obOpen Banking Lab
GlossarySTETBlogContact
Actor

Agent PSP

Payment Service Provider Agent

A model that lets an unauthorised player distribute the services of a PSP (PI or EMI) under its own brand, relying on the authorisation of the 'principal'. The standard of Banking-as-a-Service.

See also:EPEMEBaaSTreezor / Swan / SolarisACPRDSP2

Definition

A PSP agent provides payment services in the name and on behalf of an authorised PSP — the "principal", usually a PI or an EMI.

The agent has no authorisation of its own: it is listed in the ACPR register as an agent of the principal, which remains legally responsible for the services provided. This is the mechanism that lets a fintech launch a product before obtaining its own authorisation.

Principal vs agent: who does what

  • Principal (PI or EMI) — holds the authorisation, bears the regulatory responsibility, runs compliance (AML/CFT, own funds, ACPR reporting).
  • Agent — distributes the service under its brand, manages the customer relationship (UI, support, marketing), but never holds the funds: those stay with the principal.

On the customer's side, the experience is seamless: they use the agent's app, but the money is technically held by the principal. Hence the mandatory legal mention along the lines of "accounts opened in the books of [Principal]".

The BaaS model in practice

The PSP agent status is the legal vehicle of European Banking-as-a-Service. Typical setup:

  1. A fintech wants to launch a product (account, card, payments).
  2. It registers as an agent of a BaaS principal (Treezor, Swan, Modulr, Solaris).
  3. The BaaS exposes an API: account opening, KYC, card issuing, SEPA transfers.
  4. The fintech builds its UX on top and runs the marketing and tier-1 support.
  5. The BaaS runs the heavy compliance (AML/CFT, monitoring, ACPR reporting, card-scheme integration).

The result: a launch in 3 to 6 months, where obtaining one's own authorisation would take 18 to 24 months.

Registration and obligations

The principal registers the agent with the ACPR. Registration requires:

  • a fit-and-proper check of the agent's directors;
  • internal controls at the principal that cover its agents;
  • a detailed agent-principal contract (responsibilities, fraud, data);
  • a transparent legal mention on the customer's side;
  • AML/CFT training for the agent's teams.

The principal remains jointly liable for its agent's breaches.

What a PSP agent is not

  • Not a PSP in the strict sense: no authorisation, no regulatory own funds.
  • Not a mere lead generator: it actually operates a payment service, not just referrals.
  • Not entitled to AIS / PIS: since PSD2, these two services must be operated by a PSP authorised in its own right. The agent can distribute services 1 to 6, not 7 and 8.
  • Not a fixed status: many fintechs start as agents, obtain their PI/EMI authorisation, then migrate their accounts in-house — a rebackbone phase that is often long (12 to 18 months).

IOBSP vs PSP agent

A frequent confusion:

  • PSP agent — distributes payment services (account, card, transfer) on behalf of a PSP.
  • IOBSP — distributes credit or banking services (mortgage, consumer loan, debt consolidation) on behalf of a credit institution.

Distinct statuses, registers (ACPR vs ORIAS) and responsibilities.

In the PSD2 ecosystem

The PSP agent is the lubricant of the fintech ecosystem: since 2018, it has driven the explosion of BaaS, and therefore the arrival of hundreds of vertical neobanks (freelance, travel, teen, child accounts) without multiplying authorisations.

Concrete examples

  • Typical case: Qonto started as an agent of Treezor in 2017 before obtaining its PI authorisation in 2018. During those 18 months, all Qonto accounts were legally held by Treezor.
  • BaaS market: Treezor (FR, ~100 agents), Swan (FR, mostly B2B), Modulr (UK), Solaris (DE), Railsr (UK) each host dozens to hundreds of agents.
  • Pixpay (teen account) was launched as an agent of Treezor — the principal bears the risk, Pixpay owns the brand and the UX. Acquired by GoHenry in July 2022.
  • Stripe Issuing issues white-label cards for dozens of agent companies, under different principals depending on the region.
  • Limit of the model: unsuited to pure AIS/PIS players (which must be PSPs in their own right) and to those wanting to internalise credit risk (which must become credit institutions). Hence Qonto's trajectory towards the CI status, or Bridge's move to its own PSP licence.
  • Cost for the agent: no regulatory capital, but a revenue share or fees per account / card / transaction. Economical at the start, more expensive at scale — hence the migration to one's own authorisation.
  • Disruption risk: the failure of a BaaS principal (the Wirecard case, 2020) instantly freezes all its agents. DORA now requires a continuity plan including an exit from the BaaS.

Sources

Back to glossary