AISP License in Europe

Over the past years, Europe’s fintech ecosystem has continued to mature and evolve despite recent challenges along the way regarding funding. One of the emerging leaders pushing this evolution includes account information service providers that offer innovative solutions, giving consumers unparalleled control over their financial data. For them and other determined entrepreneurs, in the future, the long-term prospects continue to stay positive; European FinTech startups that can withstand the challenges of the market stand an excellent chance of benefiting from the prospective growth. Needless to say, success depends on such factors as a well-chosen AISP license, which may open doors to new prosperous markets and offer many more valuable benefits.

What is an AISP License?

An AISP is a special type of financial service provider that offers services related to accessing and aggregating financial account information of a customer. Regarding data security, AISPs are at the forefront in the context of open banking and the FinTech industry. In order for any provider to legally and legislatively supply such services, the first step involves attaining an AISP license, preferably from a jurisdiction offering the most favorable environment.

A holder of an AISP license can and is bound to carry out a variety of activities, including the following:

• Access account information held by financial institutions for their customers, including account balance and transaction history;
• Aggregate account data from many financial institutions for customers, allowing them to see their whole financial position in one place and make personal finance management easier.
• DISPLAY account information to customers through their platforms, applications, or services and, in so doing, enable customers to access and share their financial data.
• MAINTAIN customer consent, including verification that customers have provided explicit and informed consent regarding access to financial data.
• Provide customers with control over their data: it is expected that all AISP customers can grant and revoke access to their account information at any time. Some AISPs may also provide additional services that include financial analysis, budgeting tools, expense tracking, and personalized financial recommendations based on the aggregated data.
• Some AISP licenses may also authorize their holders to provide payment initiation services (PIS), which is about initiating the payment from a customer’s account to a third party for bill payments or funds transfers between accounts.
• Having an AISP license issued by a European jurisdiction has numerous benefits to financial businesses willing to make use of valuable financial data and build creative solutions for the vast European market.

Advantages of Holding an AISP License in Europe

Holding an AISP license from a European jurisdiction offers plenty of advantages to financial businesses seeking to leverage valuable financial data and build innovative solutions for the vast European market.

By holding a European AISP license you may reap a variety of advantages:

• Under the license from the EU, AISPs get to avail the passporting principle for cross-border services across member countries of the EU on the basis of a single license with huge savings of time and financial resources otherwise required for licensing in each jurisdiction of operation.
• The European AISP license empowers you to innovate and develop new financial products and services from European customers’ financial data so that you would be able to thrive with an edge in the vast EU market.
• AISPs give customers more control over their financial data, a fact that—when seen from a customer-oriented point of view—can help build up trust, loyalty, and long-term relationships.
• Trust is earned by the fact itself that a financial business holds an AISP license from a reputable jurisdiction, since the retention of a license means compliance with strict regulations, including customer protection.
• Besides, it is much quicker and more convenient for customers to obtain financial information through AISPs than with traditional ways, such as logging into various banking accounts to view transactions and balances—another essential factor affecting customer loyalty and increasing users.
• A holder of a European AISP license enables the providing of services to Europeans at an affordable cost, which will save your money because they would not need to spend much money on expensive financial management software or services. This will attract many users and make them loyal.
• Holding an AISP license can also open up new business opportunities and revenue streams through fees, partnerships, and value-added services.

AISP Regulations in Europe

AISPs licensed and operating in Europe must adhere to strict yet innovation-friendly regulations that govern their activities, guarantee the stability and security of the financial industry, and safeguard the interests of European consumers. In other words, the European regulatory frameworks are built to guarantee that the financial information collected from customers is processed securely and responsibly. Each EU country has a national regulatory framework defined mainly by the Revised Payment Services Directive referred to as PSD2, besides a set of national regulations which may differ from one country to another.

The key provisions of PSD2:

• The mandatory application of SCA procedures for most electronic payment transactions, by at least two of the introduced factors in order to check the identity of the customer: something the customer knows, like PIN; something the customer has, like a mobile device; and something based on biometric data about the customer.
• Using security communication methods to share customer account data, including APIs (application programming interface) and initiating payments.
• The XS2A—Access to Account—provides a license to third-party providers, including AISPs, with access to customer account data to initiate payments on behalf of the customer with explicit consent from the customer.
• PSD2 establishes clear liability rules for unauthorized or fraudulent transactions (usually customers are protected from losses in the event of unauthorized transactions).

General Data Protection Regulation (GDPR) is another key regulatory piece within the EU, the main provisions of which are as follows:

• AISPs must ensure they have a lawful basis for processing personal data (typically, this basis is the explicit consent of the data subject).
• AISPs shall process data only for the purposes for which the processing consent is granted, and this purpose has to be clearly explained to the customers.
• AISPs must design adequate security measures necessary to ensure protection of personal data collected, which entails encryption, accesses, and data breach response procedures.

Pay strong attention to 1-6th EU Anti-Money Laundering Directives (AMLDs), including but not limited to the following provisions:

• It shall perform customer due diligence through verification of the customer’s identity, which may be done through the collection and verification of documents to prove identity, and clarification of the nature of the customer’s business relationship.
• It shall apply enhanced due diligence on customers presenting a higher risk or whose transactions indicate suspicion by obtaining further information, closer monitoring of transactions, and investigation into the source of funds or wealth.
• Maintaining records of customer due diligence information, transaction records, and internal risk assessments largely for reports to be required by the regulatory authority.

Top EU Jurisdictions for an AISP License

The choice of jurisdiction for your AISP business is one of those decisions that can help to make or break your business in all aspects. Such a rating is based on criteria like the dynamics of national regulatory frameworks, openness to innovation, and ease of obtaining an AISP license and running a business. Many European jurisdictions offer favorable environments for AISP startups and mature businesses. In this instance, we have decided to share the countries which lead in European market entry and at the same time are the most popular among AISP businesses for a bunch of crucial reasons.

AISP License in Lithuania

The Lithuanian market was leading within the broader European fintech market for new entrants in 2022, and this is very likely to continue for the forthcoming years while the country’s fintech ecosystem develops and matures. Lithuania has been proactive for years in courting fintech firms, such as AISPs, with a friendlier regulatory environment, appealing taxation framework, and high-quality business infrastructures. To take advantage of what Lithuania may offer you, first it will be necessary to open a local company and structure it in such a way that its legal form will match the requirements for AISPs.

Essentially, Lithuanian AISPs are regulated by the Law of the Republic of Lithuania on Payments that sets the rules for both licensing and ongoing compliance. The Bank of Lithuania is the regulatory authority of the Lithuanian financial market that offers licenses of payment institution to AISPs—the licensing process is very efficient and smooth. Provided all application documents are prepared and submitted correctly, a license of AISP is granted in three months. The minimum capital requirement is from 20,000 EUR to 125,000 EUR, and the state fee payable for reviewing an application is as low as 898 EUR.

AISP License in Netherlands

The country is one of the biggest fintech hubs in Europe, with a very friendly and supportive regulatory regime that has given a clear understanding to the fintech companies about guidelines. Equally important, heavy investment has been made in digital infrastructure, including high-speed internet connectivity and reliable technology services that are relevant and indispensable in guaranteeing seamless account information services. In comparison with other jurisdictions, areas such as knowledge accessibility, digital literacy, tax implications, and funding availability are areas in which the Netherlands outranks many other jurisdictions by a mile.

The main regulatory framework of the financial main in the Netherland is the Dutch Financial Supervision Act, to which licensees of AISP are also subjected, including-but not limited to-licensing requirements, capital adequacy, and corporate governance. It can be acquired within 6-9 months for the application fee of 6,800 EUR. The capital requirement varies according to the nature and volume of the activities provided by the AISP but, as a general rule, it is 125,000 EUR. In any case, it will be up to the Dutch Central Bank, as the Regulator of the Dutch financial market, to ultimately define it on a case-by-case basis.

AISP License in Sweden

The regulatory framework of Sweden is such that it promotes innovation, supports fintech companies in their growth by striking a balance between customer protection and protection of investors’ interests. It boasts one of the strongest digital infrastructures anywhere, along with governmental initiatives in support of the fintech industry. Besides this, the Swedish banks also increasingly work with the fintech companies to provide opportunities for partnerships, customer access, and industry expertise. The main regulation applicable to Swedish AISPs is the Payment Services Act. This shall ensure a secure and efficient system while providing an impetus toward competition and innovation in the financial sector.

An AISP whose annual turnover exceeds an equivalent of 3 mill. EUR per month, has to get a Swedish AISP license to carry out activities essential to deliver account information services and shall be designated “payment institution”. An AISP whose turnover is below this threshold can request an exemption from the license obligation and shall be designated “registered payment service provider”. Capital minimum exigible by/for a future licensee = 1,5 mill. SEK (approx. 125 000 EUR). The license fee is 378,000 SEK (approx. 32,000 EUR). On condition that the application is submitted in a complete format and that the application fee is paid, the Swedish Financial Supervisory Authority usually adopts a decision within three months.

Requirements for Applicants for a European AISP License

In the context of national and EU-wide legislation, there are several different requirements which a company applying for a European AISP license must address. Whereas some of these-specifically, minimum capital-differ under the various jurisdictions, there is a number of more general preconditions, which normally apply to applicants for an AISP license in all EU jurisdictions.

Once you have incorporated a local company, which pretty much is a requirement in most of the jurisdictions, you would need to comply with the following:

• Your management team and key personnel must be suitably qualified in finance, show experience either in banking, fintech, or another financial field, and have integrity to provide AISP services
• Install appropriate arrangements of a secure and robust technical infrastructure while processing financial data to assure data protection and cybersecurity
• Design and implement an appropriate system of risk management in order to identify, measure, and mitigate the risks out of the operation of your business enterprise.
• Implement adequate and effective AML/CFT measures in order to deter, detect, and report operations related to money laundering and terrorist financing.
• Implement a complaint-handling system for dealing with customers’ complaints and grievances through impartial dispute resolution in an expeditious manner.
• Design procedures that ensure records of customer due diligence, transactions, and other fundamental documentation are accurately kept as called for by the competent regulations.
• Design procedures for ongoing risk assessment and periodic reporting to the relevant regulatory authorities in your jurisdiction.

As an applicant for a European AISP license, you’ll have to prepare at least the following documents:

• Certificate of Incorporation or proof of registration confirming incorporation of the applicant company
• Articles of Association
• A solid business plan describing the nature of AISP services, target market, financial projections, and an explanation of how it will comply with the applicable regulatory requirements
• Financial statements: balance sheet, income statement, cash flow statement
• Evidence of your risk management framework, including policies and procedures for identifying, assessing, and mitigating the risks associated with your business activities
• Document showing ownership structure of your company, major shareholders, and percentage of ownership held. Copies of CVs of your senior management and key personnel evidencing financial qualifications and relevant experience.
• Copies of passports: Your senior management, key personnel, and shareholders.
• Copies of AML/CFT policies and procedures.
• Record of the technical and organizational measures taken to ensure both data security and data protection compliance.
• Describe how your AISP is going to be compliant with the regulatory framework that encompasses PSD2.
• Proof of insurance, which should involve professional liability insurance and indicate sufficient cover.

Yet the list goes on, and instead, we encourage you to get in touch with our well-seasoned legal team here at Regulated United Europe, specializing in obtaining financial licenses across Europe. We will be more than happy to provide a profound analysis of your business case, give an actionable plan for market entry, and duly prepare all the specific documents that may be requested by the regulator.

How to Apply for an AISP License in a European Country?

Even though the process of application is slightly different depending on your jurisdiction of choice, there are general steps that should be followed in order to be licensed as an AISP in Europe. Above all, it is highly important to prepare your application package carefully in order to avoid any potential delays or even rejections.

Application Process of a European AISP license

Squeezed in, below are crucial steps taken when applying for a European AISP license.

• Collecting and processing of standard documents and information, that need to be submitted along with the application
• Making the necessary application fee to the regulatory authority in your jurisdiction of choice
• Filling out the official application form, including with the submission of the required documents to the authority of your chosen jurisdiction
• Generally, due diligence processes and background checks will be required on behalf of the company’s shareholders, directors, and other key personnel.
• In some cases, this may also include attending interviews or meetings with the representatives of the regulatory authority for the provision of additional information.

If you seek an AISP license in Europe, then our team here at Regulated United Europe more than gladly will do all the work for you in incorporating a company and applying for a license in a European jurisdiction that fits your business objectives. Moreover, our professionals can advise on how to acquire a ready company that already holds an AISP license. Certainly, experienced lawyers, business development professionals, and financial accountants will make the opening of an AISP business easy, smooth, and transparent for you. Feel free to contact us now for a personal consultation and to set the grounds for sustainable success.