Insights from one of the Payments Association project teams on AIS and PIS

Share this post

Overall the key drive/point of the session from the FCA’s perspective was to garner input in to their consultation process.  They were taking the points/questions posed on board in that light, however (unsurprisingly) weren’t providing any answers/clarification in response to questions.  As such, it was useful/interesting to see what other people were thinking about, but not an opportunity to actually get any feedback/clarification.

The FCA did also reiterate that they were keen for people to respond formally as well to the consultation.  They made the point that the regulations (clause 115.5) set out that the regulatory authority’s implementation should not impact the “live market”.  As a specific example of this it was highlighted that, although other methods for collecting data will have to be available, screen scraping will not be disallowed from January onwards, so existing business models will continue to be able to operate.  Their point here was that they are keen to get consultation responses that set out specific business models they may not have thought of/come across with views on whether they should/should not fall within the AIS/PIS boundaries and rationale etc.

Re: attendees, there were various banks, quite a few industry organisations, several tech providers and aggregators and a few advisory businesses.

Topics covered:

  • There were questions and discussion around scenarios where there are several entities in a “chain”, trying to get certainty of who would/wouldn’t be an AISP/PISP.
    • This string of discussion focused more around AIS than PIS, so scenarios discussed in detail were those like service aggregators accessing information from a bank as part of a service provided to financial management service providers.  The corporate payment scenarios of businesses using Bacs bureaux to instruct payments from their bank account were also brought up, as were other examples such as a business granting its accountant access to bank account or an individual granting power of attorney to another person or business (these latter two were both acknowledged as sitting outside the intent of the regulations).
    • The FCA acknowledged that there are various business models which they are not aware of and it is not necessarily the intent for all parties in these to fall in scope.  They requested that people respond to the consultation with some detail on business models and a view on which parties should/shouldn’t fall within the scope and why, and any suggestions on how to define this.
    • There was a view presented that if all parties (i.e. the ASPSP, the customer and the entity instructing a payment or accessing data) have standing contracts in place between one another, then this could/should fall outside the scope.  FCA/Treasury rebutted this on the basis that large providers may be able to negotiate contracts with banks that smaller competitors couldn’t and therefore could end up with a “dual regime” which wouldn’t be fair to smaller providers in the market who would have to be regulated due to not being large enough to negotiate such contracts.  Such a scenario would also not be in keeping with the spirit of the regulations.  So, the question posed was what is fundamentally different about the service/model that means it should fall outside the scope, as opposed to relying on this contract point.
  • There was some discussion around Authorisation timeframes.  They key point flagged was that the FCA will open its doors for applications on 13th Oct, they are hoping/trying to publish the forms ahead of this, but there was no commitment to do so.
  • There was a discussion around ASPSPs being able to know/validate whether entities connecting to them are authorised AISP/PISPs or not.  As there is no central, machine readable registry (or at least there won’t be in January), it’s not clear how this will work.
  • The challenge re: EIDAS certificates (or lack thereof) in January was also discussed.  Given the lack of these and the lack of the RTS it is again not clear how relevant security/authentication measures will work.
  • In relation to both of the above two points along with others, the FCA did make reference several times to the “industry” having to come up with solutions to make this work.  Clearly, it’s not up to the regulator to solve all of these challenges/come up with answers.
  • In relation to insurance; the FCA brought this point up in particular.
    • Reading between the lines they don’t believe there is appropriate cover available in the market.  A few people said “we have cover” and the FCA’s steer was to review it carefully to ensure it meets the specific need of the regulations.
    • I asked specifically what level of action they could/would take to ensure relevant cover is available (i.e. will they force the market to provide this?).  Their response was that they can’t force the market to provide it, however FCA and Treasury were “working together and engaging the industry to try to ensure a market for this”.  However they did flag that they needed input from industry participants in order to have more of a view on the need, and carry more weight in their discussions.
    • It was acknowledged that there is a degree of “chicken and egg” in that the specifics of this cover are not currently required, and therefore there isn’t a market for it, however unless there’s a market for it then it won’t be possible to purchase it.  Overall this probably just means entities need to get out and start talking to their ensurers about the specifics of what is required and feed back to the FCA based on their experiences, but based on the comments in the room it didn’t sound like many people had been doing this.
  • The focus was very much around AISP/PISP perimeter, safeguarding topics didn’t come up.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?