Austrian Federal Economic Chamber, Division Bank and Insurance
No. Basic requirements: (1) data upload to the EBA register should be automated, (2) EBA register should be updated with NCA register changes automatically in real time, (3) EBA register should be machine readable with separate interface.
EBA data validation and the checking of the service providers ahould be automated for proper operation. It seems acceptable to compound two solutions: daily data base update and immediate manual update in certain cases like disabling a TPP, set back the TPP status to authorized, etc.
No, We suppose that in case of any search criteria all information about search results will be shown.
We propose the following additional search criterias:
- status of the natural or legal person (authorized/registered or withdrawn)
- date of authorization/registration
- expiry date of licence
- operational area
- the type of natural or legal person for payment institutions/ exempted payment institutions/ account information service providers/ electronic money institutions/ exempted electronic money institution
No. Availability: EBA Register should be accessible continuosly and automatic response is required.
It is required to clearly define the process how operational issues can be reported to EBA. Defined EBA data process and response time, disaster recovery SLA are needed.
No. PISP, CISP roles are missing and AS PSPs (credit institution) either. Refer to the point 33 - from practical point of view it is necessary to include also all existing credit institutions as they have to also identify themselves in order to be able to consume clients date as licensed payment institution for PSD 2 services.
No. We propose to add contact details/ contact person or department which will handled for example investigation etc.
No. It is required to have a central, standardized database as in case of urgency ASPSPs need to contact the counterparty without undue delay.
Contact details, date of authorizationt and the service palette in the host state are required information.
TPPs operating in different EU countries provide cross-border services have to open different branches. Contact details of the brancher will obviously differ from the the ones of the parent, consequently these data should be added to the register.
Basic principles: (1) data upload to the EBA register should be automated, (2) EBA register should be updated with NCA register changes automatically in real time, (3) EBA register should be machine readable with separate interface. EBA data validation and the checking of the service providers ahould be automated for proper operation. The applications with ,,Account servicing payment service providers"", ,,payment institutions"", ,,account information service providers"" applications can't communicate with the EBA register with the suggested solution. We see the following to options to serve the incoming inquiries when EBA register check is required: (1) daily download from EBA register and automated, rel-time check in this copy database. This solution does not ensure the checking of the most recent version of the database.
(2) Manual check. This solution makes the inquiry handling impraticable. Both solutions are risky,impraticable and does not serve the spirit of the PSD2. Alternative solution: Machine readable database.
The RTS does not define clearly the role of the EBA/NCA registers. What is the process if the two registers are not in sync at the time of the TPP checking?
RTS does not define clearly the responsibilities of the different stakeholders, especially the EBA responsibilities. Who is responsible if the database is not update and this causes complaint, claim or fraud. Eg.: A TPP licence is withdrawn and its NCA database is updated properly. The NCA updates the EBA register with automated transmission which will be processed by the EBA within a day, so until then the EBA and the NCA registers are not in synch. Who takes the responsibilty in a fraudulent case if the transaction authorisation happened during this time period based on the EBA register? Atlernative solultion: Automated, continuous data process
Which kind of services should be considered as cross-border service?
What happens if a customer of an ASPSP from country ,B' uses an application of a TPP from country ,A' and the ASPSP detects fraudulent TPP activity. It has to report it to its own NCA in country ,B' which will inform country ,A' NCA and then it informs EBA OR country ,B' NCA can report it directly to EBA?
We suggest to preserve every service provider in the register which ever has a licence (no matter that it is already withdrawn)."