Response to consultation on the Technical Standards on the EBA Register under PSD2
Go back
EBA data validation and the checking of the service providers ahould be automated for proper operation. It seems acceptable to compound two solutions: daily data base update and immediate manual update in certain cases like disabling a TPP, set back the TPP status to authorized, etc.
We propose the following additional search criterias:
- status of the natural or legal person (authorized/registered or withdrawn)
- date of authorization/registration
- expiry date of licence
- operational area
- the type of natural or legal person for payment institutions/ exempted payment institutions/ account information service providers/ electronic money institutions/ exempted electronic money institution
It is required to clearly define the process how operational issues can be reported to EBA. Defined EBA data process and response time, disaster recovery SLA are needed.
Contact details, date of authorizationt and the service palette in the host state are required information.
TPPs operating in different EU countries provide cross-border services have to open different branches. Contact details of the brancher will obviously differ from the the ones of the parent, consequently these data should be added to the register.
Other comments:
Basic principles: (1) data upload to the EBA register should be automated, (2) EBA register should be updated with NCA register changes automatically in real time, (3) EBA register should be machine readable with separate interface. EBA data validation and the checking of the service providers ahould be automated for proper operation. The applications with ,,Account servicing payment service providers"", ,,payment institutions"", ,,account information service providers"" applications can't communicate with the EBA register with the suggested solution. We see the following to options to serve the incoming inquiries when EBA register check is required: (1) daily download from EBA register and automated, rel-time check in this copy database. This solution does not ensure the checking of the most recent version of the database.
(2) Manual check. This solution makes the inquiry handling impraticable. Both solutions are risky,impraticable and does not serve the spirit of the PSD2. Alternative solution: Machine readable database.
The RTS does not define clearly the role of the EBA/NCA registers. What is the process if the two registers are not in sync at the time of the TPP checking?
RTS does not define clearly the responsibilities of the different stakeholders, especially the EBA responsibilities. Who is responsible if the database is not update and this causes complaint, claim or fraud. Eg.: A TPP licence is withdrawn and its NCA database is updated properly. The NCA updates the EBA register with automated transmission which will be processed by the EBA within a day, so until then the EBA and the NCA registers are not in synch. Who takes the responsibilty in a fraudulent case if the transaction authorisation happened during this time period based on the EBA register? Atlernative solultion: Automated, continuous data process
Which kind of services should be considered as cross-border service?
What happens if a customer of an ASPSP from country ,B' uses an application of a TPP from country ,A' and the ASPSP detects fraudulent TPP activity. It has to report it to its own NCA in country ,B' which will inform country ,A' NCA and then it informs EBA OR country ,B' NCA can report it directly to EBA?
We suggest to preserve every service provider in the register which ever has a licence (no matter that it is already withdrawn)."
Question 1: Do you agree with the option the EBA has chosen regarding the transmission of information by NCAs to the EBA? If not, please provide your reasoning
No. Basic requirements: (1) data upload to the EBA register should be automated, (2) EBA register should be updated with NCA register changes automatically in real time, (3) EBA register should be machine readable with separate interface.EBA data validation and the checking of the service providers ahould be automated for proper operation. It seems acceptable to compound two solutions: daily data base update and immediate manual update in certain cases like disabling a TPP, set back the TPP status to authorized, etc.
Question 2: Do you agree with the proposed criteria and functionalities related to the search of information in the EBA Register? If not, please provide your reasoning.
No, We suppose that in case of any search criteria all information about search results will be shown.We propose the following additional search criterias:
- status of the natural or legal person (authorized/registered or withdrawn)
- date of authorization/registration
- expiry date of licence
- operational area
- the type of natural or legal person for payment institutions/ exempted payment institutions/ account information service providers/ electronic money institutions/ exempted electronic money institution
Question 3: Do you agree with the proposed non-functional requirements related to the operation of the EBA Register? If not, please provide your reasoning.
No. Availability: EBA Register should be accessible continuosly and automatic response is required.It is required to clearly define the process how operational issues can be reported to EBA. Defined EBA data process and response time, disaster recovery SLA are needed.
Question 4: Do you agree with the way how the EBA proposes to fulfil the mandate in terms of the natural and legal persons that will need to be included in the future EBA Register? If not, please provide your reasoning.
No. PISP, CISP roles are missing and AS PSPs (credit institution) either. Refer to the point 33 - from practical point of view it is necessary to include also all existing credit institutions as they have to also identify themselves in order to be able to consume clients date as licensed payment institution for PSD 2 services.Question 5: Do you agree with the option the EBA has chosen regarding the detail of information for the natural and legal persons that will be contained in the future EBA Register? If not, please provide your reasoning.
No. We propose to add contact details/ contact person or department which will handled for example investigation etc.Question 6: Do you agree with the EBA that the contact details, dates of authorisation/registration, and the services provided in the Host Member States, should not be included in the EBA register? If not, please provide your reasoning, which should also include the benefits for payment service users and other interested parties of having this information in the EBA Register.
No. It is required to have a central, standardized database as in case of urgency ASPSPs need to contact the counterparty without undue delay.Contact details, date of authorizationt and the service palette in the host state are required information.
TPPs operating in different EU countries provide cross-border services have to open different branches. Contact details of the brancher will obviously differ from the the ones of the parent, consequently these data should be added to the register.
Question 7: Do you agree with the extension of the information for the service providers excluded from the scope of the PSD2 that will be entered in the EBA register? If not, please provide your reasoning.
Yes.Question 8: Do you agree with the scope of the information on agents of payment institutions, exempted payment institutions, account information service providers, electronic money institutions and exempted electronic money institutions to be included in the EBA register? If not, please provide your reasoning.
Yes.Other comments:
Basic principles: (1) data upload to the EBA register should be automated, (2) EBA register should be updated with NCA register changes automatically in real time, (3) EBA register should be machine readable with separate interface. EBA data validation and the checking of the service providers ahould be automated for proper operation. The applications with ,,Account servicing payment service providers"", ,,payment institutions"", ,,account information service providers"" applications can't communicate with the EBA register with the suggested solution. We see the following to options to serve the incoming inquiries when EBA register check is required: (1) daily download from EBA register and automated, rel-time check in this copy database. This solution does not ensure the checking of the most recent version of the database.
(2) Manual check. This solution makes the inquiry handling impraticable. Both solutions are risky,impraticable and does not serve the spirit of the PSD2. Alternative solution: Machine readable database.
The RTS does not define clearly the role of the EBA/NCA registers. What is the process if the two registers are not in sync at the time of the TPP checking?
RTS does not define clearly the responsibilities of the different stakeholders, especially the EBA responsibilities. Who is responsible if the database is not update and this causes complaint, claim or fraud. Eg.: A TPP licence is withdrawn and its NCA database is updated properly. The NCA updates the EBA register with automated transmission which will be processed by the EBA within a day, so until then the EBA and the NCA registers are not in synch. Who takes the responsibilty in a fraudulent case if the transaction authorisation happened during this time period based on the EBA register? Atlernative solultion: Automated, continuous data process
Which kind of services should be considered as cross-border service?
What happens if a customer of an ASPSP from country ,B' uses an application of a TPP from country ,A' and the ASPSP detects fraudulent TPP activity. It has to report it to its own NCA in country ,B' which will inform country ,A' NCA and then it informs EBA OR country ,B' NCA can report it directly to EBA?
We suggest to preserve every service provider in the register which ever has a licence (no matter that it is already withdrawn)."