AIS: To register or not to register?
A short note about PSD2 and the FCA regulatory process for AIS.
In mid-September this year, the UK regulator, the Financial Conduct Authority (“FCA”) published its on their implementation to the revised (“PSD2”). We’ve been waiting a while for the FCA’s guidance documents and it certainly doesn’t disappoint!
To recap, PSD2 comes into full operation in January 2018. Its aims were to lower the entry barriers, protect consumers, encourage lower prices, and promote the development and use of innovative online and mobile payments. This also included evolved types of payment services.
As most people in financial services know, there are new types of license for companies that provide a new payment service — either Account Information Services (“AIS”), aka access to bank data, or Payment Initiation Services (“PIS”), aka making payments with the end user’s consent. It doesn’t necessarily mean that those entities that provide AIS will also provide PIS. Indeed, some companies are deciding to only provide AIS.
Accordingly, what approval and licensing do they require from the FCA?
Well, here’s where it becomes interesting. For the record, is going to provide AIS and PIS, so we’re going through the entire gamut of licensing. But for some of our customers, there is ambiguity as to what they need to do.
As per the FCA, an AIS and PIS provider can become an Authorised AIS Provider (“AISP”) or an Authorised PIS Provider (“PISP”). There is also a third category. A Registered AISP (“RAISP”). These are of licensing. The concept of account aggregation is not new in the UK; the only difference is that they now come into the scope of the FCA. You can the FCA’s website to determine your AIS position and what type of regulation you require. Applications for the new license categories open on 13 October.
For the bulk of new FinTechs in the UK, there is still a question as to whether they need to be regulated or not. Under the new regime, AISPs providing AIS only, need not go through the whole authorisation process; they merely require to be registered. This doesn’t mean that the FCA won’t go through a thorough examination of your processes, business operations, organisational structure or risk management framework. Quite the contrary — the FCA expects any RAISPs to provide full and complete details on their organisation so that they can assess your organisation.
So the question is: do you provide AIS and if yes, do you need to be a RAISP?
We’ve had long discussions with lawyers, lobby groups, and regulatory groups, as to what constitutes an AIS. And while this is in no way legal advice, we’ve concluded after all these conversations and discussions, whether or not you get registered, boils down to the use of AIS:
If you’re a customer of TrueLayer using us to acquire the bank data of your customers, and then you provide this consolidated data back to your customers, then you need to go through the FCA and get a RAISP, since you are providing AIS;
If you’re a customer of TrueLayer using us to acquire bank data of your customers, and use that data for ancillary services like building internal fraud detection, or for internal market intelligence, and you never show this data to your customers, then you do not need to get a RAISP, as you are not strictly providing AIS.
Examples of (1) include companies that help their customers save money through online chatbots after aggregating their banking data, or provide financial planning services through a dashboard, or digital banks.
Examples of (2) include online lenders using this data to assess the creditworthiness of their customers, or companies using this data to analyse the market spending habits of their customers.
We think there are instances where certain companies who thought they ought not to get registered, now come in the scope. It goes without saying that you should seek your own legal advice and confirm this, and not rely solely on this blog post, in addition to reading the FCA’s very useful approach document and other FCA materials online.
Given this development, in addition to getting regulated as an AISP and PISP, TrueLayer has decided to build a product that would help companies to get their RAISPs, swiftly and economically. We believe that building financial service applications should be as easy as building any other type of consumer-facing app. We are therefore fully committed to lowering the entry barriers to provide AISP and PISP services to our customers. We expect to launch this at the end of the year, but in the meantime, to use our API and test its compatibility with your product!