Open Banking is transforming the future of money. It allows customers to access new products and services from regulated third party providers. If you want to become one of those providers, this is what you need to know.
How to enrol with Open Banking
There are five steps in the enrolment process.
If you don’t already have the required regulatory permissions, apply to the FCA (or European equivalent). You can register as an Account Information Service Provider (AISP), or get authorised as a Payment Initiation Service Provider (PISP) – or apply for both.
We’re here to help you get ready to go live in the Open Banking ecosystem. Once we’ve completed some identification and validation checks with you and your organisation, you’ll be able to test your service. Our Directory Sandbox enables you to securely test your service with dummy data.
Once your regulatory status is confirmed by the FCA (or European equivalent), and we’ve completed your enrolment, we’ll add you to the live Open Banking Directory. You can start connecting with account providers to test your service. When you’re ready, you can launch your service with customers.
- Familiarise yourself with the second Payment Services Directive (PSD2) – which has been implemented in the UK as the Payment Services Regulations 2017 – to check if your product or service is within scope. You’ll find guidance on the scope of the regulations in the FCA Handbook (PERG 15) and chapters 2 and 17 of the FCA’s guidance: Payment Services and Electronic Money – Our Approach
- Check the regulator in your country too. In the UK, the FCA is the regulator. You may want to seek legal or professional advice before you submit your application to the FCA (or European equivalent).
- You can also dig deeper into the Open Banking Standards to understand what services and functionality these API specifications support. You’ll be using them to create your service.
Get regulated by the FCA (or European equivalent)
You can only provide services using Open Banking if you’ve got the required regulatory permission from the FCA (or European equivalent). Getting regulated is a detailed process of due diligence. For example, you’ll need to demonstrate to the FCA (or European Equivalent) that you have a PSD2-compliant business model and appropriate data privacy and security measures in place. You can find out more on the FCA website and the PSD2 Navigator. If you have questions, you can call the FCA’s Contact Centre on 0300 500 0597 from the UK, or +44 207 066 1000 from abroad.
Your checklist for getting regulated by the FCA
Use this checklist to make sure your application is as complete as possible. Getting regulated can take 3-12 months depending on the quality of your application.
- FCA guidance – Make sure you have read the FCA’s guidance: Payment Services and Electronic Money – Our Approach. Chapter 3 provides information about authorisation and registration.
- Know your regulatory definitions – are you offering an Account Information Service (AISP), a Payment Initiation Service (PISP) – or both? It’s really important to be clear about how your service fits the regulatory definitions.
- Show a clear business model – you’ll submit details of the service you want to provide in the application. Make sure it includes clear and simple explanations of the business model and typical transactions.
- Policies and procedures – make sure you have in place all of the policies and procedures that being regulated requires.
- Compliance – you’ll need to demonstrate how your security, data storage, IT and policies comply with the relevant regulations.
- Insurance – you must have professional indemnity insurance that complies with the regulations.
Enrol onto the Open Banking Directory
The Open Banking Directory enables third party providers to securely identify themselves to account providers.
- Contacts – you will need to provide a primary business contact and a primary technical contact. They can be the same person, but you may find it helpful to nominate two dedicated people to manage your ongoing Open Banking activity.
- Company name and number – your company needs to be registered in the EU for regulatory purposes. The company name and number should be the same as they appear on the Companies House register (or European equivalent). These should also be the same details you used, or will be using, when applying to be regulated. If you already have the required permissions, use the same details as the FCA register (or European equivalent).
We’ll check your identity and verify your details
- We’ll allocate a case reference number and update you on the progress of your application at every stage.
- We’ll contact the Company Secretary or Director listed with Companies House to verify your company details, and confirm that they authorise the contacts provided to deal with Open Banking.
- Our third party agency will get in touch with each of your contacts to verify their identities and addresses. Your contacts will need to provide a copy of their passport and proof of address. The agency will check their identity and arrange a face-to-face or Skype session with each contact.
- We’ll let you know when we’ve completed the identity and verification checks successfully.
If you’re already regulated, we’ll check the FCA register (or European equivalent) to make sure you have the permissions you need to complete your enrolment. If you’ve applied and are waiting for regulatory approval, let us know when you receive it.
Test your service in the Directory Sandbox
- The Directory Sandbox is a test environment where you can try out your service using dummy data. You can use it once you’ve completed our identity and verification checks, and our onboarding team will be on hand to help you get set up and make the most of testing.
- Once your regulatory permissions are confirmed, we’ll complete your enrolment onto the Open Banking Directory.
- You can then set up and manage your software statements and digital certificates. You can also connect to account providers, such as banks, building societies and payment companies, to make sure your app or website works with them.
- You can also set up the technical configuration for your service in the Developer Zone.
- Once you’ve ticked everything off this list, you’re ready to go live.
Sign up to the Dispute Management System (DMS)
The DMS is a communication framework for account providers and third party providers to manage enquiries, complaints and disputes related to Open Banking. It’s a voluntary system, and you may use an alternative dispute process.
Check the glossary for any unfamiliar terms related to Open Banking.