Account Information Service Providers (AISPs) are authorised, directly regulated platforms that are given access to a user or business’s financial data when explicit consent is provided. Their introduction is part of the broader Open Banking initiative and benefits audit firms and their clients.
An AISP provides secure access to complete and verified financial data from source. This streamlines many audit processes due to the time saved from chasing and verifying data as well as allowing firms to receive data in a searchable universal format for better data analysis opportunities.
While there are also data aggregators on the market offering access to data from financial institutions, they are unregulated and less secure. This also means their coverage is unlikely to be on a similar level as an AISPs.
What are AISPs?
AISPs are one of the fundamental elements of Open Banking, introduced as part of the broader Payment Services Directive (PSD2) in 2018.
AISPs are authorised to access financial data from banks and financial institutions. Initially, this was only mandated for the CMA 9, the nine largest banks in the UK. However, scores of other account providers have since signed up to participate and develop APIs.
Data can only be accessed if users/businesses give explicit consent and are restricted to “read-only” meaning that AISPs can access data but cannot access accounts. Therefore, there is no risk of them being able to make changes, such as executing transactions.
Audits are one of the use cases that have been developed for AISPs. Directly regulated providers such as Circit streamline audit workflows by being able to request and access verified transactions directly from the accounts of audit clients.
The expanding range of account providers means many corporate accounts and electronic wallet providers are now signed up. Using Circit, these non-traditional assets can be verified, something that would be difficult to do without use of an AISP.
This means most accounts of audit clients are catered for, enabling audit firms unparalleled access to client data. Benefits include saving time from accessing data and needing to verify it, as well as being able to increase the scope of audit jobs by using automated data analysis techniques that go beyond traditional sampling methods.
What are aggregators, and how are they different to AISPs?
Aggregators, like AISPs, can access account data and pull it directly into third-party applications.
However, this is done via screen scraping rather than the directly regulated and specially developed APIs accessible by AISPS. This may seem like a subtle difference on the surface, but under the hood, they are markedly different from AISPs.
They aren’t regulated as part of PSD2 and the permissions are less secure, as data is accessed via logins being mimicked. Lastly, security is a concern due to businesses needing to share passwords for data transfer. In sum, this means data can become misappropriated, with the risk of breaching bank conditions, such as safeguarding passwords. In these instances, if fraud takes place, they may not be able to get funds back.
There have been a few instances over the last few years of aggregators being fined due to exploiting privacy from their data sharing due to users not giving explicit consent for data access.
Using aggregators will result in auditors taking on unnecessary risk due to the possibility of being complicit in data leakage or misuse.
Competitive advantages of using Open Banking and Verified Transactions
Confidence that data has come direct from source
Circit’s product, Verified Transactions, gives audit firms confidence that data has securely come direct from the source and hasn’t been tampered with, as Circit is an AISP.
This reduces the risk for audit firms as they can access data securely without the risk of analysing bank statements that may have been doctored to put in false transactions or balances.
Ultimately this leads to higher-quality audits as the potential for corporate fraud is minimised.
Access to complete data sets
Open Banking powered AISPs enable auditors to request a wealth of bank transactions at once, as well as current data for inspection related to post-balance sheet events and unpaid debtors.
Until now, audit clients would have most likely sent 12 months of bank statements in a PDF format. However, in many instances, periods can be missing, meaning clients have to be chased for missing data.
Streamlined processes
Access to Open Banking client data streamlines audit processes. This is due to the time saved from accessing transactions and a standardised data format.
Receiving data from Open Banking APIs in a universal format saves time from modifying statements received in various formats (i.e. PDF and Excel), and outputs are also fully searchable, thus minimising the time needed to complete audit tests.
Streamlined processes allow jobs to be completed faster and reduce the costs of delivering audits. Working with an AISP like Circit, also provides a point of contact when clients or teams have questions, concerns or need support. This direct line of communication to a regulated AISP streamlines processes and creates confidence.
Future proof your audit tech stack today
Incorporating Circit, an AISP-powered audit tech platform, will enable you to securely and efficiently automate single asset confirmation, saving up to 80% of the time and costs of audit jobs.
Request a demo and experience the platform in action to see how your firm can fully leverage the benefits of AISPs.
