AISP License in Europe
Europe’s fintech ecosystem has been maturing over the years, and it continues to evolve in spite of recent challenges related to funding. European account information service providers (AISPs) are among the emerging leaders of this evolution, offering innovative solutions that grant consumers exceptional control over their financial data. For them and other determined entrepreneurs, the long-term future prospects remain positive, and European fintech startups that can endure market challenges are well-positioned to benefit from the prospective growth. Of course, success also depends on such factors as a well-selected AISP license that can open doors to new, prosperous markets, and offer many more valuable benefits.
What is an AISP License?
An account information service provider (AISP) is a type of financial service provider that offers services related to accessing and aggregating a customer’s financial account information. Since data security is of paramount importance, AISPs play a significant role in the context of open banking and the fintech industry. To supply such services legally and legitimately, a provider must first obtain an AISP license, ideally from a jurisdiction that offers the most favorable environment.
An AISP license holder can and is obligated to carry out a variety of activities:
- Access account information held by financial institutions on behalf of their customers, including account balance and transaction history
- Aggregate account data from multiple financial institutions for customers which enables them to view their entire financial position in one place, and makes it easier to manage their finances
- Display the account information to customers through their platforms, apps, or services, and this way allow the customers to view and interact with their financial data
- Manage customer consent, including ensuring that customers have granted explicit and informed consent for access to their financial data
- Provide customers with control over their data as all AISP customers should be able to grant and revoke access to their account information at any time
- Some AISPs choose to offer additional services, including financial analysis, budgeting tools, expense tracking, and personalized financial recommendations based on the aggregated data
- Some AISP license may also authorize their holders to provide payment initiation services (PIS) which involve initiating payments from a customer’s account to a third party, such as making bill payments or transferring funds between accounts
Advantages of Holding an AISP License in Europe
Holding an AISP license from a European jurisdiction offers plenty of advantages to financial businesses seeking to leverage valuable financial data and build innovative solutions for the vast European market.
By holding a European AISP license you may reap a variety of advantages:
- AISPs with an EU license have the right to avail of the passporting principle and offer cross-border services across EU member countries with a single license which saves a lot of time and financial resources required for licensing in every jurisdiction of operations
- Holding a European AISP license allows you to innovate and develop new financial products and services that leverage European customers’ financial data and this way gain a competitive edge in the vast EU market
- Based on the customers’ valuable financial data, you can offer financial advice, improve user experience, and consequently retain more customers
- AISPs empower customers by giving them more control over their financial data, and this customer-centric approach can help build trust, loyalty, and long-term relationships
- Trust is also built by the basic fact that a financial business holds an AISP license from a reputable jurisdiction as retaining a license means compliance with strict regulations, including customer protection
- Customers often find accessing financial information through AISPs more efficient and convenient than traditional methods, such as logging into multiple banking accounts to view transactions and balances, which is another important factor impacting customer loyalty and expansion of user base
- As a European AISP license holder, you can offer Europeans cost-effective services that save their money, as they can avoid purchasing expensive financial management software or services, which in turn can also attract a lot of loyal users
- By offering services to individuals who can’t have traditional bank accounts, you can contribute to financial inclusion and this way gain access to a wider and more diverse customer base
- Holding an AISP license can also open up new business opportunities and revenue streams through fees, partnerships, and value-added services
AISP Regulations in Europe
AISPs licensed and operating in Europe must adhere to strict yet innovation-friendly regulations that govern their activities, guarantee the stability and security of the financial industry, and safeguard the interests of European consumers. Essentially, European regulations are designed to ensure the secure and responsible handling of customer financial data. Each national regulatory framework of an EU country is primarily defined by the Revised Payment Services Directive (PSD2) and a set of national regulations that may vary from country to country.
The main provisions of the PSD2:
- Mandatory implementation of Strong Customer Authentication (SCA) procedures for most electronic payment transactions which involves the use of at least two of the defined factors to verify the customer’s identity (something the customer knows, such as PIN, something the customer has, such as mobile device, and something the customer is, such as biometric data)
- Using secure communication methods, such as APIs (application programming interfaces), for sharing customer account data and initiating payments
- The Access to Account (XS2A) provision allows licensed third-party providers, including AISPs, to access customer account data and initiate payments on behalf of the customer with their explicit consent
- PSD2 establishes clear liability rules for unauthorized or fraudulent transactions (usually customers are protected from losses in the event of unauthorized transactions)
General Data Protection Regulation (GDPR) is another key regulatory piece within the EU, the main provisions of which are as follows:
- AISPs must ensure they have a lawful basis for processing personal data (typically, this basis is the explicit consent of the data subject)
- AISPs are only allowed to process data for the specific purposes for which consent was obtained, and they must clearly define these purposes to customers
- AISPs must implement appropriate security measures to protect the collected personal data, including encryption, access controls, and data breach response procedures
You should also take note of the 1-6th EU Anti-Money Laundering Directives (AMLDs) which include the following provisions:
- Conducting customer due diligence to verify the identity of their customers, including collecting and verifying identity documents, and understanding the nature of the customer’s business relationship
- For higher-risk customers or transactions, applying enhanced due diligence measures which includes obtaining additional information, monitoring transactions more closely, and assessing the source of funds or wealth
- Maintaining records of customer due diligence information, transaction records, and internal risk assessments largely for reports required by the regulatory authority
Top EU Jurisdictions for an AISP License
Choosing the right jurisdiction for your AISP business is a crucial decision that can significantly impact your business’s success and operations. Based on such criteria as the dynamics of national regulatory frameworks, openness to innovation, and the ease of obtaining an AISP license and running a business, many European jurisdictions offer favorable environments for AISP startups and mature businesses. In this instance, we’ve chosen to share the countries leading in European market entry which also means they’re the most popular among AISP businesses for a variety of crucial reasons.
AISP License in Lithuania
In 2022, Lithuania stood as a leader in the broader European fintech market for new entrants, and this trend is likely to continue in the coming years as the country’s fintech ecosystem further develops and matures. Over the years, Lithuania has taken proactive steps to attract fintech companies, including AISPs, by offering a favorable regulatory environment, attractive taxation framework, and high-quality business infrastructure. To benefit from what Lithuania has to offer, you’ll first have to open a local company and structure it in a way that complies with legal requirements for AISPs.
Essentially, Lithuanian AISPs are regulated by the Republic of Lithuania Law on Payments, which stipulates rules for licensing and ongoing compliance. The Bank of Lithuania, the regulatory authority of the Lithuanian financial market, offers payment institution licenses to AISPs, the licensing process of which is very efficient and streamlined. Provided that all the application documents are prepared and submitted correctly, an AISP license is granted within three months. Minimum capital requirements vary from 20,000 EUR to 125,000 EUR, and the state fee for the application review is only 898 EUR.
AISP License in the Netherlands
The Netherlands, a major European fintech hub, is known for its supportive regulatory environment, clear guidelines for fintech companies, and excellent digital infrastructure, including high-speed internet connectivity and reliable technology services, which are essential for ensuring uninterrupted account information services. Compared to other jurisdictions, the Netherlands excels in areas such as knowledge accessibility, digital literacy, tax implications, and funding availability.
The Dutch Financial Supervision Act is the primary financial regulatory framework in the Netherlands, and AISP licensees are subject to various parts of it, including requirements related to licensing, capital adequacy, and corporate governance. The license can be obtained within 6-9 months for the application fee of 6,800 EUR. The minimum capital requirement varies depending on the nature and scale of the AISP’s activities but is typically around 125,000 EUR. The amount is ultimately determined on a case-by-case basis by the Dutch Central Bank which is the regulator of the Dutch financial market.
AISP License in Sweden
Sweden has a well-established and progressive fintech ecosystem, as its regulatory framework is designed to promote innovation and support fintech companies in a way that allows them to grow while ensuring customer protection and safeguarding the interests of investors. It’s known for its robust digital infrastructure, and governmental initiatives to support the fintech industry. Moreover, Swedish banks often collaborate with fintech companies, creating opportunities for partnerships, customer access, and industry expertise. Swedish AISPs are primarily regulated by the Payment Services Act which is designed to ensure the security and efficiency of payment systems and promote competition and innovation within the financial sector.
An AISP with a turnover exceeding an equivalent of 3 mill. EUR per month must obtain a Swedish AISP license to conduct operations required to offer account information services and is referred to as a “payment institution”. An AISP with a turnover less than this amount can apply to be exempt from the licensing obligation and is referred to as a “registered payment service provider”. The minimum required capital for a potential licensee is 1,5 mill. SEK (approx. 125,000 EUR). The application fee is 378,000 SEK (approx. 32,000 EUR). The Swedish Financial Supervisory Authority usually makes a decision within three months provided that the application is complete and the application fee is paid.
Requirements for Applicants for a European AISP License
Based on national and EU-wide regulations, companies applying for a European AISP license have to fulfill a range of requirements. While such specific requirements as minimum capital vary from one jurisdiction to another, there are several general prerequisites that are usually applicable to applicants for an AISP license in all EU jurisdictions.
Once you’ve established a local company as required in most jurisdictions, you’ll have to meet the following requirements:
- Ensure that your management team and key personnel possess the necessary financial qualifications, can demonstrate experience in banking, fintech, or another financial sector, and have proven integrity to operate an AISP
- Establish a secure and robust technical infrastructure to handle financial data, ensuring data protection and cybersecurity
- Develop and implement a comprehensive risk management framework to identify, assess, and mitigate risks associated with your business operations
- Establish robust and effective AML/CFT measures to prevent, detect, and report money laundering and terrorist financing activities
- Establish a mechanism for addressing customer complaints and resolving disputes transparently and promptly
- Create procedures for maintaining accurate records of customer due diligence, transactions, and other essential documentation as required by relevant regulations
- Create procedures for ongoing risk assessment and regular reporting to relevant regulatory authorities in your jurisdiction
As an applicant for a European AISP license, you’ll have to prepare at least the following documents:
- A certificate of incorporation or registration confirming the formation of your company
- Articles of Association
- A robust business plan that outlines the nature of your AISP services, target market, financial projections, and compliance with applicable regulatory requirements
- Financial statements, including balance sheets, income statements, and cash flow statements
- Documentation of your risk management framework, including policies and procedures for identifying, assessing, and mitigating risks associated with your business activities
- Documentation of the ownership structure of your company, including details about major shareholders and their ownership percentages
- CVs of your senior management team and key personnel, along with evidence of their financial qualifications and relevant experience
- Copies of passports of your senior management team, key personnel, and shareholders
- Documentation of AML/CFT policies and procedures
- Documentation detailing the technical and organizational measures in place to ensure data security and privacy compliance
- A plan detailing how your AISP will comply with the regulatory framework, including the PSD2
- Proof of adequate insurance coverage, including professional liability insurance
The list can go on but instead, we urge you to contact our experienced legal team here at the Regulated United Europe who specializes in obtaining financial licenses across Europe. We’ll be delighted to thoroughly analyze your business case, provide an actionable plan for a market entry, and duly prepare all the specific documents that a regulator may require.
How to Apply for an AISP License in a European Country?
While the application process slightly varies based on your chosen jurisdiction, there are general steps to follow when seeking an AISP license in Europe. Most importantly, it’s crucial to meticulously prepare your application package to prevent potential delays or even rejections.
Applying for a European AISP license involves the following key steps:
- Gathering and preparing all the documents and information required for the application
- Paying the required application fee to the regulatory authority of your chosen jurisdiction
- Completing the official application form and submitting it along with the required documents to the authority of your chosen jurisdiction
- Company’s shareholders, directors, and other key personnel usually have to undergo due diligence processes and background checks
- In some cases, attending interviews or meetings with representatives of the regulatory authority to supply additional information may also be required
If you wish to obtain an AISP license in Europe, our team here at Regulated United Europe will be delighted to support you in incorporating a company and applying for a license in a European jurisdiction that suits your business goals. Our dedicated specialists can also guide you through the acquisition of a ready-made company with an existing AISP license. With experienced lawyers, business development professionals, and financial accountants at your side, you will find the processes of starting an AISP business easy, seamless, and transparent. Contact us now to schedule a personalized consultation and set the stage for sustainable success.
FREQUENTLY ASKED QUESTIONS
An AISP (Account Information Service Provider) license is a legal authorization that allows a financial service provider to offer services related to accessing and aggregating a customer’s financial account information.
Holding an AISP license in Europe provides advantages such as the ability to offer cross-border services, innovate with new financial products, empower customers, build trust through compliance, and access cost-effective solutions.
AISPs in Europe are primarily governed by the Revised Payment Services Directive (PSD2), General Data Protection Regulation (GDPR), and Anti-Money Laundering Directives (AMLDs).
The PSD2 is a European regulation that mandates Strong Customer Authentication (SCA), secure communication methods like APIs, and the Access to Account (XS2A) provision, allowing licensed third-party providers, including AISPs, to access customer account data.
The GDPR is a European regulation that outlines rules for processing personal data. AISPs must comply with GDPR requirements, ensuring lawful processing, purpose limitation, and implementing security measures for data protection.
AISP applicants must meet requirements such as:
- Having a qualified and experienced management team
- Establishing secure technical infrastructure
- Implementing risk management and AML/CFT measures
- Preparing comprehensive documentation
SCA is a PSD2 requirement for using at least two of the defined factors (knowledge, possession, and inherence) to verify the customer's identity in most electronic payment transactions.
The XS2A provision allows licensed third-party providers, including AISPs, to access customer account data and initiate payments on behalf of the customer with their explicit consent.
AISPs may offer additional services such as:
- Financial analysis
- Budgeting tools
- Expense tracking
- Personalized financial recommendations
- Payment initiation services (PIS)
Lithuania offers a favorable regulatory environment, attractive taxation framework, and efficient AISP licensing process, with a minimum capital requirement ranging from 20,000 EUR to 125,000 EUR.
AISPs in the Netherlands are regulated by the Dutch Financial Supervision Act, which covers licensing, capital adequacy, and corporate governance. The licensing process takes 6-9 months with an application fee of 6,800 EUR.
In Sweden, AISPs are regulated by the Payment Services Act. The licensing process involves obtaining an AISP license for turnover exceeding 3 million EUR per month, with a minimum capital requirement of 1.5 million SEK and an application fee of 378,000 SEK.
Minimum capital requirements vary between jurisdictions. For example, Lithuania has a range of 20,000 EUR to 125,000 EUR, the Netherlands typically requires around 125,000 EUR, and Sweden mandates 1.5 million SEK.
The amount of time required for obtaining an AISP license varies from one country to another. In general, it may take a few months.
For example, Lithuania grants AISP licenses within three months, the Netherlands process takes 6-9 months, and Sweden usually presents a decision within three months.
Required documents include:
- A certificate of incorporation
- Articles of association
- A business plan
- Financial statements
- Documentation of risk management;
- Ownership structure details
- CVs of management
- AML/CFT policies
AISPs must conduct customer due diligence, apply enhanced due diligence for higher-risk customers, maintain records of customer due diligence and transactions, and comply with the provisions of Anti-Money Laundering Directives.
At the moment, the main services of our company are legal and compliance solutions for FinTech projects. Our offices are located in Tallinn, Vilnius, Prague, and Warsaw. The legal team can assist with legal analysis, project structuring, and legal regulation.