What are TPPs?

TPPs in this context are online service providers authorised by the financial services regulator – Financial Conduct Authority (FCA) and these are introduced as part of the Open Banking initiative to comply with regulatory requirements under the Second Payment Services Directive (PSD2). TPPs have the ability to provide users with functions to view their bank account information and initiate payments from those accounts.

There are two types of Third-Party Provider (TPP):

1. Account Information Service Provider (AISP)
2. Payment Initiation Service Provider (PISP)

By obtaining your consent to retrieve data from banks, TPPs serving the AISP function will communicate with banks and access your data. Such data will then be transmitted to their platforms to enable you to manage your money from there. Some customers may find these services convenient because the TPPs will often provide them with a consolidated view of accounts across multiple banks, allow them to make payments via a mobile app, or budgeting tools are available for money management. Similarly, approved PISPs will be able to make payments from your bank accounts with your prior consent (BEAUK will offer the PISP function in the second half of 2021).

In reference to AISPs we refer to the consents as ‘’Third-Party Provider consents’’ and we refer to PISP payments as ‘‘Third-Party Provider payments’’.

Are TPP services trustworthy?

In line with the regulatory requirements, BEAUK only accept requests of access to customer data from TPPs authorised and regulated by the FCA and these TPPs has to undertake a robust registration process with BEAUK beforehand. Please visit the FCA register to check the authorisation status of any TPP that interests you. Do learn more about the TPPs via their websites or mobile apps before you decide to sign up with them. While the TPPs we accept are regulated and authorised and we do conduct internal registration processes as mentioned, you should gain your own comfort over the TPPs to minimise potential loss due to fraud risk.

Please refer to the FCA’s website for further guidance, including ways to protect yourself:

https://www.fca.org.uk/consumers/account-information-and-payment-initiation-services

How can this new type of service help me?

You may view the information of your BEAUK Current, Savings or Call Accounts on an AISP TPP platform provided that they are FCA-authorised and registered with us. In the second half of 2021, we will introduce a further function that enables you to make payments from your BEAUK accounts on PISP TPP platforms.

Am I eligible for this service?

You are eligible for this service if you have a Current, Savings or Call Account with us and have signed up for our Cyberbanking service.

Please note that you are under no obligation to sign up with TPPs and nothing will change in the use of our services if you choose not to do so.

What data is shared and how is it shared with a TPP?

Once you have consented and the TPP has been registered with us, the TPP will have access to the payment account information you are able to access when signing into your Cyberbanking, for example, account name, account number and sort code, account balance and currency, details of your incoming and outgoing transactions, etc.

A secure connection will be used between BEAUK and TPPs to share data. It is a form of Application Programming Interface (API), which is technically a set of protocols that specifies how software components of different parties (e.g. BEAUK and TPPs) should interact securely during data transmission. This API is developed according to the Open Banking Read/Write API specification and fulfils the requirements of PSD2.

Is my data with BEAUK protected under this service pattern?

When you choose to sign up with a TPP, that TPP will ask you to give them your consent. This is a precondition for a TPP to register with BEAUK to access your account data. Provided that your chosen TPP has completed the registration with us, each time you use the TPP to view your BEAUK you will be securely redirected from their platform to the Cyberbanking log-on page for the authentication process. This will be similar to the way you log on to Cyberbanking. On the log-on screen, you will be asked to generate a One-Time Passcode (OTP) to be sent to your designated mobile device. After you use the OTP for Cyberbanking authentication, you will be redirected back to the TPP’s platform to continue with your activities over there. This means that you are in control of your activities conducted via the TPP.

TPPs must comply with data protection laws and must be authorised by FCA in delivering the service of data access. Before you decide to sign up with any TPP, please make sure you are satisfied with the way they will handle your data by reading and understanding their service terms and conditions.

As always, BEAUK adopts robust data security measures to keep your data with us safe. To understand how your personal data is handled at BEAUK, please read our Privacy Notice .

To ensure cyber security, please also be reminded to always access your bank data in a safe and secure online environment.

Remember – you are under no obligation to sign up with TPPs. If you do choose this additional way of banking, it is up to you to choose which regulated TPP to sign up with, which service to use (AISP, PISP or both) and for how long your consent would last. No TPP can access your account data and perform payment services for you unless you authorise their access.

How may I start using TPPs to view my BEAUK account data?

You may sign up with a TPP of your choice and follow their instructions, or you may make a request to us by telephone, post, email or by visit to our branches informing us that you would like to use a certain TPP (via our contact details and address). You will be required to give us your explicit prior consent for the TPP to gain access to your BEAUK account data.

Before you give a TPP your consent, please make sure you fully understand the service they provide and whether or not this suits your needs and perform your own due diligence over the TPP, including checking the TPP’s authorisation status on the FCA register . Please also refer to the FCA’s website for further guidance:

https://www.fca.org.uk/consumers/account-information-and-payment-initiation-services

Can I opt out of the TPP service after I have signed up with them?

Yes, you can choose to stop sharing your data at any time. This will not affect your ability to access your accounts with us directly via Cyberbanking. For those who have subscribed to TPPs’ service but want to discontinue, please:

Go to TPPs’ app or website and withdraw your consent directly with them; and

Contact us to let us know that you no longer want the TPP to have access to your information.

I don’t feel like using any TPP services just yet. Can I just continue using Cyberbanking to view my accounts?

Yes, of course. Our Cyberbanking service is, and will remain, available just the same as before and nothing has changed. You may just log on to Cyberbanking as usual to view your account and there is no requirement to use any TPPs. Please note that the TPP service is just an additional channel for customers who may prefer an alternative way to manage their money.

You will not be automatically signed up for any TPP service.

Where can I find more information about this additional type of service?

Give us a call on +44 (0)20 7734 3434 during business hours or drop us a line at tpp@hkbea.co.uk. Our teams are pleased to speak with you and provide you with further information about our service.

Please also refer to the FCA website for further information:

https://www.fca.org.uk/consumers/account-information-and-payment-initiation-services