If you’re confused by that alphabet soup in the title, don’t worry, you’re normal. If, however, you work in the FinTech or European Union (EU) legislative space, you’ll know that this registration is a sort of licence that allows us to access balance and transaction data from banks in the EU.
PSD2 – Payment Services Directive, is an EU directive, further implemented in national legislations of EU member states. It, among other things, mandates all EU banks to provide automated access (APIs) to account and transaction data to third party providers (like Toshl) and regulates how that can be done.
AISP – Account Information Service Provider. Toshl Finance in this case. We help our customers access their bank account data and provide services built on top of that, like helping to analyse how you could spend less and save more money, budget better etc.
As per the PSD2 directive, third party providers like us need to register with a national banking regulator in the European Union, to access the data and provide information services. As Toshl d.o.o., our European subsidiary and where much of Toshl development is done, is registered in Slovenia, we registered with the Slovenian banking regulator – Bank of Slovenia.
The registration requirements and process
It wasn’t an easy process. All together it took us almost a year to complete. We’ve had to provide hundreds of pages of documentation, ranging from our security practices, information infrastructure, risk management, various proof of ethical unencumberedness of key personnel, professional liability insurance, business plans, contracts with business partners related to account information and so forth. Last, but not least, it involved a lot more paper and physical mailing that an all digital company would prefer to deal with.
Yet on a hot summer day, we finally got the news:
As you can tell, there was much rejoicing among the Medici branch of the Toshl monster family.
At the moment, with the help of Bank of Slovenia, we are also sending our registration to all other EU member state banking regulators for confirmation and entry into their national registries. This process is known as passporting.
Based on this new registration, we’ll be gradually updating our bank connections to connect in a more direct manner, using our own QWAC and QSEAL eIDAS certificates and with fewer required legal agreements with our partners to confirm, when adding new connections. It will also enable us to work better with banks to provide great new services to customers in the EU. So far, we’ve been using the shared or “umbrella” registrations provided by our bank connection partners Salt Edge and Plaid which help us in providing a more unified bank connectivity.
While we’re glad to have finally obtained this registration, one would be foolish to think all is sunshine and roses in PSD2 land. Even a year after the final deadline for PSD2 connectivity, many banks’ implementations remain abysmal or non-existent, EBA‘s (European Bank Authority) interpretations of the directive perplexing, to say the least… We’ll soon share more on the current PSD2 landscape and challenges ahead in an upcoming blog post.
In the meantime, see which bank connections are already on offer in Toshl and how you can switch to the new type of fully automatic connection (API), if you’ve been using an earlier type so far.
Update 21. July 2023: Upon our request, the AISP registration with Bank of Slovenia was withdrawn. Henceforth, we will be utilising the bank connections via our connection partners, licensed as AISP by their respective EU banking regulators.