Response to consultation on Guidelines on authorisation and registration under PSD2
Go back
• a reasonably quick assessment can be made whether the applicant has correctly identified the service he intends to provide; and
• it will be more likely that the applicant will provide complete and accurate information, thus smoothening the assessment stage and speeding up the authorisation procedure.
We are of the opinion that this combination will not mislead applicants to believe that only the examples listed in the table are permissible.
- Guideline 3 (e): the reference to the number of premises will be difficult to accurately achieve, and would present only a snapshot at a given time that would become rapidly inaccurate. A range estimate on the overall expected size of the Payment Institution would be a more workable way to collect information on predicted size, e.g. less than 10 locations, less than 50 locations, 50 – 100, 100- 200, 200 – 500, 500 – 1000, greater than 1000 etc. This would give the Competent Authority more accurate directional information on predicted size, with the added benefit that it would remain accurate for a longer period.
- Guideline 3.1(c) (iii): it would help to clarify that a Payments Institution can submit draft contract templates for any agent networks they may have (given that PIs may have a significant number of agents). EPIF is concerned the current wording is too broad and they may be required to produce a copy of every agent contract.
- Guideline 4, 4.1 (a): the information submitted in the business plan should not include highly sensitive commercial information such as an analysis of a company’s competitive position. It could be replaced with the results of a high level feasibility study. The business plan should focus on the viability of the business, budget estimates, target distribution channels, rather than the company’s market share. We would strongly suggest removing items (ii) and (iv).
- Guideline 5.1 (g): this requirement needs to be clarified to better understand the concept of “close links”.
- Guideline 7.1 (b): add contact details of office, position & name of person currently occupying that position, rather than just the name of the person.
- Guideline 7.1. (d): a copy of the draft contract with credit institution, including explicit declaration of compliance with Article 10 of PSD2.". This guideline should be deleted. It is the responsibility of the Payment Institution (not the credit institution offering the service of the bank account) to comply with Article 10 of PSD2. The Payment Institution's de facto compliance is not dependent on having a particular type of contract with the credit institutions servicing the Payment Institution's bank accounts. Many Payment Institutions maintain bank accounts with a large amount of different credit institutions and many credit institutions do not in practice offer a particular type of agreement for Payment Institutions compared to other corporate customers. If imposing a legal requirement for credit institutions to develop and offer a particular "payment institution agreement", that is likely to in practice mean that credit institutions step back from offering services to Payment Institutions, resulting in Payment Institutions losing access to bank account facilities. This would run directly counter to PSD2's intention to ensure access to bank account facilities per recital 39 and article 36 PSD2. It should be the responsibility of the Payment Institution to comply with all aspects of Article 10 PSD2 including ensuring that the accounts used for payment services are used exclusively for that purpose (and that there is no co-mingling with corporate funds) and this compliance should not be made conditional on the involvement of another actor (the credit institution).
- Guideline 13.1 (b) (ii), (iii), (d), (e) (i), (f), (g) (ii) and more throughout the Guidelines: we assume that EBA's use of "such as" is used in the meaning "as an example if applicable" rather than in the meaning "at least" since some parameters listed are not applicable to all applicants. As an example, 13.1 (b) (ii) refers to "wallets" which would be relevant for e-money issuers but not payment institutions.
- Guideline 13.1 (c) and (d): are very exhaustive and will require a large amount of work on behalf of PSPs to update. As an example, an employee logging into its work station from a hotel (a new IP address) would trigger major work and continuous documentation. Rather than imposing this kind of detailed requirements, a more risk-based approach should be taken. We assume that the same requirements apply also to ASPSPs/credit institutions, or else an unlevel playing field will be created.
- Guideline 14.1 (c): delete from line 3 to the end, beginning with “including …. Requirements of that Member State”. This goes beyond what is required for banks under the most recent Credit Risk Directive and Regulation and it would introduce an unlevel playing field for Payment Institutions. The rules for Payment Institutions should not be more onerous than for credit institutions.
- Guideline 14.1 (g): we suggest replacing the wording: “do not expose the applicant to increased money laundering and terrorist financing risk” by “are monitored to address money laundering and terrorist financing risk”."
Question 1: Do you consider the objectives of the Guidelines as identified by the EBA to be plausible and complete? If not, please provide your reasoning.
Yes, the objectives make sense and are complete.Question 2: Do you agree with the options the EBA has chosen regarding the identification of payment services by the applicant; the way information is to be submitted to the competent authority; the four-part structure of the Guidelines, and the inclusion of authorisation for electronic money institutions? If not, please provide your reasoning.
Yes, we agree. We would however like to suggest that the EBA choses to use a combination of option A and C. By doing so, the EBA achieves that:• a reasonably quick assessment can be made whether the applicant has correctly identified the service he intends to provide; and
• it will be more likely that the applicant will provide complete and accurate information, thus smoothening the assessment stage and speeding up the authorisation procedure.
We are of the opinion that this combination will not mislead applicants to believe that only the examples listed in the table are permissible.
Question 3: Do you consider it helpful how the EBA has incorporated proportionality measures in the Guidelines in line with PSD2? If not, please explain your reasoning and propose alternative approaches.
No, we do not consider that helpful. Proportionality has a legitimate place when discussing the risk posed by the business of a Payment Institution but not when discussing the ability of the Payment Institution to meet all the legal and compliance requirements. Proportionality should not stem from the size of the company but from the risk posed by the business. It is critical for EU consumers that all companies acting as Payment Institutions are able to meet the applicable EU legal requirements.Question 4: Do you agree with the Guidelines on information required from applicants for the authorisation as payment institutions for the provision of services 1-8 of Annex I of PSD2, as set out in chapter 4.1? If not, please provide your reasoning.
No, we do not agree. We have the following remarks with certain sections of Guidelines.- Guideline 3 (e): the reference to the number of premises will be difficult to accurately achieve, and would present only a snapshot at a given time that would become rapidly inaccurate. A range estimate on the overall expected size of the Payment Institution would be a more workable way to collect information on predicted size, e.g. less than 10 locations, less than 50 locations, 50 – 100, 100- 200, 200 – 500, 500 – 1000, greater than 1000 etc. This would give the Competent Authority more accurate directional information on predicted size, with the added benefit that it would remain accurate for a longer period.
- Guideline 3.1(c) (iii): it would help to clarify that a Payments Institution can submit draft contract templates for any agent networks they may have (given that PIs may have a significant number of agents). EPIF is concerned the current wording is too broad and they may be required to produce a copy of every agent contract.
- Guideline 4, 4.1 (a): the information submitted in the business plan should not include highly sensitive commercial information such as an analysis of a company’s competitive position. It could be replaced with the results of a high level feasibility study. The business plan should focus on the viability of the business, budget estimates, target distribution channels, rather than the company’s market share. We would strongly suggest removing items (ii) and (iv).
- Guideline 5.1 (g): this requirement needs to be clarified to better understand the concept of “close links”.
- Guideline 7.1 (b): add contact details of office, position & name of person currently occupying that position, rather than just the name of the person.
- Guideline 7.1. (d): a copy of the draft contract with credit institution, including explicit declaration of compliance with Article 10 of PSD2.". This guideline should be deleted. It is the responsibility of the Payment Institution (not the credit institution offering the service of the bank account) to comply with Article 10 of PSD2. The Payment Institution's de facto compliance is not dependent on having a particular type of contract with the credit institutions servicing the Payment Institution's bank accounts. Many Payment Institutions maintain bank accounts with a large amount of different credit institutions and many credit institutions do not in practice offer a particular type of agreement for Payment Institutions compared to other corporate customers. If imposing a legal requirement for credit institutions to develop and offer a particular "payment institution agreement", that is likely to in practice mean that credit institutions step back from offering services to Payment Institutions, resulting in Payment Institutions losing access to bank account facilities. This would run directly counter to PSD2's intention to ensure access to bank account facilities per recital 39 and article 36 PSD2. It should be the responsibility of the Payment Institution to comply with all aspects of Article 10 PSD2 including ensuring that the accounts used for payment services are used exclusively for that purpose (and that there is no co-mingling with corporate funds) and this compliance should not be made conditional on the involvement of another actor (the credit institution).
- Guideline 13.1 (b) (ii), (iii), (d), (e) (i), (f), (g) (ii) and more throughout the Guidelines: we assume that EBA's use of "such as" is used in the meaning "as an example if applicable" rather than in the meaning "at least" since some parameters listed are not applicable to all applicants. As an example, 13.1 (b) (ii) refers to "wallets" which would be relevant for e-money issuers but not payment institutions.
- Guideline 13.1 (c) and (d): are very exhaustive and will require a large amount of work on behalf of PSPs to update. As an example, an employee logging into its work station from a hotel (a new IP address) would trigger major work and continuous documentation. Rather than imposing this kind of detailed requirements, a more risk-based approach should be taken. We assume that the same requirements apply also to ASPSPs/credit institutions, or else an unlevel playing field will be created.
- Guideline 14.1 (c): delete from line 3 to the end, beginning with “including …. Requirements of that Member State”. This goes beyond what is required for banks under the most recent Credit Risk Directive and Regulation and it would introduce an unlevel playing field for Payment Institutions. The rules for Payment Institutions should not be more onerous than for credit institutions.
- Guideline 14.1 (g): we suggest replacing the wording: “do not expose the applicant to increased money laundering and terrorist financing risk” by “are monitored to address money laundering and terrorist financing risk”."