|AISP||Account Information Service Provider||An Account Information Service provides account information services as an online service to provide consolidated information on one or more payment accounts held by a payment service user with one or more payment service provider(s).|
|API||Application Programming Interface||An Application Programming Interface is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact.|
|API Data||API Data is data made available to an API User or a TPP through the APIs.|
|API User||An API User is any person or organisation who develops web or mobile apps which access data from an API Provider.|
|API Provider||An API Provider is a service provider implementing an Open Data API. An API Provider provides Open Data via an API gateway.|
|ASPSP||Account Servicing Payment Service Provider||Account Servicing Payment Service Providers provide and maintain a payment account for a payer as defined by the PSRs and, in the context of the Open Banking Ecosystem are entities that publish Read/Write APIs to permit, with customer consent, payments initiated by third party providers and/or make their customers’ account transaction data available to third party providers via their API end points.|
|ASPSP Brand||An ASPSP brand is any registered or unregistered trade mark or other Intellectual Property Right provided by an ASPSP.|
|CMA||Competition and Markets Authority||The Competition and Markets Authority (CMA) is a non-ministerial government department in the United Kingdom, responsible for strengthening business competition and preventing and reducing anti-competitive activities.|
|CMA Order||The Retail Banking Market Investigation Order 2017.|
|CMA Remedies||Remedies that the CMA deemed appropriate to introduce to address a number of key features of the UK Retail banking market considered to be having an adverse effect on competition. These remedies included a requirement for the UK banking industry to adopt a subset of HMT’s proposals for Open Banking.|
The nine largest banks and building societies in Great Britain and Northern Ireland, based on the volume of personal and business current accounts.
AIB Group (UK) plc trading as First Trust Bank in Northern Ireland, Bank of Ireland (UK) plc, Barclays Bank plc, HSBC Group, Lloyds Banking Group plc, Nationwide Building Society, Northern Bank Limited, trading as Danske Bank, The Royal Bank of Scotland Group plc, Santander UK plc (in Great Britain and Northern Ireland).
|Competent Authority||A Competent Authority, in the context of the Open Banking Ecosystem, is a governmental body or regulatory or supervisory authority having responsibility for the regulation or supervision of the subject matter of Participants.|
|Data Standard||The data standards issued by Open Banking from time to time in compliance with the CMA Order.|
The Open Banking Directory provides a “whitelist” of participants able to operate in the Open Banking Ecosystem, as required by the CMA Order.
The Read/Write Directory also provides identity and access management services to provide identity information in order to participate in payment initiation and account information transactions through APIs.
|Directory Sandbox||The Open Banking Directory Sandbox is a test instance of the Directory. The Directory Sandbox may be used to support testing applications with test API endpoints and testing integration with the Open Banking Directory.|
|EBA RTS||European Banking Authority Regulatory Technical Standards||The European Banking Authority develops Regulatory Technical Standards which are submitted to the European Commission for endorsement. Regulatory Technical Standards are a set of detailed compliance criteria set for all parties that cover areas such as data security, legal accountability and other processes.|
|FCA||Financial Conduct Authority||The Financial Conduct Authority is the conduct regulator for 56,000 financial services firms and financial markets in the UK and the prudential regulator for over 18,000 of those firms.|
|GDPR||General Data Protection Regulation||A regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).|
|Mandatory ASPSP||Mandatory ASPSPs are entities that are required by the CMA Order to enrol with Open Banking.|
|OBIE||Open Banking Implementation Entity||The Open Banking Implementation Entity is the delivery organisation working with the CMA9 and other stakeholders to define and develop the required APIs, security and messaging standards that underpin Open Banking. Otherwise known as Open Banking Limited.|
|Open API||An Open API or Public API is a free-to-use, publicly available application programming interface (API) that provides developers with programmatic access to a proprietary software application.|
|Open Banking Ecosystem||The Open Banking Ecosystem refers to all the elements that facilitate the operation of Open Banking. This includes the API Standards, the governance, systems, processes, security and procedures used to support participants.|
|Open Banking Services||The open banking services to be provided by Open Banking to Participants, including but not limited to, the provision and maintenance of the Standards and the Directory.|
Information on ATM and Branch locations, and product information for Personal Current Accounts, Business Current Accounts (for SMEs), and SME Unsecured Lending, including Commercial Credit Cards.
Open Data is data that anyone can access, use or share.
|Participant||An API Provider, API User, ASPSP, or TPP that currently participates in the Open Banking Ecosystem.|
|PBC||Primary Business Contact||A Primary Business Contact is an individual nominated by an entity to have access to the Directory and will be able to nominate other Directory business users. This should be a formal business point of contact and a senior member of staff responsible for systems and controls related to Open Banking.|
|PSD2||Revised Payment Services Directive||The Payment Services Directive 2015/2366, as amended or updated from time to time and including the associated Regulatory Technical Standards developed by the EBA and agreed by the European Commission and as implemented by the PSR and including any formal guidance issued by a Competent Authority.|
|PISP||Payment Initiation Services Provider||A Payment Initiation Services Provider provides an online service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.|
|PSR||Payment Services Regulations||The Payment Services Regulations 2017, the UK's implementation of PSD2, as amended or updated from time to time and including the associated Regulatory Technical Standards as developed by the EBA.|
|PSU||Payment Services User||A Payment Services User is a natural or legal person making use of a payment service as a payee, payer or both.|
|PTC||Primary Technical Contact||A Primary Technical Contact is an individual nominated by the entity to have access to the Directory and will be able to nominate other Directory technical users. This should be a main point of contact on technical configuration and a senior member of staff with responsibility for the management of the Open Banking digital identity.|
|Read/Write API||Read/Write APIs enable third party providers, with the end customer’s consent, to request account information, such as the transaction history, of Personal and Business Current Accounts and/or initiate payments from those accounts.|
|Read/Write Data||Read/Write Data includes personal current account and business current account transaction data sets made available by ASPSPs in accordance with the Read/Write Data Standard.|
|SCA||Strong Customer Authentication||Strong Customer Authentication as defined by EBA Regulatory Technical Standards is an authentication based on the use of two or more elements categorised as knowledge (something only the user knows [for example, a password]), possession (something only the user possesses [for example, a particular cell phone and number]) and inherence (something the user is [or has, for example, a finger print or iris pattern]) that are independent, [so] the breach of one does not compromise the others, and is designed in such a way as to protect the confidentiality of the authentication data.|
|SMEs||Small and Medium-sized Enterprises||Small and medium-sized enterprises by scale of business, as defined by the CMA, with a turnover <£6.5m p.a.|
|Standards||The Standards are the Data Standards and Security Standards in accordance with which ASPSPs will be required to make Read/Write APIs available.|
|TPP||Third Party Provider||Third Party Providers are organisations or natural persons that use APIs developed to Standards to access customer’s accounts, in order to provide account information services and/or to initiate payments. |
Third Party Providers are either/both Payment Initiation Service Providers (PISPs) and/or Account Information Service Providers (AISPs).
|Voluntary ASPSP||Voluntary ASPSPs are those entities who, although not obliged to enrol with Open Banking, have elected to do so in order to utilise the Standards to develop their own APIs, to enrol onto the Open Banking Directory, and to use the associated operational support services.|