Years ago, only people in the financial sector – those who were really interested in the new advances in financial technology – were the ones discussing concepts like open banking. But recently, open banking has exploded in popularity amid an ongoing push to move everything, from day-to-day activities to personal finances, online. With that, a lot more people have found themselves trying to learn what they can about open banking, and that means a lot of jargon.
To make it easier, we’ve broken down that jargon into quick, simple definitions so that even those unfamiliar with typical financial terms can get a basic understanding of the people, entities and businesses that fall under the open banking umbrella:
Open banking is a relatively new term for the process that allows certain third party service providers access to a customer’s financial and other banking information, with the consent of that client. Thanks to that scope of information, those providers can offer more personalized services to clients. Open banking also creates more competition in the industry, allowing clients a greater selection of providers and products to choose from.
PSD1 was the first iteration of the Payment Services Directive, which came into force across the EU in 2009. Like later iterations, its main goal was to increase competition in the financial sector across Europe and improve customer protection and rights for payment service providers and customers. Among other things, it required payment service providers and banks to be transparent about their fees and brought forth regulations that allowed entities that were not banks to perform financial transactions.
PSD2 is a set of regulations passed by the European Parliament in 2018, which aims to establish an integrated, competitive and innovative EU payments market, with a high-level of consumer protection. PSD2 includes rules to improve safety (like SCA) and ease when it comes to making online payments; protect users against fraud and payment issues while strengthening user rights; and establish more innovative payment services.
After several years of PSD2, experts in the financial sector are looking at ways the existing regulations could be built on and improved, and many say we could be seeing the next iteration of those regulations in the future with PSD3. Though PSD3 isn’t here yet, industry officials say it could include things like strengthened customer authentication, even more fraud protection, and more stringent regulations around APIs
Standing for Payment Service User, a PSU refers to any person or entity that uses a payment service. That includes those who make or receive payments, or those who use services like Kontomatik to have their banking data analyzed.
Application Programming Interfaces, known as APIs are the rules that dictate how different applications communicate with each other. A provider must meet a number of technological requirements in order to create its own API. That API then connects to the banking API and accesses financial data from the bank account. In other words APIs facilitate the request between a special service that asks for a customer’s information, and their service provider.
SCA stands for Strong Customer Authentication, which is essentially a process that uses two or more pieces of knowledge about a user (something the user is, knows, or possesses) which are independent from each other and which help authenticate that the user is who they claim to be. It is designed in such a way as to protect the confidentiality of the authentication data of PSU.
Regulatory Technical Standards (RTS) is the name of the regulation that points out a strong group of security measures that entities must comply with as part of PSD2. As part of its regulations, RTS requires customers and entities to use SCA to verify a customer’s identity in most cases, though RTS outlines some exceptions like smaller online payments and payments to a trusted third party.
An entity that provides and maintains accounts, and account information for payments is an ASPSP, short for Account Servicing Payment Service Provider. ASPSPs are often banks but can also be other electronic money institutions.
In the United Kingdom, a main financial regulatory body is called the Financial Conduct Authority, or the FCA, which is not government-affiliated. The FCA regulates the behavior of financial service providers from retailers to wholesalers. In 2022 it was announced that the FCA will oversee the future of open banking implementation in the UK along with another regulatory body called the Payments Systems Regulator. The groups are establishing a regulatory oversight committee and meeting in the spring of 2022.
Just as the UK has the FCA, Poland has the KNF, short for Komisja Nadzoru Finansowego, which is the country’s main financial regulatory body. The KNF is responsible for overseeing the financial market and financial institutions in Poland and collaborates with the EBA.
In Lithuania, the main financial regulatory body is the BOL, or Bank of Lithuania, which is the country’s central bank. It has the ability to grant or revoke licenses to and from banks in the country. It operates similarly to the KNF and FCA.
Learn more: https://www.lb.lt/en/legal-acts
Like the FCA, the EBA – European Banking Authority – is an independent EU agency established in 2011, that governs all EU banks. Based in Paris, the EBA largely focuses on ensuring European banks abide by an EU-wide regulatory standard. Its goal is to safeguard the integrity of the EU banking sector and to oversee financial stability across the EU. The EBA oversees things like the RTS, and it was largely responsible for commenting on and helping bring forth PSD2
PISPs, or Payment Initiation Service Providers, initiate bill payments or P2P money transfer services on behalf of a financial institution’s customer. In other words, PISP orders, on behalf of a client, the transfer of the client’s funds from an account held for that client by a financial institution. The transfer is carried out directly to the recipient (or to the recipient's supplier), so the PISP does not own the funds, nor does the PISP hold the funds at any time.
Payment Service Provider, often shortened to just PSP, is the term for entities that initiate payments for retailers. They verify a customer’s information and then transfer the payment from the customer’s account to the retailer or merchant.
Third Party Provider is the umbrella term for third-party entities including AISPs, PISPs and PSPs that connect with an ASPSP in order to do things like access a customer’s financial information or transfer and make online payments with that customer’s consent.
Called Account Information Service Providers, AISPs gather information on a user’s (PSU) account from their financial institution (ASPSP), on the condition that they have the user’s express consent. AISPs often obtain that information for a business – like a loan provider – which will use it to verify and analyze the financial information of the user, their client. The expert analysis and verification obtained using an AISP can help a business determine whether to work with that client and how to tailor their services to fit a particular client’s financial needs.
APIs are essential to the process of Open Banking because they pave the way for data sharing in a safe, secure, standardized and efficient w
A package of new draft proposals, PSD3 and PSR, includes plans to strengthen customer rights, combat fraud and improve APIs
Open banking is extremely popular around Europe, not just the UK