How your company can access accounts through an external service provider

If a service provider used by your company has adopted banks’ open interfaces (PSD2 APIs), you must change your corporate account’s access rights at the bank. After that, you can authorise the service provider to access your company’s account details.

In September 2019, the new EU payment service directive (PSD2) entered into force. The directive requires banks to open their bank account and payment interfaces to third parties, or external service providers.

Alongside traditional banks, external service providers can provide you with new services and channels for, say, managing your company’s accounts and making payments.

Do as follows if you want to use an external service provider’s services

If you receive a notification in an external service provider’s online store stating that accessing accounts requires additional access rights, you don’t have permission to authorise third parties.

You must first change your corporate account’s access rights at the bank, then your company can use the services offered by an external service provider for managing accounts and making payments.

You can make the needed changes by contacting our Customer Service either by a message at op.fi or by calling 0100 05151.

We can extend an external service provider’s access rights at the bank as follows:

Account information services: Service provider can retrieve account details.
Payment order service: You can authorise a payment order service using PSD2 interfaces to initiate a payment directly from your company’s payment account.

After the company’s account access rights have been extended at the bank, you can authorise a service provider to, for example, use your company’s account details or initiate a payment order.

If you wish to terminate the service, you must contact the third-party service provider.

Build a real-time connection to your bank with OP Corporate Banking APIs

You can enhance your company’s operations and easily build a real-time connection to your bank by using OP Corporate Banking APIs. The interfaces can be used to fully automate both payment transfers and transaction queries, thereby speeding up your company’s processes related to payments and monitoring of accounts receivable. OP Corporate Banking APIs can also be easily integrated for purposes beyond financial management.

You can also mandate your service provider to manage the company or institution’s machine-readable payment transfers through OP Corporate Banking APIs or the OP API Admin pages. The service provider can be an accounting firm or software supplier, for instance. The service provider mandate is given when concluding a new API agreement, and the mandate can be given to a service provider registered on the OP API Admin pages.

Learn more about OP Corporate Banking APIs and service provider mandates >

Want to authorise the Web Services channel?

Using the bank connection authorisation form, a company or institution can authorise an administrator to take care of machine-readable payment transfers through the Web Services channel on your company’s behalf. The administrator can be an accounting firm or software supplier, for instance.

Please note that PSD2 mandates cannot be made with a bank connection authorisation form. The person authorised to sign for the company must instead contact Customer Service. The bank connection authorisation form also does not grant authorisation to use OP Corporate Banking APIs.

More information and the bank connection authorisation form >