Open Banking: Glossary

Account Information Service Provider (AISP)

A provider of online account information services that consolidate information on one or more payment accounts held by a payment service user with any number of payment service providers.

Application Programming Interface (API)

A set of protocols, tools and routines for developing software applications. APIs prescribe how software components should work together.

API Data

Data made available to an API User or third-party provider through an API.

API User

Any individual or organisation who develops an app which accesses data from an API Provider.

API Provider

A service provider running an Open Data API. API Providers distribute Open Data via an API gateway.

Competition and Markets Authority (CMA)

The Competition and Markets Authority (CMA) is a non-ministerial government department in the United Kingdom, responsible for strengthening business competition and preventing and reducing anti-competitive practices.


The nine largest banks and building societies in the UK: AIB Group (UK) plc trading as First Trust Bank in Northern Ireland, Bank of Ireland (UK) plc, Barclays Bank plc, HSBC Group, Lloyds Banking Group plc, Nationwide Building Society, Northern Bank Limited, trading as Danske Bank, The Royal Bank of Scotland Group plc, Santander UK plc (in Great Britain and Northern Ireland).


The Open Banking Directory provides a “whitelist” of approved participants who can operate in the Open Banking Ecosystem.

The Read/Write Directory provides identity and access management services to supply identity information so it can participate in payment initiation and account information transactions via APIs.

European Banking Authority Regulatory Technical Standards (EBA RTS)

Creators of the Regulatory Technical Standards which are submitted to the European Commission for endorsement. Regulatory Technical Standards are detailed compliance criteria for all parties, covering data security, legal accountability and other processes.

Financial Conduct Authority (FCA)

The Financial Conduct Authority is a financial regulatory body in the United Kingdom, but it operates independently of the UK Government and is financed by charging fees to members of the financial services industry.


Fintech is a portmanteau of financial technology that describes the flourishing financial services sector. Originally, the term was applied to technology applied to the back-end of established consumer and trade financial institutions.

General Data Protection Regulation (GDPR)

A regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. GDPR aims to give people control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Open API

An open API (or public API) is a publicly available application programming interface that provides developers with programmatic access to a proprietary software application or web service. APIs are sets of requirements that govern how one application can communicate and interact with another.

Open Banking Ecosystem

The Open Banking Ecosystem refers to the collective elements that make the operation of Open Banking possible. This includes API Standards, governance, systems, security, processes and procedures used to support participants.

Open Banking Services

The services provided by Open Banking to participants, including the provision and maintenance of standards and the directory.

Open Data

Data that anyone can access, use or share. It can relate to information on ATM and Branch locations, as well as product information for Personal Current Accounts, Business Current Accounts (for SMEs), and SME Unsecured Lending, including Commercial Credit Cards.

Revised Payment Services Directive (PSD2)

An EU Directive, administered by the European Commission to regulate payment services and payment service providers throughout the EU and European Economic Area. Its purpose is to increase competition and participation in the payments industry from non-banks and create a level playing field.

Payment Initiation Services Provider (PISP)

A Payment Initiation Service Provider (PISP) lets people pay companies directly from their bank accounts rather than using debit or credit cards through a third-party such as Visa or MasterCard. A PISP needs explicit consent before providing this kind of service.

Payment Services Regulations (PSR)

The UK's implementation of PSD2, including the associated Regulatory Technical Standards developed by the EBA.

Read/Write API

Read/Write APIs allow third party providers, with the customer’s consent, to request account information, like transaction history, from Personal and Business Current Accounts and to initiate payments from those accounts.

Small and Medium-sized Enterprises (SMEs)

According to the CMA, small and medium-sized enterprises are non-subsidiary, independent firms with an annual turnover of less than £6.5m.

Third Party Provider (TPP)

Organisations or individuals that use APIs that access customer accounts to provide account information services or initiate payments.

Third Party Providers are classified as either Payment Initiation Service Providers (PISPs) or Account Information Service Providers (AISPs), or both.

If you want to know more about how Open Banking will affect you, including the timeline and information for accountants, bookkeepers and small businesses, you can learn all about it at the Xero resource centre.

Learn more