Danish Bankers' Association

- The Danish Bankers Association (DBA) welcomes the opportunity presented by the EBA to comment on the Consultation on the Guidelines
- In general, the DBA agrees with the requirement that competent authorities require undertakings to review.
- However, a recalculation annually seems to be arbitrary on the basis of general insurance renewals, and in the case of AISPs or PISPs a more frequent review is required preferable on a quarterly basis to ensure consumers are at all times protected as well as avoiding unintended additional allocation of risk capital for the banks.
- We do not agree with the formula.
- Risk factors are relevant on an overall level.
- But the tiers, indicative leveling and amounts assigned seem very arbitrary and far from insurance actuarial standards.
- The focus should instead be on a list of criteria directed at the insurance coverage (i.e. min. insurance sum, geographical scope, limitation on valid exceptions, procedural guidelines regarding handling of claims etc.), type and rating of insurance provider.
- The DBA would also recommend that either the basis for the established tiers (2,5% 5% 10% 25% and 40% ) is elaborated or that the EBA leaves it up to the insurance provider to grade the various risk according to their well tested models.
- Yes. We agree to the risk factors which should be looked upon and taken into account by the FSA when evaluating the entity, their activity and the corresponding insurance policy taken out.

- However, we do not agree with the calculations as they seem arbitrary and far too generic without sufficient use of actuarial principles.
- Yes. We agree to the risk factors which should be looked upon and taken into account by the FSA when evaluating the entity, their activity and the corresponding insurance policy taken out.

- However, we do not agree with the calculations as they seem arbitrary and far too generic without sufficient use of actuarial principles.
- Yes. We agree to the risk factors which should be looked upon and taken into account by the FSA when evaluating the entity, their activity and the corresponding insurance policy taken out.

- However, we do not agree with the calculations as they seem arbitrary and far too generic without sufficient use of actuarial principles.
- Yes. See above.
- Additionally, if the AISP has a breach of data which led to acts of fraud the liability could be significant. Under the General Data Protection Regulation (GDPR) Regulation EU 2016/679, the fines for a data breach will increase dramatically; a com-pany could be fined up to 4% of global annual turnover or EUR 20 million, whichever is greater. The indemnity insurance for AISPs should be able to cover this eventuality in the case of a very serious data breach.
- From a holistic viewpoint the DBA commends the EBA for acknowledging the need to ensure a level playing field through imposing a demand for financial assurance and capital adequacy by requiring a PI-insurance or comparable guarantee to be taken out by any AISP or PISP wishing to register within the EU.

- However, in doing so it is crucial that the expertise of risk assess-ment and the skill of underwriting complex risks remains with the insurance industry and is not erroneously imposed on the competent authorities in each of the member states.

- Safeguarding the necessary level of minimum monetary amounts under PSD2 could instead be constructed through a more general list of demands to the insurance provider, the coverage of the necessary insurance policy as well as mirroring the minimum threshold acceptable.

- We generally find that the minimum amounts do not correspond to the minimum insurance coverage available to the financial sector when it comes to PI-coverage. Acknowledging that AISPs and PISPs are not FI’s and that they might have a smaller business range setting the minimum threshold at EUR 50,000 seems far too low considering the potential fraud possibilities.
[Other "]"
[Other"]"
Jeanett Cameron
D