The Second Payments Services Directive (“PSD2”) is the latest revolutionary regulatory framework that will be operational in the UK and the European Union (“EU”) from 13 January 2018.
PSD2’s aims are to:
- lower the entry barriers
- protect consumers
- encourage lower prices, and
- promote the development and use of innovative online and mobile payments.
PSD2 also introduced two new types of regulated service providers:
- Payment Initiation Service Providers (PISPs)
- Account Information Service Providers (AISPs)
More information can be found in the European Commission website.
A service made available to users of payment services with online access to accounts through which the payer can get, thanks to an online platform, a consolidated view view on their data even those held in multiple banks or payment accounts.
A service provided where a payer can make an online payment through the service, like a direct debit, to a third party beneficiary.
What can PISPs and AISPs do?
PISPs and AISPs are classified as Third Party Providers (TPPs) under PSD2.
A PISP can provide a service to initiate a payment order (payment information) from one payment provider, at the request of a user to a payment account held at another payment provider.
An AISP offers an online service to provide consolidated information (data) on one or more payment accounts held by a user who has one or more accounts at one or more payment providers.
Do you need to be regulated?
Most Fintechs in the UK have to determine whether they’re engaging in AIS or PIS.
If you intend to provide PIS, then unquestionably, you need to be regulated for PI, like TrueLayer is, by the Financial Conduct Authority (“FCA”) in the UK.
However for AIS providers, certain providers need not go through the whole authorisation process; they merely require to be registered.
It boils down to the use of AIS:
If you’re a customer of TrueLayer using our API to acquire the bank data of your customers and display it back to the user you need to go through the FCA and get registered, since you are providing AIS.
If you’re a customer of TrueLayer using us to acquire the bank data of your customers, but you use that data for ancillary services like credit decisions, building internal fraud detection, or for internal market intelligence, or enhancing your internal know how with client verification, and you never show this data to your customers, you do not need to get registered, as you are not strictly providing AIS.
We think there are instances where certain companies who thought they ought not to get registered, now come in scope. It goes without saying that you should seek your own legal advice and confirm this, and if need be, talk to the FCA.
Acronyms you’ll read or hear about often:
|FCA||Financial Conduct Authority (the UK Regulator)|
|PSR||Payment Services Regulator (UK Regulator looking at payment services specifically; a sub-set of the FCA).|
|PSU||Payment Service User (End User)|
|AISP||Account Information Service Providers|
|PISP||Payment Initiation Service Providers|
|ASPSP||Account Servicing Payment Service Provider (Ex: Banks and Other Financial Institutions)|
|EBA||European Banking Authority|
|RTS||Regulatory Technical Standards (EBA has oversight on this)|
|PSP||Payment Service Providers|
|TPPs||Third Party Providers (of which AISP and PISP are categories)|
TrueLayer & PSD Agents
In instances where you recognise that you need to be regulated as an RAISP, TrueLayer are comfortable to have conversations with you about being our agent. This means that you don’t need to be directly regulated for AIS.
If you would like to discuss this some more, or require further information, please feel free to contact us.