AISPAccount Information Service ProviderAn Account Information Service provides account information services as an online service to provide consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s).
APIApplication Programming InterfaceAn Application Programming Interface is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact.
API Data API Data is data made available to an API User or a TPP through the APIs.
API UserAn API User is any person or organisation who develops web or mobile apps which access data from an API Provider.
API ProviderAn API Provider is a service provider implementing an Open Data API. An API Provider provides Open Data via an API gateway.
ASPSPAccount Servicing Payment Service ProviderAccount Servicing Payment Service Providers provide and maintain a payment account for a payer as defined by the PSRs and, in the context of the Open Banking Ecosystem are entities that publish Read/Write APIs to permit, with customer consent, payments initiated by third party providers and/or make their customers’ account transaction data available to third party providers via their API end points.
ASPSP BrandAn ASPSP brand is any registered or unregistered trade mark or other Intellectual Property Right provided by an ASPSP.
CBPIICard Based Payment Instrument IssuerA Card Based Payment Instrument Issuer is a payment services provider that issues card-based payment instruments that can be used to initiate a payment transaction from a payment account held with another payment service provider.
CMA Competition and Markets AuthorityThe Competition and Markets Authority (CMA) is a non-ministerial government department in the United Kingdom, responsible for strengthening business competition and preventing and reducing anti-competitive activities.
CMA OrderThe Retail Banking Market Investigation Order 2017.
CMA RemediesRemedies that the CMA deemed appropriate to introduce to address a number of key features of the UK Retail banking market considered to be having an adverse effect on competition. These remedies included a requirement for the UK banking industry to adopt a subset of HMT’s proposals for Open Banking.

The nine largest banks and building societies in Great Britain and Northern Ireland, based on the volume of personal and business current accounts.

AIB Group (UK) plc trading as First Trust Bank in Northern Ireland, Bank of Ireland (UK) plc, Barclays Bank plc, HSBC Group, Lloyds Banking Group plc, Nationwide Building Society, Northern Bank Limited, trading as Danske Bank, The Royal Bank of Scotland Group plc, Santander UK plc (in Great Britain and Northern Ireland).

Competent AuthorityA Competent Authority, in the context of the Open Banking Ecosystem, is a governmental body or regulatory or supervisory authority having responsibility for the regulation or supervision of the subject matter of Participants.
Data Standard The data standards issued by Open Banking from time to time in compliance with the CMA Order.

The Open Banking Directory provides a “whitelist” of participants able to operate in the Open Banking Ecosystem, as required by the CMA Order.

The Read/Write Directory also provides identity and access management services to provide identity information in order to participate in payment initiation and account information transactions through APIs.

Directory SandboxThe Open Banking Directory Sandbox is a test instance of the Directory. The Directory Sandbox may be used to support testing applications with test API endpoints and testing integration with the Open Banking Directory.
EBA RTSEuropean Banking Authority Regulatory Technical StandardsThe European Banking Authority develops Regulatory Technical Standards which are submitted to the European Commission for endorsement. Regulatory Technical Standards are a set of detailed compliance criteria set for all parties that cover areas such as data security, legal accountability and other processes.
FCAFinancial Conduct AuthorityThe Financial Conduct Authority is the conduct regulator for 56,000 financial services firms and financial markets in the UK and the prudential regulator for over 18,000 of those firms.
GDPRGeneral Data Protection RegulationA regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).
Mandatory ASPSPMandatory ASPSPs are entities that are required by the CMA Order to enrol with Open Banking.
OBIEOpen Banking Implementation EntityThe Open Banking Implementation Entity is the delivery organisation working with the CMA9 and other stakeholders to define and develop the required APIs, security and messaging standards that underpin Open Banking. Otherwise known as Open Banking Limited.
Open APIAn Open API or Public API is a free-to-use, publicly available application programming interface (API) that provides developers with programmatic access to a proprietary software application.
Open Banking EcosystemThe Open Banking Ecosystem refers to all the elements that facilitate the operation of Open Banking. This includes the API Standards, the governance, systems, processes, security and procedures used to support participants.
Open Banking ServicesThe open banking services to be provided by Open Banking to Participants, including but not limited to, the provision and maintenance of the Standards and the Directory.
Open Data

Information on ATM and Branch locations, and product information for Personal Current Accounts, Business Current Accounts (for SMEs), and SME Unsecured Lending, including Commercial Credit Cards.

Open Data is data that anyone can access, use or share.

ParticipantAn API Provider, API User, ASPSP, or TPP that currently participates in the Open Banking Ecosystem.
PBCPrimary Business ContactA Primary Business Contact is an individual nominated by an entity to have access to the Directory and will be able to nominate other Directory business users. This should be a formal business point of contact and a senior member of staff responsible for systems and controls related to Open Banking.
PSD2Revised Payment Services DirectiveThe Payment Services Directive 2015/2366, as amended or updated from time to time and including the associated Regulatory Technical Standards developed by the EBA and agreed by the European Commission and as implemented by the PSR and including any formal guidance issued by a Competent Authority.
PISPPayment Initiation Services ProviderA Payment Initiation Services Provider provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.
PSPPayment Services ProviderA Payment Services Provider is an entity which carries out regulated payment services, including AISPs, PISPs, CBPIIs and ASPSPs.
PSRPayment Services RegulationsThe Payment Services Regulations 2017, the UK's implementation of PSD2, as amended or updated from time to time and including the associated Regulatory Technical Standards as developed by the EBA.
PSUPayment Services UserA Payment Services User is a natural or legal person making use of a payment service as a payee, payer or both.
PTCPrimary Technical ContactA Primary Technical Contact is an individual nominated by the entity to have access to the Directory and will be able to nominate other Directory technical users. This should be a main point of contact on technical configuration and a senior member of staff with responsibility for the management of the Open Banking digital identity.
Read/Write APIRead/Write APIs enable third party providers, with the end customer’s consent, to request account information, such as the transaction history, of Personal and Business Current Accounts and/or initiate payments from those accounts.
Read/Write DataRead/Write Data includes personal current account and business current account transaction data sets made available by ASPSPs in accordance with the Read/Write Data Standard.
SCAStrong Customer AuthenticationStrong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows [for example, a password]), possession (something only the user possesses [for example, a particular cell phone and number]) and inherence (something the user is [or has, for example, a finger print or iris pattern]) that are independent, [so] the breach of one does not compromise the others, and is designed in such a way as to protect the confidentiality of the authentication data.
SMEsSmall and Medium-sized EnterprisesSmall and medium-sized enterprises by scale of business, as defined by the CMA, with a turnover <£6.5m p.a.
StandardsThe Standards are the Data Standards and Security Standards in accordance with which ASPSPs will be required to make Read/Write APIs available.
TPPThird Party ProviderThird Party Providers are organisations or natural persons that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments.

Third Party Providers are either/both Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs).

Voluntary ASPSPVoluntary ASPSPs are those entities who, although not obliged to enrol with Open Banking, have elected to do so in order to utilise the Standards to develop their own APIs, to enrol onto the Open Banking Directory, and to use the associated operational support services.