AISP/PISP explained

AISP/PISP explained

Fintech Licensing
3 October 2022

Open Banking initiative has been driving a big change in the banking landscape in Europe since January 2018. FinTechs are targeting and improving different financial services — payments, lending applications, credit evaluations, budgeting, etc.

Lenders and financial institutions are using Open Banking to replace the slow, complex and gruesome processes by collecting data from the banks through “digital pipes” which enable secure and instant data collection. Instant insights gathered from bank’s transaction data is powerful if used the right way to improve existing business processes, but also requires know-how on how to handle the data and how the technology works to make most of it.

Companies can provide two core services available through Open Banking through two EFSA authorisations:

1. Account Information Service Provider (AISP): authorised to retrieve account data provided by banks and financial institutions

2. Payment Initiation Service Provider (PISP): authorised to initiate payments into or out of a user’s account

Account Information Service Provider (AISP)

Being an authorised AISP means that business can ask for permission to connect to a bank account and use that bank account information to provide a service.

Businesses who are AISP’s are authorised to ‘read-only’ access of bank account information. Basically, they can look but can’t touch, which means they cannot move customers money.

Services and tools that are associated with AISPs consist of; price comparison, money management tools, quicker and more accurate access to financial products and speeding up manual processes such as applying for a mortgage, a loan and so forth.

While read-only access seems harmless, companies still need to go through a rigorous application process which is similar to a Payment Institution (there are some exclusions and somewhat lighter requirements) licensing process.

AISPs and PISPs handle customer consents needed to access Open Banking data. This means each AISP and PISP company clearly explains to the end-user which data will be accessed, for how long, and who it will be shared with. This also forms the basis of data processing for AISPs and PISPs under GDPR.

Payment Initiation Service Providers (PISPs) explained

PISPs are authorised to make payments on behalf of a customer, not only view the data of the account. PISPs initiate transfer directly to or from the payer’s bank account using the bank’s tools. Businesses that are authorised PISP’s can ask for permission to connect to a bank account and initiate payments on the customer’s behalf, from their bank account. For example, think of a savings apps which transfer a small percentage of user’s balance each month to a savings account under a previously agreed process. Integration with business back-office systems allows companies to manage payments, real-time bank transactions, etc. Interesting opportunities can pop up in services which you consume regularly as the check-out process can be instant through connection with your bank account.

Open Banking is a win-win situation for both consumers and merchants where difficult slow processes are streamlined, and user experience is improved. If you see an opportunity and are interested in becoming an AISP or PISP, get in touch with us at

You can find more information about our FinTech launchpad services such as crypto license and AML/KYC-related services, contact us via our webpage. You can also read about the Estonian crypto license's most recent updates from our blog or our Financial Institution License.

Comistar provides business, legal and tax support for e-residency companies. Our core focus is on Fintech licensing, e-commerce companies, blockchain industry and affiliate marketers. We’ve been operating for over 5 years and have helped more than 300 companies to get started in Estonia.