operation carried out.

6.-At any time, from the option “Consult my writings submitted by the Electronic Registry”, you can consult the successfully completed submissions.

-In person at any of the Bank of Spain branches:

*The available branches can be found in the “other information of interest” section of the Bank of Spain website.

-By postal mail:

The way to do it this way is by sending the mail to the official headquarters of the General Vice-secretariat of the Bank of Spain at Calle Alcalá 48, 28014 Madrid.

In the “Processing” section of the following link you will find all the mandatory documentation to present and that can be consulted in the “Informative guide for applicants“:

https://sedeelectronica.bde.es/sede/es/menu/tramites/autorizacion-al-/registro_de_pre_1649a2b89198b61.html

The resolution body for these cases is the responsibility of the Executive Commission of the Bank of Spain, which has 3 months from when all the required documentation is considered complete and sent. If the request takes more than 3 months, it is understood that it has been rejected.

Thanks to PSD2, and as a consequence of Open Banking, Snab has been able to create a non-banking platform that allows our clients to access their information and bank movements from one place, centralizing all banking and treasury management in Snab, safely, and complying with all PSD2 regulatory standards.