Find out more about AIS and PIS, including our role in regulating providers.
As part of promoting the development and use of innovative online payment services, the Payment Services Regulations 2017 (PSRs) brought 2 types of payment services activity under regulation for the first time – AIS and PIS.
Providers of payment accounts accessible on-line must allow third-party providers to access user accounts (with the user's explicit consent).
These third parties – providers of account information services (AISPs) and payment initiation services (PISPs) – are regulated under the PSRs with corresponding permissions and obligations.
Account information services
Under the PSRs, an account information service is an online service that provides consolidated information to a payment service user on one or more payment accounts held by that payment service user with other payment service providers.
Payment initiation services
Under the PSRs, a payment initiation service is an online service that initiates a payment order at the request of a payment service user from a payment account held at another payment service provider. This is done with the user’s consent and authentication.
The rules brought payment initiation services within the scope of regulation to ensure that PISPs receive access to payment accounts and place requirements on them to ensure security for users. The PSRs:
- brought PISPs within the scope of regulation
- sought to make sure that AISPs can receive access to payment accounts
- placed requirements on PISPs to ensure security for users
Our role in regulating AIS and PIS providers
We are responsible for ensuring AISPs and PISPs are registered or authorised.
For businesses that only carry on account information services, there is an option to become a registered account information service provider (RAISP). These providers have no capital requirements and need to meet fewer conditions than authorised firms.
Businesses that provide payment initiation services must be authorised and must have a minimum of €50,000 in initial capital (or higher if they provide certain other payment services).
Both AISPs and PISPs have to hold professional indemnity insurance (PII).
The European Banking Authority (EBA) has developed guidelines on PII.
Providing access to customers’ payment accounts for providers of AIS and PIS
Businesses that provide payment accounts that are accessible online to their customers, will have to give AISPs and PISPs access to these accounts, with the user’s consent and authentication.
Under the PSRs, providers of payment accounts are referred to as account servicing payment service providers (ASPSPs).
Strong customer authentication and common and secure methods of communication
The EBA developed regulatory technical standards that introduce standards for common and secure communications between ASPSPs and AISPs or PISPs ((EU) 2018/389).
Following the UK’s withdrawal from the EU, we made UK technical standards on strong customer authentication and common and secure methods of communication (SCA-RTS), together with changes to our Handbook.
The SCA-RTS are substantially the same as the EU regulatory technical standards (EU) 2018/389, in accordance with our consultation CP 18/44.
The EU standards were revoked.