figo GmbH (figo aims at becoming a regulated AISP/PISP and moreover acts as an IT Service Provider for other AISPs/PISPs as well as ASPSPs)
The option that was chosen by EBA is, from a figo point of view, not feasible.
The stipulated time frame of one day is not suitable for a quick and fast process and does not allow in-time display of register information. A collection on a daily basis instead of on an hourly basis can lead to processing a huge amount of transactions of banned payment service providers.
A central imperative of digital banking services is the performance of these services 24/7 and in real time. The option chosen, however, forces xs2a-obliged ASPSPs to rely on several national registers instead of a centralised one, which creates an unnecessary burden by needing additional time for decentralised register checks and correlation which will cause additional costs.
Another point that we would like to point out is the risk of human error that is inherent in all manual review processes and that could be avoided by means of full automation.
Therefore figo strongly recommends to reconsider the options and propose to opt for an approach that aims for automation and centralisation. As a minimum we would strongly recommend to explicitly mention full automation as a goal for further improvements and ideally set a time span in which the register needs to be fully automated.
figo agrees with the proposed criteria and functionalities related to the search of information in the EBA register. figo recommends to add the criteria “brand name” and “date of authorisation” to enable a faster search. Both information will help to find the right payment service provider.
figo agrees with the proposed non-functional requirements related to the operation of EBA register. figo recommends to define availability more precise, e.g. by providing percentages.. Furthermore contact information in case of potential incidents should be available in order to address issues with the EBA register. Furthermore only locations within the EU should be eligible for the processing and storage of information.
figo agrees with the way how the EBA proposes to fulfil the mandate in terms of the natural and legal persons that will need to be included in the future EBA register. figo recommends to introduce an EU wide SCA and CSC verification service (maybe with help of ENISA) to establish a central point of trust for all TPPs.
figo agrees with the option the EBA has chosen regarding the detail of information for the natural and legal persons that will be contained in the future EBA register.
figo does not agree with the EBA. This is due to the fact that contact details are necessary for ASPSPs to be able to get in touch with TPPs in the case of an incident. It would especially be important to make the contact details available in the register because according to PSD2 a contractual relationship between TPP and ASPSP is not necessary. Therefore we believe that the register would be the best option for ASPSPs to be provided with trustworthy contact details.
Furthermore to assist the technical identification of payment service providers the used IP addresses for provisioning of the service would be helpful.
figo agrees with the extension of the information for the service providers excluded from the scope of the PSD2 that will be entered in the EBA register.
figo agrees with the scope of the information on agents of payment institutions, exempted payment institutions, account information service providers, electronic money institutions and exempted electronic money institutions to be included in the EBA register.