What is a TPP in banking?

News

What is a TPP in banking?

A TPP (Third Party Provider) in banking is an FCA-regulated company that can access your bank account data or initiate payments through secure open banking APIs, with your consent. TPPs are the engine of the UK’s open banking ecosystem — powering apps for budgeting, lending, payments, and financial management. All UK TPPs must appear on the FCA’s Financial Services Register.

What is the difference between an AISP and a PISP?

An AISP (Account Information Service Provider) reads account data to provide information-based services, such as aggregating multiple accounts in a budgeting app. A PISP (Payment Initiation Service Provider) initiates payments directly from your bank account, bypassing card networks. Both are types of TPPs and must be separately authorised by the FCA for each activity they carry out.

Are TPPs safe to use in the UK?

FCA-regulated TPPs are subject to strict security, conduct, and data protection standards. They must implement Strong Customer Authentication (SCA), cannot store your banking password, and must clearly disclose how your data will be used. Consumer protections under the Payment Services Regulations 2017 apply to all TPP interactions, giving you rights to compensation if something goes wrong.

Open Banking in Practice: The UK’s nine largest banks are all required to support TPP access under the CMA order. This has enabled hundreds of FCA-regulated fintechs to build services on top of UK banking infrastructure. The JROC is now overseeing the next evolution of TPP access rights. Read more on openfuture.world.

FAQ

Can a TPP access my savings account as well as my current account?

A TPP can access any account you explicitly consent to share — including savings, credit cards, and current accounts.

Is a payment app like Monzo a TPP?

Monzo is a licensed bank; some of its features may use TPP capabilities, but it primarily operates as a bank, not a standalone TPP.

What regulations govern TPPs in the UK after Brexit?

TPPs remain governed by the Payment Services Regulations 2017 (derived from PSD2), which the UK retained after Brexit.