Response to consultation on the Technical Standards on the EBA Register under PSD2

Go back

Question 1: Do you agree with the option the EBA has chosen regarding the transmission of information by NCAs to the EBA? If not, please provide your reasoning

FBF understands the overall reasoning of the EBA on these proposed RTS and ITS based on articles 15(4) and 15(5) of PSD2. But FBF also clearly regrets that the EBA register will not be an operational directory to be used for identification purposes between ASPSPs and TPPS as requested in the RTS on SCA and CSC.
There is actually a real need for an operational and highly automated register to ensure operational TPPs identification checking in the non-contractual world of PSD2.
This is an essential building block for a thriving FinTech sector and a key enabler for the success of PSD2

The choice of the option regarding the automated transmission of information by National Central authorities (NCAs) is not an issue for ASPSPs. What is at stake for the FBF is that the EBA must commit for accuracy and correct updating of the data as transmitted by the competent authorities, as well as performance and usability.
Specifically in case of revocation of a PSP, the one-day updating timeframe makes the EBA register hardly useful (cf. article 11.6). Data validation in the central register should be then processed in real time (as for data manually transmitted).

Article 13 shows that the competent authorities are responsible for the information manually filled in or automatically provided to the application of the EBA’s register: this is of utmost importance to always have an accurate reflection between the information listed in the EBA register and the information listed in the national public registers.

The register must be used as a single source of reliable and accurate information.

About access by CA users, we would appreciate some clarification on the article 6 (2) about what is meant by “the other security credentials” following the 2 authentication factors. Indeed, security is key to ensure no false information is introduced in the EBA register.
A strong authentication of each National Central Authority user should then be requested.

Question 2: Do you agree with the proposed criteria and functionalities related to the search of information in the EBA Register? If not, please provide your reasoning.

It is imperative for the EBA Register to be machine readable if it is to be widely adopted by the PSD2 ecosystem and improve its transparency. The EBA Register should be seen as the main source of information for actors in the PSD2 ecosystem to check the permissions of other parties. If the EBA Register is not machine readable (or does not offer automated downloads of the full list as a fall-back option), it is likely that firms will develop manual processes for interrogating the Register. This would, in turn, increase risk in the ecosystem due to the potential for time delays and human error as well as have significant cost implications for participants.
Concerning search results, data should be provided in a machine-to-machine readable format as well as in accessible languages for users.
In addition, we would like EBA to consider the necessity for PSPs to download the complete EBA register at a pre-agreed periodicity. This will simplify the automatic extract of data (in a machine readable format), which then will reduce the number of access to EBA directory and help ensure a real time process.

Concerning article 7, public users are able to read, search and download the information contained in the register. We would like EBA to clarify the information provided by default when public users access the register.

We note in the article 19 that the list of the information provided for search result is very short and is less than the content of the register (e.g. no information provided on the countries where the TPP can operate).
We can understand this rationale for the search result of a public user but we believe that for professional users as PSPs, getting all information listed in the EBA register would be needed for their activity including information on the countries where PSPs are passported and for which activity (AIS/ PIS/ both).

Question 3: Do you agree with the proposed non-functional requirements related to the operation of the EBA Register? If not, please provide your reasoning.

In case of dispute with a TPP or a customer, there is a need for accessing the version of the register on the day the disputed transaction took place.
Consequently, ASPSPs should be able to ask EBA for information on the register at a precise date and hour in the past. We recommend the following amendment to article 17, adding a new paragraph 5: “EBA shall be able to send information contained in the register at a given date over a period of the last 13 months.”
At least, in particular for dispute resolution, EBA should be able to deliver an access to previous versions of the register over a period of 14 months to cover the 13 months capability of the user’s complaint for reimbursement.
Following the same reasoning, in case of dispute, we believe that National competent authorities (NCAs) should also keep a history over 13 months of their national files.

Question 4: Do you agree with the way how the EBA proposes to fulfil the mandate in terms of the natural and legal persons that will need to be included in the future EBA Register? If not, please provide your reasoning.

Recital 34 requests information regarding qualified certificates for each PSP for their AIS and PIS offers.
We regret that such critical information for ASPSPs was not taken into account.

We understand that the EBA electronic central register will not include credit institutions providing AIS and PIS.
We would encourage the EBA to include credit institutions who provide AIS and PIS services in the Register. It is important that the EBA Register serves as the single source of information for AISP and PISP permissions if it is to be meaningful and improve transparency in the PSD2 ecosystem.

As EBA is already maintaining a Credit Institution Register, such register should also be machine-to-machine readable with the same level of information as requested previously in our answer to Question 3 and the EBA should also provide the same access capability to previous versions over 13 months.

Question 5: Do you agree with the option the EBA has chosen regarding the detail of information for the natural and legal persons that will be contained in the future EBA Register? If not, please provide your reasoning.

As such, information contained in the EBA register are not sufficient for operational matters for ASPSPs. The preferred ASPSPs option would be “the more detailed information” one, and this on a common basis – nothing optional -.
As written in the answer to question #6, contact details of the institution (phone number and email address) as well as the services provided in the Host Member States should be included in the EBA register. Moreover, we do believe that all information needed for identification purposes between ASPSPs and TPPS as requested in the RTS on SCA and CSC should be added in the EBA register in order to have an operational EBA directory.

Question 6: Do you agree with the EBA that the contact details, dates of authorisation/registration, and the services provided in the Host Member States, should not be included in the EBA register? If not, please provide your reasoning, which should also include the benefits for payment service users and other interested parties of having this information in the EBA Register.

FBF believes that having the contact details of the institution (phone number and email address) as well as the services provided in the Host Member States, is essential as contractual relation between ASPSP and AISP or PISP is not mandatory.

Moreover it would be important that those data be shared in a standardised format.

Question 7: Do you agree with the extension of the information for the service providers excluded from the scope of the PSD2 that will be entered in the EBA register? If not, please provide your reasoning.

No comment

Question 8: Do you agree with the scope of the information on agents of payment institutions, exempted payment institutions, account information service providers, electronic money institutions and exempted electronic money institutions to be included in the EBA register? If not, please provide your reasoning.

Concerning the scope of information on agents, FBF believes that having contact details such as phone number and email address as well as the description of their role – list of payment services provided- must be requested.

Given that there are instances where PSP agents do not provide the whole set of services for which the respective PSP is authorised, we would favour the inclusion of the list of payment services provided by PSP agents in the EBA Register. The EBA should consider mandating the national competent authorities to collect and publish that information in their national registers. In our view, it is important that this information is included in the Register in order for it to serve as the single source of information on PSD2 participants’ permissions.

Please select which category best describes you and/or your organisation

[Credit Institution"]"

Name of organisation

French Banking Federation