Account information services (AIS) are transforming how you manage financial data in an era of rapid fintech innovation.
Whether you’re building personal finance tools or enhancing your bank’s digital offerings, understanding the Financial Conduct Authority's (FCA’s) requirements under the Payment Services Regulations 2017 is essential to avoid costly fines, operational restrictions and reputational damage.
Our financial services solicitors can guide you through every step of your AIS journey: from preparing a robust authorisation application and embedding GDPR‑compliant data protection measures to ensuring your resilience frameworks are tailored to your business. By partnering with our experts, you’ll gain practical support, clear action plans and the confidence to launch and scale your AIS offerings securely and compliantly.
Contents:
What are Account Information Services?
Account Information Services enable customers of authorised or registered AIS providers to access and consolidate users' financial data from multiple accounts. They operate read-only, meaning the data can be accessed but not altered, ensuring customer security and control.
AIS facilitates innovation in financial services by helping consumers better understand their financial position through features like consolidated financial dashboards, budgeting tools, and spending insights. Popular apps such as Yolt, Emma, and Money Dashboard have successfully leveraged AIS to deliver these functionalities.
AIS also extends beyond personal finance management. By securely integrating financial data, AIS powers enhanced customer experiences such as:
- Tailored financial products: Banks can offer customised credit cards or loans based on spending behaviour.
- Investment management tools: Platforms like Nutmeg use AIS to monitor investments and offer personalised advice.
- Corporate finance solutions: AIS can also streamline business accounting processes, aiding SMEs in cash flow forecasting.
- Powerful AML and credit risk tools: AIS can help businesses carry out AML checks (e.g., verification of source of wealth and funds) and credit assessments (based on detailed income and expenditure analysis), provided customers consent to share data.
Who can provide Account Information Services?
To provide AIS in the UK, a business must secure FCA authorisation under the Payment Services Regulations 2017. This ensures that only providers meeting strict regulatory and operational standards can access and manage sensitive financial data. Here are the key compliance requirements:
- Data protection: You must comply with GDPR, ensuring customer data is securely stored and used only for authorised purposes. Regular audits and robust encryption protocols are essential.
- IT security: Strong authentication, encryption, and penetration testing are critical to safeguarding data against breaches.
- Operational resilience: Reliable systems and continuity plans must be in place to manage disruptions or cyber attacks.
- Financial stability: Maintaining adequate capital reserves and liability insurance demonstrates financial health to the FCA.
- Consumer protection: Clear and fair terms of service, transparent pricing, and a robust complaints process are essential for building customer trust.
Examples of Account Information Services in action
AIS applications are diverse and rapidly expanding across the financial services sector. Below are some common examples:
- Personal finance apps: Tools like Yolt aggregate user account data, providing insights into spending habits and helping users set achievable budgets.
- Banking services: Some banks use AIS to deliver real-time, personalised advice. For instance, a bank may recommend travel credit cards to frequent travellers identified through spending data.
- Investment platforms: AIS enhances portfolio management by offering live updates, alerting users to risk factors, and suggesting investment adjustments.
- Business finance: AIS is increasingly used by business-focused fintechs to automate accounting, payroll, and financial planning.
Why compliance matters
Operating AIS without the required FCA authorisation has severe consequences. Beyond financial penalties, unauthorised providers risk operational shutdowns and legal action. Moreover, regulatory breaches damage customer trust, an invaluable asset in the competitive fintech landscape.
To ensure compliance, your organisation must:
- Conduct regular compliance audits.
- Train staff on data protection and cyber security best practices.
- Stay updated on evolving FCA guidelines.
Many businesses struggle with the complexities of authorisation, such as preparing a compliant operational plan or demonstrating financial resilience. Engaging experts in financial services law can streamline the process and reduce risk.
The role of AIS in Open Banking
AIS has gained momentum due to Open Banking, a regulatory framework requiring major UK banks to provide third-party access to customer data through secure APIs. Open Banking expands AIS's potential, encouraging innovation in financial dashboards and personalised budgeting recommendations.
For fintech companies, Open Banking presents an opportunity to leverage bank data to develop innovative financial products, thereby driving market competition. However, AIS providers must ensure compliance with Open Banking regulations and standards, including the secure handling of customer data.
Navigating AIS compliance
Account Information Services offer transformative potential for fintechs, payment service providers, and consumers. However, they also demand robust compliance frameworks to navigate the FCA’s stringent authorisation process. By ensuring your systems meet regulatory requirements, you can unlock the benefits of AIS while maintaining customer trust.
Our financial services solicitors can advise you on authorisation strategies, draft and review your policies, conduct gap analyses and engage with the FCA on your behalf. Contact us today to explore how we can help you unlock the full potential of AIS while effectively managing risk and maintaining regulatory compliance.
