Finance Norway recognises that the EBA is mandated by PSD2 to develop, operate and maintain an electronic register for competent authorities to report information and set technical requirements on development, operation and maintenance. However, further guidance to the functionalities of the register is not assigned to the EBA. In our view, with the objective of PSD2 in mind, the register should be easily accessible, automatic and complete.
The purpose of PSD2 is to create an open and fair competitive ground in the EU/EEA for payment services, requiring ASPSPs to, if requested, make customers payment accounts available for third party providers. For a secure communication with TPPs, easy access to information regarding TPPs should be accessible without having to depend on various sources to retrieve information on TPPs. Therefore, the register need to be automated, available real-time, legally-binding, accurate and openly available to all stakeholders.
In support of the above, the EBA register should serve as an electronic central point of trust for all parties for the following use-cases:
- PSU’s for searching information about a specific PSP
- TSP’s for issuing qualified certificates
- ASPSP’s for verification of status of a TPP
The EBA Register, as described in the Consultation paper will only partly serve these purposes. Finance Norway strongly urge the EBA to consider the register to also serve these purposes to achieve the objectives of the directive and provide real value to the payment service community.
After assessing the listed options, Finance Norway finds Option c) An automated approach, as favourable and Option b) A semi-automated approach, to be a minimum requirement. Option a) a manual approach, should only be used as a fall-back solution if an automated entry into the register is unavailable.
The EBA suggests in the consultation paper, rationale 15, that the EBA register is updated “a day” after the information is updated in the national register of the competent authorities. Additionally, article 10 also refer to “a day” for processing batch files. Articles 11 (6) and 16 (2) however, refer to “business day(s).” We urge the EBA to clarify what is meant by “a day” and “business day,” and whether these should be understood equally.
Also, we encourage the EBA to apply and define “end of day,” since this might be viewed differently across member states.
The EBA Register should be a trusted source of information for verifying TPPs, and updated so that the EBA Register reflects the local registers in real-time to prevent deviating information from being available in different registers. If ASPSPs are obligated to retrieve or confirm information from local registers and the EBA Register, this will be counterproductive and defeat the purpose of a single register for all ASPSPs to verify information on TPPs. We ask the EBA to address this issue in the guidelines.
With regards to EBAs position on the functionality of the EBA Register we need to highlight the importance of a machine-readable register. While the directive itself does not command EBA to develop and operate a machine-readable interface (e.g API) to search and retrieve results, for the EBA Register to function to the best of its ability it is necessary to create a register that is complete, accurate and openly available. This presupposes a machine-readable solution.
We anticipate that several TPP’s will be operating in the market of cross border payment services. Considering the attention related to API standardisation, several TPP’s expect that ASPSP’s interfaces are available with a minimum integration effort. If the ASPSP’s would have to manually search the webpages of the EBA to verify the TPP’s authorisation for a given payment service and territory, this will lead to more friction and longer lead-times to establish services in the market for payment services, with resulting frustration and less trust.
We encourage the EBA to interact and collaborate with the national authorities of member states in light of the NCAs obligations stated in PSD2 article 14. This will help achieve a fully functional, accurate and available EBA register.
Finance Norway would like to express concern with the EBAs position that the EBA Register is not meant to be updated real-time. We strongly disagree with this position. For the EBA Register to be relevant and serve a purpose, it should be available and updated in real time. Otherwise it will prove redundant.
Finance Norway understands the reasoning behind the EBA proposal. However, a single register that contains information on all licensed institution, including credit institutions providing payment initiation services and account information services, is preferable and necessary to make the register efficient and useful for the stakeholders. We strongly encourage EBA to take into consideration the requirements credit institutions are obligated to adhere to in its interaction with TPPs; identification, authentication, security measures etc.
We therefore urge the EBA to reconsider this position and make sure that also credit institutions licensed to provide services listed in PSD2 Annex 1 nr.7 and 8 are included in the EBA Register.
The industry organisation for the financial industry in Norway.