Response to consultation on Guidelines on authorisation and registration under PSD2
Go back
In general, we think that the EBA Guidelines should develop and provide templates wherever feasible. These could be filled in by the applicants or in any case, be referred to and this would ensure a greater degree of standardisation.
Including this information in the PI application must be a prerequisite to filing it both on the Member State’s public registers (art. 14 PSD2) and on the electronic, central register of PIs, publicly available on EBA’s website pursuant to art. 15 of the PSD2.
In particular, in the event that a Payment Service User (PSU) denies having authorised an executed payment transaction which was initiated through a Payment Initiation Service Provider (PISP), the latter is liable for providing supporting evidence about the authorisation (art. 72 (2)). It would be difficult for the ASPSP to liase with the PISP and discuss in order to establish where the liability lies for any complaints and disputes if the contacts of the PI (which can be established in any EU member state) for the purpose were not readily available.
The Consultation Paper on the draft Regulatory Technical Standards (RTS) specifying the requirements on strong customer authentication and common and secure communication under PSD2” published by EBA last August, proposed mutual identification of PSPs through website certificates issued by a qualified trust service provider under an eIDAS policy.
If this approach is confirmed in the final version of the mentioned RTS, it becomes appropriate that information on the chosen “Qualified Trust Service Provider” is included in the PI application to provide payment initiation and account information services. Including this information in the PI application must be a prerequisite to filing it both on the Member State’s public registers and on the electronic, central register of PIs, publicly available on EBA’s website available for consultation and check.
Including this information in the application must be a prerequisite to filing it both on the Member State’s public registers (art. 14 PSD2) and on the electronic, central register of AISPs, publicly available on EBA’s website pursuant to art. 15 and 33 of the PSD2.
The Consultation Paper on the draft Regulatory Technical Standards (RTS) specifying the requirements on strong customer authentication and common and secure communication under PSD2” published by EBA last August, proposed mutual identification of PSPs through website certificates issued by a qualified trust service provider under an eIDAS policy.
If this approach is confirmed in the final version of the mentioned RTS, it becomes appropriate that information on the chosen “Qualified Trust Service Provider” is included in the application to provide account information services. Including this information in the application must be a prerequisite to filing it both on the Member State’s public registers and on the electronic, central register of PIs, publicly available on EBA’s website available for consultation and check.
Since according to Article 111 of PSD2 (Amendments to Directive 2009/110/EC) “[…] articles 11 to 17 […] shall apply to electronic money institutions mutatis mutandis”, we believe that the inclusion of the above mentioned information in the application must be a prerequisite for filing them both on the Member State’s public registers (art. 14 PSD2) and on on the electronic, central register of EMIs, publicly available on EBA’s website pursuant to art. 15 of the PSD2.
In particular, in the event that a PSU denies having authorised an executed payment transaction which was initiated through a Payment Initiation Service (PIS) provided by an EMI, the latter is liable for providing supporting evidence about the authorisation (art. 72 (2)). (art. 72 (2)). It would be difficult for the ASPSP to liase with the PISP and discuss in order to establish where the liability lies for any complaints and disputes if the contacts of the PISP/EMI (which can be established in any EU member state) for the purpose were not readily available.
The Consultation Paper on the draft Regulatory Technical Standards (RTS) specifying the requirements on strong customer authentication and common and secure communication under PSD2” published by EBA last August, proposed mutual identification of PSPs through website certificates issued by a qualified trust service provider under an eIDAS policy.
If this approach is confirmed in the final version of the mentioned RTS, it becomes appropriate that information on the chosen “Qualified Trust Service Provider” is included in the EMI application to provide payment initiation and account information services. Including this information in the application must be a prerequisite to filing it both on the Member State’s public registers and on the electronic, central register of EMIs, publicly available on EBA’s website available for consultation and check.
Question 2: Do you agree with the options the EBA has chosen regarding the identification of payment services by the applicant; the way information is to be submitted to the competent authority; the four-part structure of the Guidelines, and the inclusion of authorisation for electronic money institutions? If not, please provide your reasoning.
With reference to the EBA's choice outlined in point 17 which refers to the options illustrated in point 16, we believe that the inclusion of a list of examples (even if it is non-exhaustive) of payment services could be a useful instrument for the applicant and would enable it to identify with greater ease the type of payment service. This is particularly important in the event of new payment services, such as information and initiation services it provides. In our opinion, option b), which was discarded in the draft, is compatible with option a) (description of services) in point 16 and we suggest it be added to option a) in the final Guidelines. In other words, the list of examples in the Guidelines should not abolish the applicant's duty to provide a complete and in-depth description of the services it wishes to provide.In general, we think that the EBA Guidelines should develop and provide templates wherever feasible. These could be filled in by the applicants or in any case, be referred to and this would ensure a greater degree of standardisation.
Question 4: Do you agree with the Guidelines on information required from applicants for the authorisation as payment institutions for the provision of services 1-8 of Annex I of PSD2, as set out in chapter 4.1? If not, please provide your reasoning.
We believe that the contact points in the internal organisation to be used in the event of disputes or claims arising from payment transactions involving the Payment Institution (PI) should also be part of the required information for the authorisation application of the PI (possibily in Guideline 9). Thus any contact between the PI and the Account Servicing Payment Service Provider (ASPSP) would be facilitated.Including this information in the PI application must be a prerequisite to filing it both on the Member State’s public registers (art. 14 PSD2) and on the electronic, central register of PIs, publicly available on EBA’s website pursuant to art. 15 of the PSD2.
In particular, in the event that a Payment Service User (PSU) denies having authorised an executed payment transaction which was initiated through a Payment Initiation Service Provider (PISP), the latter is liable for providing supporting evidence about the authorisation (art. 72 (2)). It would be difficult for the ASPSP to liase with the PISP and discuss in order to establish where the liability lies for any complaints and disputes if the contacts of the PI (which can be established in any EU member state) for the purpose were not readily available.
The Consultation Paper on the draft Regulatory Technical Standards (RTS) specifying the requirements on strong customer authentication and common and secure communication under PSD2” published by EBA last August, proposed mutual identification of PSPs through website certificates issued by a qualified trust service provider under an eIDAS policy.
If this approach is confirmed in the final version of the mentioned RTS, it becomes appropriate that information on the chosen “Qualified Trust Service Provider” is included in the PI application to provide payment initiation and account information services. Including this information in the PI application must be a prerequisite to filing it both on the Member State’s public registers and on the electronic, central register of PIs, publicly available on EBA’s website available for consultation and check.
Question 5: Do you agree with the Guidelines on information required from applicants for registration for the provision of only service 8 of Annex I PSD2 (account information services), as set out in chapter 4.2? If not, please provide your reasoning.
We believe that the contact points in the internal organisation to be used in the event of disputes or claims involving the AISP for the information it displays should also be part of the required information for the registration application of the AISP (possibily in Guideline 7).Including this information in the application must be a prerequisite to filing it both on the Member State’s public registers (art. 14 PSD2) and on the electronic, central register of AISPs, publicly available on EBA’s website pursuant to art. 15 and 33 of the PSD2.
The Consultation Paper on the draft Regulatory Technical Standards (RTS) specifying the requirements on strong customer authentication and common and secure communication under PSD2” published by EBA last August, proposed mutual identification of PSPs through website certificates issued by a qualified trust service provider under an eIDAS policy.
If this approach is confirmed in the final version of the mentioned RTS, it becomes appropriate that information on the chosen “Qualified Trust Service Provider” is included in the application to provide account information services. Including this information in the application must be a prerequisite to filing it both on the Member State’s public registers and on the electronic, central register of PIs, publicly available on EBA’s website available for consultation and check.
Question 6: Do you agree with the Guidelines on information requirements for applicants for authorisation as electronic money institutions, as set out in chapter 4.3? If not, please provide your reasoning.
We believe that the contact points in the internal organisation of the Electronic Money Institution (EMI) should also be part of the required information for the authorisation application (possibly in Guideline 9). Thus, in the event of disputes or complaints involving an EMI any contact between the EMI and the Account Servicing Payment Service Provider (ASPSP) would be facilitated.Since according to Article 111 of PSD2 (Amendments to Directive 2009/110/EC) “[…] articles 11 to 17 […] shall apply to electronic money institutions mutatis mutandis”, we believe that the inclusion of the above mentioned information in the application must be a prerequisite for filing them both on the Member State’s public registers (art. 14 PSD2) and on on the electronic, central register of EMIs, publicly available on EBA’s website pursuant to art. 15 of the PSD2.
In particular, in the event that a PSU denies having authorised an executed payment transaction which was initiated through a Payment Initiation Service (PIS) provided by an EMI, the latter is liable for providing supporting evidence about the authorisation (art. 72 (2)). (art. 72 (2)). It would be difficult for the ASPSP to liase with the PISP and discuss in order to establish where the liability lies for any complaints and disputes if the contacts of the PISP/EMI (which can be established in any EU member state) for the purpose were not readily available.
The Consultation Paper on the draft Regulatory Technical Standards (RTS) specifying the requirements on strong customer authentication and common and secure communication under PSD2” published by EBA last August, proposed mutual identification of PSPs through website certificates issued by a qualified trust service provider under an eIDAS policy.
If this approach is confirmed in the final version of the mentioned RTS, it becomes appropriate that information on the chosen “Qualified Trust Service Provider” is included in the EMI application to provide payment initiation and account information services. Including this information in the application must be a prerequisite to filing it both on the Member State’s public registers and on the electronic, central register of EMIs, publicly available on EBA’s website available for consultation and check.